Source: CasPol.exe, 00000005.00000002.29215652303.000000001E1A1000.00000004.00000001.sdmp | String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: CasPol.exe, 00000005.00000002.29215652303.000000001E1A1000.00000004.00000001.sdmp | String found in binary or memory: http://DynDns.comDynDNS |
Source: FACTURAS.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: FACTURAS.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: CasPol.exe, 00000005.00000002.29204489618.0000000001299000.00000004.00000020.sdmp, CasPol.exe, 00000005.00000002.29216862860.000000001E2AE000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29221772369.00000000203D9000.00000004.00000001.sdmp | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: CasPol.exe, 00000005.00000003.24568903553.00000000012C3000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.24569225634.00000000012BE000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.24573156423.00000000012BE000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29204597889.00000000012AA000.00000004.00000020.sdmp, CasPol.exe, 00000005.00000003.24573675447.00000000012C1000.00000004.00000001.sdmp | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: CasPol.exe, 00000005.00000002.29216862860.000000001E2AE000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29222008475.0000000020415000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29221772369.00000000203D9000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29221327917.0000000020340000.00000004.00000001.sdmp | String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q |
Source: CasPol.exe, 00000005.00000002.29204489618.0000000001299000.00000004.00000020.sdmp, CasPol.exe, 00000005.00000002.29216862860.000000001E2AE000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29221772369.00000000203D9000.00000004.00000001.sdmp | String found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthority.crl0 |
Source: CasPol.exe, 00000005.00000003.24568903553.00000000012C3000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.24569225634.00000000012BE000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.24573156423.00000000012BE000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29204597889.00000000012AA000.00000004.00000020.sdmp, CasPol.exe, 00000005.00000003.24573675447.00000000012C1000.00000004.00000001.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: FACTURAS.exe | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: FACTURAS.exe | String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: FACTURAS.exe | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: FACTURAS.exe | String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: CasPol.exe, 00000005.00000002.29216862860.000000001E2AE000.00000004.00000001.sdmp | String found in binary or memory: http://furteksdokuma.com.tr |
Source: CasPol.exe, 00000005.00000002.29215652303.000000001E1A1000.00000004.00000001.sdmp | String found in binary or memory: http://kFWRbv.com |
Source: CasPol.exe, 00000005.00000002.29216862860.000000001E2AE000.00000004.00000001.sdmp | String found in binary or memory: http://mail.furteksdokuma.com.tr |
Source: CasPol.exe, 00000005.00000002.29204489618.0000000001299000.00000004.00000020.sdmp, CasPol.exe, 00000005.00000002.29216862860.000000001E2AE000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29222008475.0000000020415000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29221772369.00000000203D9000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29221327917.0000000020340000.00000004.00000001.sdmp | String found in binary or memory: http://ocsp.comodoca.com0 |
Source: FACTURAS.exe | String found in binary or memory: http://ocsp.digicert.com0C |
Source: FACTURAS.exe | String found in binary or memory: http://ocsp.digicert.com0O |
Source: FACTURAS.exe | String found in binary or memory: http://www.digicert.com/CPS0 |
Source: CasPol.exe, 00000005.00000002.29216704229.000000001E298000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.25508640034.000000001CFE1000.00000004.00000001.sdmp | String found in binary or memory: https://Z655gVkuIZnhDyQfI.net |
Source: CasPol.exe, 00000005.00000002.29216704229.000000001E298000.00000004.00000001.sdmp | String found in binary or memory: https://Z655gVkuIZnhDyQfI.nett- |
Source: CasPol.exe, 00000005.00000003.24569436789.00000000012F1000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.24569082493.00000000012F1000.00000004.00000001.sdmp | String found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/ |
Source: CasPol.exe, 00000005.00000003.24569436789.00000000012F1000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.24569082493.00000000012F1000.00000004.00000001.sdmp | String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gse_l9ocaq |
Source: CasPol.exe, 00000005.00000002.29204294337.0000000001276000.00000004.00000020.sdmp, CasPol.exe, 00000005.00000003.24569225634.00000000012BE000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.24573156423.00000000012BE000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.24573675447.00000000012C1000.00000004.00000001.sdmp | String found in binary or memory: https://doc-0c-6k-docs.googleusercontent.com/ |
Source: CasPol.exe, 00000005.00000003.24573939884.00000000012F1000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29204597889.00000000012AA000.00000004.00000020.sdmp | String found in binary or memory: https://doc-0c-6k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/8005s8f1 |
Source: CasPol.exe, 00000005.00000002.29203974975.0000000001238000.00000004.00000020.sdmp | String found in binary or memory: https://drive.google.com/ |
Source: CasPol.exe, 00000005.00000002.29203974975.0000000001238000.00000004.00000020.sdmp | String found in binary or memory: https://drive.google.com/H |
Source: CasPol.exe, 00000005.00000002.29205726663.0000000001450000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.24569225634.00000000012BE000.00000004.00000001.sdmp | String found in binary or memory: https://drive.google.com/uc?export=download&id=11UpsPasq_HHo9riShtDnotSECFd2czsi |
Source: CasPol.exe, 00000005.00000002.29216365649.000000001E247000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29215652303.000000001E1A1000.00000004.00000001.sdmp | String found in binary or memory: https://login.live.com/ |
Source: CasPol.exe, 00000005.00000002.29215652303.000000001E1A1000.00000004.00000001.sdmp | String found in binary or memory: https://login.live.com// |
Source: CasPol.exe, 00000005.00000002.29215652303.000000001E1A1000.00000004.00000001.sdmp | String found in binary or memory: https://login.live.com/https://login.live.com/ |
Source: CasPol.exe, 00000005.00000002.29215652303.000000001E1A1000.00000004.00000001.sdmp | String found in binary or memory: https://login.live.com/v104 |
Source: CasPol.exe, 00000005.00000002.29204489618.0000000001299000.00000004.00000020.sdmp, CasPol.exe, 00000005.00000002.29216862860.000000001E2AE000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29221772369.00000000203D9000.00000004.00000001.sdmp | String found in binary or memory: https://sectigo.com/CPS0 |
Source: CasPol.exe, 00000005.00000002.29216365649.000000001E247000.00000004.00000001.sdmp | String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash |
Source: FACTURAS.exe | String found in binary or memory: https://www.digicert.com/CPS0 |
Source: CasPol.exe, 00000005.00000002.29215652303.000000001E1A1000.00000004.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\FACTURAS.exe | Code function: 1_2_00403540 |
Source: C:\Users\user\Desktop\FACTURAS.exe | Code function: 1_2_023B086B |
Source: C:\Users\user\Desktop\FACTURAS.exe | Code function: 1_2_023B00B5 |
Source: C:\Users\user\Desktop\FACTURAS.exe | Code function: 1_2_023B02A1 |
Source: C:\Users\user\Desktop\FACTURAS.exe | Code function: 1_2_023B1AE1 |
Source: C:\Users\user\Desktop\FACTURAS.exe | Code function: 1_2_023B1AD8 |
Source: C:\Users\user\Desktop\FACTURAS.exe | Code function: 1_2_023B0385 |
Source: C:\Users\user\Desktop\FACTURAS.exe | Code function: 1_2_023B05F5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00DB0040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00DB6988 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00DB1420 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_01044320 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_01043A50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_0104BA50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_0104F758 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_0104C7B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_01043708 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_011179D4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_0136A9F8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_01368490 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_01368F20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_01361D28 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_01366270 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_01572D00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_015719B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_01577428 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_01578BD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_0157E7F8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_01577E60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_0157DED5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_0157D2E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_0157A940 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_0157A9A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_01570040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_0157C380 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_01575E90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_01730040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_017350F8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_01736C78 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_01736048 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_1E015E08 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_1E0146C4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_1E016AF1 |
Source: C:\Users\user\Desktop\FACTURAS.exe | Code function: 1_2_0040A86B push ebx; retf |
Source: C:\Users\user\Desktop\FACTURAS.exe | Code function: 1_2_0040A00A push EDF1CA21h; ret |
Source: C:\Users\user\Desktop\FACTURAS.exe | Code function: 1_2_00409212 push ecx; retf |
Source: C:\Users\user\Desktop\FACTURAS.exe | Code function: 1_2_00404AC6 push ebp; ret |
Source: C:\Users\user\Desktop\FACTURAS.exe | Code function: 1_2_00404AD5 push cs; iretd |
Source: C:\Users\user\Desktop\FACTURAS.exe | Code function: 1_2_0040A2B2 push ss; retf |
Source: C:\Users\user\Desktop\FACTURAS.exe | Code function: 1_2_00406DF9 push edi; iretd |
Source: C:\Users\user\Desktop\FACTURAS.exe | Code function: 1_2_023B1C3F push EBA42B5Fh; ret |
Source: C:\Users\user\Desktop\FACTURAS.exe | Code function: 1_2_023B371C push eax; iretd |
Source: C:\Users\user\Desktop\FACTURAS.exe | Code function: 1_2_023B335A push eax; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_01733D0A push eax; retf |
Source: C:\Users\user\Desktop\FACTURAS.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\FACTURAS.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\FACTURAS.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: FACTURAS.exe, 00000001.00000002.24599285509.0000000002D09000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29207543959.0000000002F29000.00000004.00000001.sdmp | Binary or memory string: Hyper-V Guest Shutdown Service |
Source: CasPol.exe, 00000005.00000002.29205726663.0000000001450000.00000004.00000001.sdmp | Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32APPDATA=https://drive.google.com/uc?export=download&id=11UpsPasq_HHo9riShtDnotSECFd2czsi |
Source: FACTURAS.exe, 00000001.00000002.24599285509.0000000002D09000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29207543959.0000000002F29000.00000004.00000001.sdmp | Binary or memory string: Hyper-V Remote Desktop Virtualization Service |
Source: CasPol.exe, 00000005.00000002.29207543959.0000000002F29000.00000004.00000001.sdmp | Binary or memory string: vmicshutdown |
Source: FACTURAS.exe, 00000001.00000002.24599285509.0000000002D09000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29207543959.0000000002F29000.00000004.00000001.sdmp | Binary or memory string: Hyper-V Volume Shadow Copy Requestor |
Source: FACTURAS.exe, 00000001.00000002.24596626412.00000000006ED000.00000004.00000020.sdmp | Binary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: FACTURAS.exe, 00000001.00000002.24599285509.0000000002D09000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29207543959.0000000002F29000.00000004.00000001.sdmp | Binary or memory string: Hyper-V PowerShell Direct Service |
Source: FACTURAS.exe, 00000001.00000002.24599285509.0000000002D09000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29207543959.0000000002F29000.00000004.00000001.sdmp | Binary or memory string: Hyper-V Time Synchronization Service |
Source: CasPol.exe, 00000005.00000002.29207543959.0000000002F29000.00000004.00000001.sdmp | Binary or memory string: vmicvss |
Source: CasPol.exe, 00000005.00000002.29204294337.0000000001276000.00000004.00000020.sdmp, CasPol.exe, 00000005.00000002.29204597889.00000000012AA000.00000004.00000020.sdmp | Binary or memory string: Hyper-V RAW |
Source: CasPol.exe, 00000005.00000002.29203974975.0000000001238000.00000004.00000020.sdmp | Binary or memory string: Hyper-V RAW( |
Source: FACTURAS.exe, 00000001.00000002.24599167037.0000000002C40000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29205726663.0000000001450000.00000004.00000001.sdmp | Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: FACTURAS.exe, 00000001.00000002.24599285509.0000000002D09000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29207543959.0000000002F29000.00000004.00000001.sdmp | Binary or memory string: Hyper-V Data Exchange Service |
Source: FACTURAS.exe, 00000001.00000002.24599285509.0000000002D09000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29207543959.0000000002F29000.00000004.00000001.sdmp | Binary or memory string: Hyper-V Heartbeat Service |
Source: FACTURAS.exe, 00000001.00000002.24599285509.0000000002D09000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29207543959.0000000002F29000.00000004.00000001.sdmp | Binary or memory string: Hyper-V Guest Service Interface |
Source: CasPol.exe, 00000005.00000002.29207543959.0000000002F29000.00000004.00000001.sdmp | Binary or memory string: vmicheartbeat |
Source: FACTURAS.exe, 00000001.00000002.24599167037.0000000002C40000.00000004.00000001.sdmp | Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32APPDATA=windir=\Microsoft.NET\Framework\v4.0.30319\caspol.exe\syswow64\msvbvm60.dllwindir=\Microsoft.NET\Framework\v4.0.30319\caspol.exe\syswow64\msvbvm60.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |