Source: CasPol.exe, 00000004.00000002.112539654959.000000001E611000.00000004.00000001.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: CasPol.exe, 00000004.00000002.112539654959.000000001E611000.00000004.00000001.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: Transferencia_29_11_2021 17.03.39.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: Transferencia_29_11_2021 17.03.39.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: CasPol.exe, 00000004.00000002.112540848121.000000001E71E000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112538365456.000000001E2D9000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: CasPol.exe, 00000004.00000003.107766671407.0000000001696000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112529238577.000000000167D000.00000004.00000020.sdmp, CasPol.exe, 00000004.00000003.108700537691.000000000167D000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000003.107772204438.0000000001690000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: CasPol.exe, 00000004.00000002.112540848121.000000001E71E000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112538365456.000000001E2D9000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q |
Source: CasPol.exe, 00000004.00000002.112540848121.000000001E71E000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112538365456.000000001E2D9000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthority.crl0 |
Source: CasPol.exe, 00000004.00000003.107766671407.0000000001696000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112529238577.000000000167D000.00000004.00000020.sdmp, CasPol.exe, 00000004.00000003.108700537691.000000000167D000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000003.107772204438.0000000001690000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: Transferencia_29_11_2021 17.03.39.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: Transferencia_29_11_2021 17.03.39.exe |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: Transferencia_29_11_2021 17.03.39.exe |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: Transferencia_29_11_2021 17.03.39.exe |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: CasPol.exe, 00000004.00000002.112540848121.000000001E71E000.00000004.00000001.sdmp |
String found in binary or memory: http://csavarcsapagyexpress.hu |
Source: CasPol.exe, 00000004.00000003.107779643806.000000001E286000.00000004.00000001.sdmp |
String found in binary or memory: http://go.micF. |
Source: CasPol.exe, 00000004.00000002.112540848121.000000001E71E000.00000004.00000001.sdmp |
String found in binary or memory: http://mail.csavarcsapagyexpress.hu |
Source: CasPol.exe, 00000004.00000002.112540848121.000000001E71E000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112538365456.000000001E2D9000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0 |
Source: Transferencia_29_11_2021 17.03.39.exe |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: Transferencia_29_11_2021 17.03.39.exe |
String found in binary or memory: http://ocsp.digicert.com0O |
Source: CasPol.exe, 00000004.00000002.112539654959.000000001E611000.00000004.00000001.sdmp |
String found in binary or memory: http://rTgNdy.com |
Source: Transferencia_29_11_2021 17.03.39.exe |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: CasPol.exe, 00000004.00000002.112539654959.000000001E611000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112541174009.000000001E74A000.00000004.00000001.sdmp |
String found in binary or memory: http://x7N6F9gC7jnN7HPYuUB7.net |
Source: CasPol.exe, 00000004.00000003.107766671407.0000000001696000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000003.107766583519.0000000001689000.00000004.00000001.sdmp |
String found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/ |
Source: CasPol.exe, 00000004.00000003.107766671407.0000000001696000.00000004.00000001.sdmp |
String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gse_l9ocaq |
Source: CasPol.exe, 00000004.00000003.107766671407.0000000001696000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112528985934.0000000001647000.00000004.00000020.sdmp, CasPol.exe, 00000004.00000003.107772204438.0000000001690000.00000004.00000001.sdmp |
String found in binary or memory: https://doc-08-6k-docs.googleusercontent.com/ |
Source: CasPol.exe, 00000004.00000002.112528985934.0000000001647000.00000004.00000020.sdmp |
String found in binary or memory: https://doc-08-6k-docs.googleusercontent.com/F |
Source: CasPol.exe, 00000004.00000003.107766671407.0000000001696000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112529238577.000000000167D000.00000004.00000020.sdmp, CasPol.exe, 00000004.00000003.107766618786.0000000001691000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000003.107766583519.0000000001689000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000003.108700537691.000000000167D000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000003.107772204438.0000000001690000.00000004.00000001.sdmp |
String found in binary or memory: https://doc-08-6k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/q217t7l1 |
Source: CasPol.exe, 00000004.00000002.112528721290.000000000160B000.00000004.00000020.sdmp |
String found in binary or memory: https://drive.google.com/ |
Source: CasPol.exe, 00000004.00000002.112529856896.0000000001700000.00000004.00000001.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1V_BC3orZyo_CjeEmMyBVynAV_UOPmtl6 |
Source: CasPol.exe, 00000004.00000002.112540848121.000000001E71E000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112538365456.000000001E2D9000.00000004.00000001.sdmp |
String found in binary or memory: https://sectigo.com/CPS0 |
Source: Transferencia_29_11_2021 17.03.39.exe |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: CasPol.exe, 00000004.00000002.112539654959.000000001E611000.00000004.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_012AC080 |
4_2_012AC080 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_012A4320 |
4_2_012A4320 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_012ABA48 |
4_2_012ABA48 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_012A3A50 |
4_2_012A3A50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_012A1120 |
4_2_012A1120 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_012A3708 |
4_2_012A3708 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_012B0890 |
4_2_012B0890 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_012B6AC8 |
4_2_012B6AC8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_015FA350 |
4_2_015FA350 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_015FBB1B |
4_2_015FBB1B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_015F57C8 |
4_2_015F57C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_015F4E60 |
4_2_015F4E60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_015F1D28 |
4_2_015F1D28 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_015F41D1 |
4_2_015F41D1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_015F68D8 |
4_2_015F68D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_015F3330 |
4_2_015F3330 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_018719B0 |
4_2_018719B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_01878320 |
4_2_01878320 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_01872B78 |
4_2_01872B78 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_0187DEA0 |
4_2_0187DEA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_01876D10 |
4_2_01876D10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_0187D120 |
4_2_0187D120 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_01871157 |
4_2_01871157 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_0187A4C8 |
4_2_0187A4C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_01870040 |
4_2_01870040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_1E3C5E08 |
4_2_1E3C5E08 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_1E3C46C4 |
4_2_1E3C46C4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_1E3C5D41 |
4_2_1E3C5D41 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_1E3C6AF1 |
4_2_1E3C6AF1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_21576428 |
4_2_21576428 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_21578650 |
4_2_21578650 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_21572D7D |
4_2_21572D7D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_21570E00 |
4_2_21570E00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 4_2_2157A4E8 |
4_2_2157A4E8 |
Source: C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107797341838.0000000002CD0000.00000004.00000001.sdmp |
Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32APPDATA=WINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\CASPOL.EXE\SYSWOW64\MSVBVM60.DLL |
Source: CasPol.exe, 00000004.00000002.112529856896.0000000001700000.00000004.00000001.sdmp |
Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32APPDATA=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=1V_BC3ORZYO_CJEEMMYBVYNAV_UOPMTL6 |
Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107797341838.0000000002CD0000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112529856896.0000000001700000.00000004.00000001.sdmp |
Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE |
Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107795131287.0000000000574000.00000004.00000020.sdmp |
Binary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE |
Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107797397321.0000000002D99000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112531303198.0000000003209000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Guest Shutdown Service |
Source: CasPol.exe, 00000004.00000002.112529856896.0000000001700000.00000004.00000001.sdmp |
Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32APPDATA=https://drive.google.com/uc?export=download&id=1V_BC3orZyo_CjeEmMyBVynAV_UOPmtl6 |
Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107797397321.0000000002D99000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112531303198.0000000003209000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Remote Desktop Virtualization Service |
Source: CasPol.exe, 00000004.00000002.112531303198.0000000003209000.00000004.00000001.sdmp |
Binary or memory string: vmicshutdown |
Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107797397321.0000000002D99000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112531303198.0000000003209000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Volume Shadow Copy Requestor |
Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107797341838.0000000002CD0000.00000004.00000001.sdmp |
Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32APPDATA=windir=\Microsoft.NET\Framework\v4.0.30319\caspol.exe\syswow64\msvbvm60.dll |
Source: CasPol.exe, 00000004.00000002.112529238577.000000000167D000.00000004.00000020.sdmp, CasPol.exe, 00000004.00000003.108700537691.000000000167D000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V RAWU:Z |
Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107797397321.0000000002D99000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112531303198.0000000003209000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V PowerShell Direct Service |
Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107797397321.0000000002D99000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112531303198.0000000003209000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Time Synchronization Service |
Source: CasPol.exe, 00000004.00000002.112531303198.0000000003209000.00000004.00000001.sdmp |
Binary or memory string: vmicvss |
Source: CasPol.exe, 00000004.00000002.112529238577.000000000167D000.00000004.00000020.sdmp, CasPol.exe, 00000004.00000003.108700537691.000000000167D000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V RAW |
Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107797341838.0000000002CD0000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112529856896.0000000001700000.00000004.00000001.sdmp |
Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107797397321.0000000002D99000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112531303198.0000000003209000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Data Exchange Service |
Source: CasPol.exe, 00000004.00000002.112528721290.000000000160B000.00000004.00000020.sdmp |
Binary or memory string: Hyper-V RAW8Zh |
Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107797397321.0000000002D99000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112531303198.0000000003209000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Heartbeat Service |
Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107795131287.0000000000574000.00000004.00000020.sdmp |
Binary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107797397321.0000000002D99000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112531303198.0000000003209000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Guest Service Interface |
Source: CasPol.exe, 00000004.00000002.112531303198.0000000003209000.00000004.00000001.sdmp |
Binary or memory string: vmicheartbeat |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |