Source: CasPol.exe, 0000000A.00000002.219015661495.000000001DF51000.00000004.00000001.sdmp | String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: CasPol.exe, 0000000A.00000002.219015661495.000000001DF51000.00000004.00000001.sdmp | String found in binary or memory: http://DynDns.comDynDNS |
Source: CasPol.exe, 0000000A.00000002.219015661495.000000001DF51000.00000004.00000001.sdmp | String found in binary or memory: http://SukKLs.com |
Source: CasPol.exe, 0000000A.00000002.219005375157.00000000010E9000.00000004.00000020.sdmp, CasPol.exe, 0000000A.00000003.214542533887.00000000010EB000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.214536706012.00000000010EB000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.214542972543.00000000010ED000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.214536282271.00000000010F0000.00000004.00000001.sdmp | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: CasPol.exe, 0000000A.00000002.219005375157.00000000010E9000.00000004.00000020.sdmp, CasPol.exe, 0000000A.00000003.214542533887.00000000010EB000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.214536706012.00000000010EB000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.214542972543.00000000010ED000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.214536282271.00000000010F0000.00000004.00000001.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: Purchase Order PO20211027STK.exe | String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: Purchase Order PO20211027STK.exe, 00000002.00000002.213979895058.0000000000411000.00000004.00020000.sdmp, Purchase Order PO20211027STK.exe, 00000002.00000002.213979976030.0000000000426000.00000004.00020000.sdmp, SPORENE.exe.2.dr | String found in binary or memory: http://s.symcb.com/universal-root.crl0 |
Source: Purchase Order PO20211027STK.exe, 00000002.00000002.213979895058.0000000000411000.00000004.00020000.sdmp, Purchase Order PO20211027STK.exe, 00000002.00000002.213979976030.0000000000426000.00000004.00020000.sdmp, SPORENE.exe.2.dr | String found in binary or memory: http://s.symcd.com06 |
Source: CasPol.exe, 0000000A.00000002.219017335150.000000001E078000.00000004.00000001.sdmp | String found in binary or memory: http://smtp.construccionsjpallas.com |
Source: Purchase Order PO20211027STK.exe, 00000002.00000002.213979895058.0000000000411000.00000004.00020000.sdmp, Purchase Order PO20211027STK.exe, 00000002.00000002.213979976030.0000000000426000.00000004.00020000.sdmp, SPORENE.exe.2.dr | String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0( |
Source: Purchase Order PO20211027STK.exe, 00000002.00000002.213979895058.0000000000411000.00000004.00020000.sdmp, Purchase Order PO20211027STK.exe, 00000002.00000002.213979976030.0000000000426000.00000004.00020000.sdmp, SPORENE.exe.2.dr | String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0 |
Source: Purchase Order PO20211027STK.exe, 00000002.00000002.213979895058.0000000000411000.00000004.00020000.sdmp, Purchase Order PO20211027STK.exe, 00000002.00000002.213979976030.0000000000426000.00000004.00020000.sdmp, SPORENE.exe.2.dr | String found in binary or memory: http://ts-ocsp.ws.symantec.com0; |
Source: CasPol.exe, 0000000A.00000002.219015661495.000000001DF51000.00000004.00000001.sdmp | String found in binary or memory: https://api.ipify.org%4 |
Source: CasPol.exe, 0000000A.00000002.219015661495.000000001DF51000.00000004.00000001.sdmp | String found in binary or memory: https://api.ipify.org%GETMozilla/5.0 |
Source: CasPol.exe, 0000000A.00000002.219017335150.000000001E078000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.215446466845.000000001CDB1000.00000004.00000001.sdmp | String found in binary or memory: https://bBdyMHz8DHQmQ5qFFNz.net |
Source: Purchase Order PO20211027STK.exe, 00000002.00000002.213979895058.0000000000411000.00000004.00020000.sdmp, Purchase Order PO20211027STK.exe, 00000002.00000002.213979976030.0000000000426000.00000004.00020000.sdmp, SPORENE.exe.2.dr | String found in binary or memory: https://d.symcb.com/cps0% |
Source: Purchase Order PO20211027STK.exe, 00000002.00000002.213979895058.0000000000411000.00000004.00020000.sdmp, Purchase Order PO20211027STK.exe, 00000002.00000002.213979976030.0000000000426000.00000004.00020000.sdmp, SPORENE.exe.2.dr | String found in binary or memory: https://d.symcb.com/rpa0 |
Source: Purchase Order PO20211027STK.exe, 00000002.00000002.213979895058.0000000000411000.00000004.00020000.sdmp, Purchase Order PO20211027STK.exe, 00000002.00000002.213979976030.0000000000426000.00000004.00020000.sdmp, SPORENE.exe.2.dr | String found in binary or memory: https://d.symcb.com/rpa0. |
Source: CasPol.exe, 0000000A.00000003.214542972543.00000000010ED000.00000004.00000001.sdmp | String found in binary or memory: https://ervtqq.bl.files.1drv.com/ |
Source: CasPol.exe, 0000000A.00000003.214536706012.00000000010EB000.00000004.00000001.sdmp | String found in binary or memory: https://ervtqq.bl.files.1drv.com/. |
Source: CasPol.exe, 0000000A.00000002.219005375157.00000000010E9000.00000004.00000020.sdmp, CasPol.exe, 0000000A.00000003.214542533887.00000000010EB000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.214542972543.00000000010ED000.00000004.00000001.sdmp | String found in binary or memory: https://ervtqq.bl.files.1drv.com/y4mRWRDE7pcrW6w0EUTN84QjMAtO1dpCLEwXIJU8OszKkAmv-_nhkZHLAvXSNrUdeon |
Source: CasPol.exe, 0000000A.00000003.214542972543.00000000010ED000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.214536282271.00000000010F0000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.219005034724.00000000010A4000.00000004.00000020.sdmp | String found in binary or memory: https://ervtqq.bl.files.1drv.com/y4mjsZiy6S_ONFJ1Il5BkM5ipQEe7rgpRSJNcHXx-eH9OxEQcwqSz5uJCiVh7AEhgFP |
Source: CasPol.exe, 0000000A.00000002.219004779835.000000000106B000.00000004.00000020.sdmp | String found in binary or memory: https://onedrive.live.com/ |
Source: CasPol.exe, 0000000A.00000002.219005034724.00000000010A4000.00000004.00000020.sdmp | String found in binary or memory: https://onedrive.live.com/download?cid=5A15FDA1AE98540B&resid=5A15FDA1AE98540B%21126&authkey=AMKTKwd |
Source: CasPol.exe, 0000000A.00000002.219015661495.000000001DF51000.00000004.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exe | Code function: 2_2_004056DE GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, |
Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exe | Code function: 2_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exe | Code function: 2_2_0040755C |
Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exe | Code function: 2_2_00406D85 |
Source: C:\Users\user\AppData\Local\Temp\SPORENE.exe | Code function: 4_2_00401724 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_00BA0040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_00BA6908 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_00BA13B8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_00E41130 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_00E43A50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_00E44320 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_00E4CC90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_00E4BF30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_00E43708 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_0103DB50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_01035BC8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_0103BEF8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_010344F8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_01036610 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_013D5D18 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_013DBD40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_013DE808 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_013D0040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_013D6E40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_013DB808 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_013DBCE2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_014C8780 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_014C1B85 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_014C0C08 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_014C4E28 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_014CA308 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_014C0FB8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_1DED5E48 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_1DED470C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 10_2_1DED6B30 |
Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exe | Code function: 2_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\SPORENE.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\SPORENE.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\SPORENE.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\SPORENE.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\SPORENE.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\SPORENE.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\SPORENE.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: SPORENE.exe, 00000004.00000002.214568115742.00000000054F9000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.219007696569.0000000002CF9000.00000004.00000001.sdmp | Binary or memory string: Hyper-V Guest Shutdown Service |
Source: SPORENE.exe, 00000004.00000002.214568115742.00000000054F9000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.219007696569.0000000002CF9000.00000004.00000001.sdmp | Binary or memory string: Hyper-V Remote Desktop Virtualization Service |
Source: CasPol.exe, 0000000A.00000002.219007696569.0000000002CF9000.00000004.00000001.sdmp | Binary or memory string: vmicshutdown |
Source: SPORENE.exe, 00000004.00000002.214568115742.00000000054F9000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.219007696569.0000000002CF9000.00000004.00000001.sdmp | Binary or memory string: Hyper-V Volume Shadow Copy Requestor |
Source: SPORENE.exe, 00000004.00000002.214566939150.0000000004080000.00000004.00000001.sdmp | Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32APPDATA=windir=\Microsoft.NET\Framework\v4.0.30319\caspol.exe\syswow64\msvbvm60.dll |
Source: SPORENE.exe, 00000004.00000002.214568115742.00000000054F9000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.219007696569.0000000002CF9000.00000004.00000001.sdmp | Binary or memory string: Hyper-V PowerShell Direct Service |
Source: SPORENE.exe, 00000004.00000002.214568115742.00000000054F9000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.219007696569.0000000002CF9000.00000004.00000001.sdmp | Binary or memory string: Hyper-V Time Synchronization Service |
Source: CasPol.exe, 0000000A.00000002.219007696569.0000000002CF9000.00000004.00000001.sdmp | Binary or memory string: vmicvss |
Source: CasPol.exe, 0000000A.00000002.219004779835.000000000106B000.00000004.00000020.sdmp, CasPol.exe, 0000000A.00000002.219005284552.00000000010D8000.00000004.00000020.sdmp | Binary or memory string: Hyper-V RAW |
Source: CasPol.exe, 0000000A.00000002.219005991038.0000000001290000.00000004.00000001.sdmp | Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32APPDATA=https://onedrive.live.com/download?cid=5A15FDA1AE98540B&resid=5A15FDA1AE98540B%21126&authkey=AMKTKwdfsBDEH_E |
Source: SPORENE.exe, 00000004.00000002.214566939150.0000000004080000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.219005991038.0000000001290000.00000004.00000001.sdmp | Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: SPORENE.exe, 00000004.00000002.214568115742.00000000054F9000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.219007696569.0000000002CF9000.00000004.00000001.sdmp | Binary or memory string: Hyper-V Data Exchange Service |
Source: SPORENE.exe, 00000004.00000002.214568115742.00000000054F9000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.219007696569.0000000002CF9000.00000004.00000001.sdmp | Binary or memory string: Hyper-V Heartbeat Service |
Source: SPORENE.exe, 00000004.00000002.214565667753.0000000001AE3000.00000004.00000020.sdmp | Binary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: SPORENE.exe, 00000004.00000002.214568115742.00000000054F9000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.219007696569.0000000002CF9000.00000004.00000001.sdmp | Binary or memory string: Hyper-V Guest Service Interface |
Source: CasPol.exe, 0000000A.00000002.219007696569.0000000002CF9000.00000004.00000001.sdmp | Binary or memory string: vmicheartbeat |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exe | Code function: 2_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |