Source: CasPol.exe, 00000006.00000002.49393551309.000000001DF21000.00000004.00000001.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: CasPol.exe, 00000006.00000002.49393551309.000000001DF21000.00000004.00000001.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: CasPol.exe, 00000006.00000002.49393551309.000000001DF21000.00000004.00000001.sdmp |
String found in binary or memory: http://OXDyLI.com |
Source: CasPol.exe, 00000006.00000002.49394738859.000000001E039000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49400309022.00000000201E8000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49402362009.00000000214E0000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49383099264.00000000010A6000.00000004.00000020.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: CasPol.exe, 00000006.00000003.45582358032.000000000111A000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000003.44653998064.000000000112E000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49383620135.000000000111A000.00000004.00000020.sdmp, CasPol.exe, 00000006.00000003.44648752092.000000000112E000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000003.44654319009.0000000001130000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: CasPol.exe, 00000006.00000002.49394738859.000000001E039000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49400309022.00000000201E8000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49402362009.00000000214E0000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49400570275.000000002021D000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q |
Source: CasPol.exe, 00000006.00000002.49394738859.000000001E039000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49400309022.00000000201E8000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49400570275.000000002021D000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthority.crl0 |
Source: CasPol.exe, 00000006.00000003.45582358032.000000000111A000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000003.44653998064.000000000112E000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49383620135.000000000111A000.00000004.00000020.sdmp, CasPol.exe, 00000006.00000003.44648752092.000000000112E000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000003.44654319009.0000000001130000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: CasPol.exe, 00000006.00000002.49394738859.000000001E039000.00000004.00000001.sdmp |
String found in binary or memory: http://furteksdokuma.com.tr |
Source: CasPol.exe, 00000006.00000002.49394738859.000000001E039000.00000004.00000001.sdmp |
String found in binary or memory: http://mail.furteksdokuma.com.tr |
Source: CasPol.exe, 00000006.00000002.49394738859.000000001E039000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49400309022.00000000201E8000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49402362009.00000000214E0000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49400570275.000000002021D000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49383099264.00000000010A6000.00000004.00000020.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0 |
Source: CasPol.exe, 00000006.00000002.49394572073.000000001E018000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49394738859.000000001E039000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000003.45584258822.000000001CDE1000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49394924557.000000001E065000.00000004.00000001.sdmp |
String found in binary or memory: http://yjmpHNwxHQcW4vG64IN.com |
Source: CasPol.exe, 00000006.00000002.49394572073.000000001E018000.00000004.00000001.sdmp |
String found in binary or memory: http://yjmpHNwxHQcW4vG64IN.comt- |
Source: CasPol.exe, 00000006.00000003.44648752092.000000000112E000.00000004.00000001.sdmp |
String found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/ |
Source: CasPol.exe, 00000006.00000003.44648752092.000000000112E000.00000004.00000001.sdmp |
String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gse_l9ocaq |
Source: CasPol.exe, 00000006.00000003.44649168355.0000000001174000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000003.45582358032.000000000111A000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000003.44653998064.000000000112E000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49383620135.000000000111A000.00000004.00000020.sdmp, CasPol.exe, 00000006.00000003.44648752092.000000000112E000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000003.44654319009.0000000001130000.00000004.00000001.sdmp |
String found in binary or memory: https://doc-08-9o-docs.googleusercontent.com/ |
Source: CasPol.exe, 00000006.00000003.45582358032.000000000111A000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49383620135.000000000111A000.00000004.00000020.sdmp |
String found in binary or memory: https://doc-08-9o-docs.googleusercontent.com/C= |
Source: CasPol.exe, 00000006.00000003.44648752092.000000000112E000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000003.44654319009.0000000001130000.00000004.00000001.sdmp |
String found in binary or memory: https://doc-08-9o-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/ga7kf072 |
Source: CasPol.exe, 00000006.00000003.44653998064.000000000112E000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000003.44654319009.0000000001130000.00000004.00000001.sdmp |
String found in binary or memory: https://doc-08-9o-docs.googleusercontent.com/mond1 |
Source: CasPol.exe, 00000006.00000003.45582109060.00000000010ED000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49383368510.00000000010E9000.00000004.00000020.sdmp, CasPol.exe, 00000006.00000002.49383099264.00000000010A6000.00000004.00000020.sdmp |
String found in binary or memory: https://drive.google.com/ |
Source: CasPol.exe, 00000006.00000002.49383099264.00000000010A6000.00000004.00000020.sdmp |
String found in binary or memory: https://drive.google.com/s |
Source: CasPol.exe, 00000006.00000002.49382267477.0000000000B50000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49383368510.00000000010E9000.00000004.00000020.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1iiNs60l202FEGNx6v3EUfjeUKv3OYnXz |
Source: CasPol.exe, 00000006.00000003.44648752092.000000000112E000.00000004.00000001.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1iiNs60l202FEGNx6v3EUfjeUKv3OYnXzL9yXV0dnDBBTu9pZE |
Source: CasPol.exe, 00000006.00000002.49394738859.000000001E039000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49400309022.00000000201E8000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49400570275.000000002021D000.00000004.00000001.sdmp |
String found in binary or memory: https://sectigo.com/CPS0 |
Source: CasPol.exe, 00000006.00000002.49393551309.000000001DF21000.00000004.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Code function: 1_2_004047F9 |
1_2_004047F9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00E41130 |
6_2_00E41130 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00E43A50 |
6_2_00E43A50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00E4BA58 |
6_2_00E4BA58 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00E44320 |
6_2_00E44320 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00E4C7B8 |
6_2_00E4C7B8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00E43708 |
6_2_00E43708 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00E56D90 |
6_2_00E56D90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00E507E0 |
6_2_00E507E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17DF0 |
6_2_00F17DF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17DFC |
6_2_00F17DFC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17DE4 |
6_2_00F17DE4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17DD8 |
6_2_00F17DD8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17DC0 |
6_2_00F17DC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17DCC |
6_2_00F17DCC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17DB4 |
6_2_00F17DB4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17DA8 |
6_2_00F17DA8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17D90 |
6_2_00F17D90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17D9C |
6_2_00F17D9C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17D84 |
6_2_00F17D84 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17D78 |
6_2_00F17D78 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17EF8 |
6_2_00F17EF8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17EE0 |
6_2_00F17EE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17EEC |
6_2_00F17EEC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17ED4 |
6_2_00F17ED4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17EC8 |
6_2_00F17EC8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17EB0 |
6_2_00F17EB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17EBC |
6_2_00F17EBC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17EA4 |
6_2_00F17EA4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17E98 |
6_2_00F17E98 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17E80 |
6_2_00F17E80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17E8C |
6_2_00F17E8C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17E74 |
6_2_00F17E74 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17E68 |
6_2_00F17E68 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17E50 |
6_2_00F17E50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17E5C |
6_2_00F17E5C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17E44 |
6_2_00F17E44 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17E38 |
6_2_00F17E38 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17E20 |
6_2_00F17E20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17E2C |
6_2_00F17E2C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17E14 |
6_2_00F17E14 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17E08 |
6_2_00F17E08 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17FC4 |
6_2_00F17FC4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17FB8 |
6_2_00F17FB8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17FA0 |
6_2_00F17FA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17FAC |
6_2_00F17FAC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17F94 |
6_2_00F17F94 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17F88 |
6_2_00F17F88 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17F70 |
6_2_00F17F70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17F7C |
6_2_00F17F7C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17F64 |
6_2_00F17F64 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17F58 |
6_2_00F17F58 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17F40 |
6_2_00F17F40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17F4C |
6_2_00F17F4C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17F34 |
6_2_00F17F34 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17F28 |
6_2_00F17F28 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17F10 |
6_2_00F17F10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17F1C |
6_2_00F17F1C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_00F17F04 |
6_2_00F17F04 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_012AA4E8 |
6_2_012AA4E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_012AB8D0 |
6_2_012AB8D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_012ABB0A |
6_2_012ABB0A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_012A5E70 |
6_2_012A5E70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_012A8130 |
6_2_012A8130 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_012A3330 |
6_2_012A3330 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_012E9558 |
6_2_012E9558 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_012E2DA8 |
6_2_012E2DA8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_012EC8E8 |
6_2_012EC8E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_012E7BD8 |
6_2_012E7BD8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_012E1BD0 |
6_2_012E1BD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_012EEE96 |
6_2_012EEE96 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_012E8DA8 |
6_2_012E8DA8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_012EA5A0 |
6_2_012EA5A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_012E7330 |
6_2_012E7330 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_012E6F90 |
6_2_012E6F90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_1CF64C48 |
6_2_1CF64C48 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_1CF61C08 |
6_2_1CF61C08 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_1CF617C0 |
6_2_1CF617C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_1CF6A1E8 |
6_2_1CF6A1E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_1CF663D0 |
6_2_1CF663D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_1DD75E08 |
6_2_1DD75E08 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_1DD746C4 |
6_2_1DD746C4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_1DD75D20 |
6_2_1DD75D20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_1DD76AF1 |
6_2_1DD76AF1 |
Source: unknown |
Process created: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe "C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe" |
|
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe" |
|
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe" |
|
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe" |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe" |
Jump to behavior |
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe" |
Jump to behavior |
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe" |
Jump to behavior |
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Code function: 1_2_0040756B push 934A6E33h; ret |
1_2_00407576 |
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Code function: 1_2_0040611D push 9754E4D4h; ret |
1_2_00406122 |
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Code function: 1_2_00409A3E push B1F2CAE9h; ret |
1_2_00409A4D |
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Code function: 1_2_00405B8B push cs; retf |
1_2_00405B8D |
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Code function: 1_2_023322C1 push cs; iretd |
1_2_023322C2 |
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Code function: 1_2_02332716 push es; iretd |
1_2_0233284C |
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Code function: 1_2_02332B57 push es; iretd |
1_2_02332B58 |
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Code function: 1_2_0233281E push es; iretd |
1_2_0233284C |
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Code function: 1_2_02334470 pushfd ; iretd |
1_2_02334471 |
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Code function: 1_2_023334C5 push ebp; retf |
1_2_023334C8 |
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Code function: 1_2_023349C1 pushfd ; iretd |
1_2_023349C9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 6_2_1CF65658 pushfd ; retf |
6_2_1CF65659 |
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: Scanned Payment Copy00024.scr.exe, 00000001.00000002.44679850654.0000000003AB9000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49385615222.0000000002D29000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Guest Shutdown Service |
Source: Scanned Payment Copy00024.scr.exe, 00000001.00000002.44679850654.0000000003AB9000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49385615222.0000000002D29000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Remote Desktop Virtualization Service |
Source: CasPol.exe, 00000006.00000002.49385615222.0000000002D29000.00000004.00000001.sdmp |
Binary or memory string: vmicshutdown |
Source: Scanned Payment Copy00024.scr.exe, 00000001.00000002.44679850654.0000000003AB9000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49385615222.0000000002D29000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Volume Shadow Copy Requestor |
Source: Scanned Payment Copy00024.scr.exe, 00000001.00000002.44679766383.00000000039F0000.00000004.00000001.sdmp |
Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32APPDATA=windir=\Microsoft.NET\Framework\v4.0.30319\caspol.exe\syswow64\msvbvm60.dllwindir=\Microsoft.NET\Framework\v4.0.30319\caspol.exe\syswow64\msvbvm60.dllwindir=\Microsoft.NET\Framework\v4.0.30319\caspol.exe\syswow64\msvbvm60.dll |
Source: Scanned Payment Copy00024.scr.exe, 00000001.00000002.44679850654.0000000003AB9000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49385615222.0000000002D29000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V PowerShell Direct Service |
Source: Scanned Payment Copy00024.scr.exe, 00000001.00000002.44679850654.0000000003AB9000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49385615222.0000000002D29000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Time Synchronization Service |
Source: CasPol.exe, 00000006.00000002.49385615222.0000000002D29000.00000004.00000001.sdmp |
Binary or memory string: vmicvss |
Source: CasPol.exe, 00000006.00000003.45582358032.000000000111A000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49383620135.000000000111A000.00000004.00000020.sdmp, CasPol.exe, 00000006.00000002.49383099264.00000000010A6000.00000004.00000020.sdmp |
Binary or memory string: Hyper-V RAW |
Source: CasPol.exe, 00000006.00000002.49382267477.0000000000B50000.00000004.00000001.sdmp |
Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32APPDATA=https://drive.google.com/uc?export=download&id=1iiNs60l202FEGNx6v3EUfjeUKv3OYnXz |
Source: Scanned Payment Copy00024.scr.exe, 00000001.00000002.44679766383.00000000039F0000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49382267477.0000000000B50000.00000004.00000001.sdmp |
Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: Scanned Payment Copy00024.scr.exe, 00000001.00000002.44679850654.0000000003AB9000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49385615222.0000000002D29000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Data Exchange Service |
Source: Scanned Payment Copy00024.scr.exe, 00000001.00000002.44679850654.0000000003AB9000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49385615222.0000000002D29000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Heartbeat Service |
Source: Scanned Payment Copy00024.scr.exe, 00000001.00000002.44679850654.0000000003AB9000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.49385615222.0000000002D29000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Guest Service Interface |
Source: Scanned Payment Copy00024.scr.exe, 00000001.00000002.44677293770.0000000000643000.00000004.00000020.sdmp |
Binary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: CasPol.exe, 00000006.00000002.49385615222.0000000002D29000.00000004.00000001.sdmp |
Binary or memory string: vmicheartbeat |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |