Source: CasPol.exe, 00000009.00000002.39558929344.000000001E3C1000.00000004.00000001.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: CasPol.exe, 00000009.00000002.39558929344.000000001E3C1000.00000004.00000001.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: CasPol.exe, 00000009.00000002.39547979743.0000000001508000.00000004.00000020.sdmp, CasPol.exe, 00000009.00000002.39560412992.000000001E4CA000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000002.39548353577.0000000001547000.00000004.00000020.sdmp, CasPol.exe, 00000009.00000002.39566542058.000000002065B000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: CasPol.exe, 00000009.00000003.34898456517.0000000001598000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000002.39548757610.0000000001584000.00000004.00000020.sdmp, CasPol.exe, 00000009.00000003.34903021933.0000000001594000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000003.34897476183.0000000001598000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: CasPol.exe, 00000009.00000002.39560412992.000000001E4CA000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000002.39566542058.000000002065B000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000002.39566707424.0000000020677000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q |
Source: CasPol.exe, 00000009.00000002.39566283279.000000002062C000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000002.39560412992.000000001E4CA000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000002.39566542058.000000002065B000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthority.crl0 |
Source: CasPol.exe, 00000009.00000003.34898456517.0000000001598000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000002.39548757610.0000000001584000.00000004.00000020.sdmp, CasPol.exe, 00000009.00000003.34903021933.0000000001594000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000003.34897476183.0000000001598000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: CasPol.exe, 00000009.00000002.39560412992.000000001E4CA000.00000004.00000001.sdmp |
String found in binary or memory: http://furteksdokuma.com.tr |
Source: CasPol.exe, 00000009.00000002.39558929344.000000001E3C1000.00000004.00000001.sdmp |
String found in binary or memory: http://kFWRbv.com |
Source: CasPol.exe, 00000009.00000002.39560412992.000000001E4CA000.00000004.00000001.sdmp |
String found in binary or memory: http://mail.furteksdokuma.com.tr |
Source: CasPol.exe, 00000009.00000002.39547979743.0000000001508000.00000004.00000020.sdmp, CasPol.exe, 00000009.00000002.39566283279.000000002062C000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000002.39560412992.000000001E4CA000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000002.39548353577.0000000001547000.00000004.00000020.sdmp, CasPol.exe, 00000009.00000002.39566542058.000000002065B000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000002.39566707424.0000000020677000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0 |
Source: CasPol.exe, 00000009.00000002.39560192318.000000001E4B4000.00000004.00000001.sdmp |
String found in binary or memory: https://NlNlzv83nsnyVe.org |
Source: CasPol.exe, 00000009.00000002.39560192318.000000001E4B4000.00000004.00000001.sdmp |
String found in binary or memory: https://NlNlzv83nsnyVe.orgt- |
Source: CasPol.exe, 00000009.00000003.34902918897.00000000015D9000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000003.34898900637.00000000015DA000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000003.34897886336.00000000015D6000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000003.34897476183.0000000001598000.00000004.00000001.sdmp |
String found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/ |
Source: CasPol.exe, 00000009.00000003.34902918897.00000000015D9000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000003.34898900637.00000000015DA000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000003.34897886336.00000000015D6000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000003.34897476183.0000000001598000.00000004.00000001.sdmp |
String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gse_l9ocaq |
Source: CasPol.exe, 00000009.00000003.34898456517.0000000001598000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000003.34903021933.0000000001594000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000002.39548588362.000000000156E000.00000004.00000020.sdmp |
String found in binary or memory: https://doc-0g-7s-docs.googleusercontent.com/ |
Source: CasPol.exe, 00000009.00000003.34897476183.0000000001598000.00000004.00000001.sdmp |
String found in binary or memory: https://doc-0g-7s-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/gp8euu0g |
Source: CasPol.exe, 00000009.00000002.39547979743.0000000001508000.00000004.00000020.sdmp |
String found in binary or memory: https://drive.google.com/ |
Source: CasPol.exe, 00000009.00000002.39549397505.00000000016D0000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000002.39548353577.0000000001547000.00000004.00000020.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1e3nVGX3LlhNn9Zf6RwTjDw6FKTCAih9T |
Source: CasPol.exe, 00000009.00000002.39559729180.000000001E464000.00000004.00000001.sdmp |
String found in binary or memory: https://login.live.com/ |
Source: CasPol.exe, 00000009.00000002.39558929344.000000001E3C1000.00000004.00000001.sdmp |
String found in binary or memory: https://login.live.com// |
Source: CasPol.exe, 00000009.00000002.39558929344.000000001E3C1000.00000004.00000001.sdmp |
String found in binary or memory: https://login.live.com/https://login.live.com/ |
Source: CasPol.exe, 00000009.00000002.39558929344.000000001E3C1000.00000004.00000001.sdmp |
String found in binary or memory: https://login.live.com/v104 |
Source: CasPol.exe, 00000009.00000002.39566283279.000000002062C000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000002.39560412992.000000001E4CA000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000002.39566542058.000000002065B000.00000004.00000001.sdmp |
String found in binary or memory: https://sectigo.com/CPS0 |
Source: CasPol.exe, 00000009.00000002.39559729180.000000001E464000.00000004.00000001.sdmp |
String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash |
Source: CasPol.exe, 00000009.00000002.39558929344.000000001E3C1000.00000004.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 1_2_03101476 |
1_2_03101476 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 1_2_03103837 |
1_2_03103837 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_01206988 |
9_2_01206988 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_01200040 |
9_2_01200040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_01201420 |
9_2_01201420 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_01244320 |
9_2_01244320 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_01243A50 |
9_2_01243A50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_0124BA50 |
9_2_0124BA50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_0124C7B0 |
9_2_0124C7B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_01243708 |
9_2_01243708 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_014AA9CA |
9_2_014AA9CA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_014A8490 |
9_2_014A8490 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_014A8F20 |
9_2_014A8F20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_014A1D28 |
9_2_014A1D28 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_014A41D1 |
9_2_014A41D1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_014A3330 |
9_2_014A3330 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_014A6270 |
9_2_014A6270 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_017F2DA0 |
9_2_017F2DA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_017F1BD0 |
9_2_017F1BD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_017F7E60 |
9_2_017F7E60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_017FD2E0 |
9_2_017FD2E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_017FDED5 |
9_2_017FDED5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_017FA940 |
9_2_017FA940 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_017F2D00 |
9_2_017F2D00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_017FA9A0 |
9_2_017FA9A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_017F2E40 |
9_2_017F2E40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_01A850F8 |
9_2_01A850F8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_01A80040 |
9_2_01A80040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_01A86C78 |
9_2_01A86C78 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_01A86048 |
9_2_01A86048 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_01A8A420 |
9_2_01A8A420 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_1E235E08 |
9_2_1E235E08 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_1E2346C4 |
9_2_1E2346C4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_1E236AF1 |
9_2_1E236AF1 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 1_2_0040508B pushad ; ret |
1_2_0040509D |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 1_2_0040755C push cs; retf |
1_2_0040755D |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 1_2_00407179 push esp; iretd |
1_2_00407181 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 1_2_00407584 push cs; retf |
1_2_0040755D |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 1_2_004085B8 push edx; retf |
1_2_004085B9 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 1_2_00406245 push ecx; retf |
1_2_00406249 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 1_2_004072E6 push ebp; iretd |
1_2_004072E9 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 1_2_004042FC push edx; retf |
1_2_004042FD |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 1_2_0040972A push eax; iretd |
1_2_00409745 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 1_2_004083D6 pushfd ; iretd |
1_2_00408422 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 1_2_03104AD1 push es; iretd |
1_2_03104ADB |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 1_2_031024DF push edx; ret |
1_2_031024E1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 9_2_01A83D0A push eax; retf |
9_2_01A83D51 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: FACTURAS.exe, 00000001.00000002.34928607256.00000000031E9000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000002.39551309400.00000000032B9000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Guest Shutdown Service |
Source: FACTURAS.exe, 00000001.00000002.34928607256.00000000031E9000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000002.39551309400.00000000032B9000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Remote Desktop Virtualization Service |
Source: CasPol.exe, 00000009.00000002.39551309400.00000000032B9000.00000004.00000001.sdmp |
Binary or memory string: vmicshutdown |
Source: FACTURAS.exe, 00000001.00000002.34928607256.00000000031E9000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000002.39551309400.00000000032B9000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Volume Shadow Copy Requestor |
Source: FACTURAS.exe, 00000001.00000002.34928491010.0000000003120000.00000004.00000001.sdmp |
Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32APPDATA=windir=\Microsoft.NET\Framework\v4.0.30319\caspol.exe\syswow64\msvbvm60.dll |
Source: FACTURAS.exe, 00000001.00000002.34928607256.00000000031E9000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000002.39551309400.00000000032B9000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V PowerShell Direct Service |
Source: FACTURAS.exe, 00000001.00000002.34928607256.00000000031E9000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000002.39551309400.00000000032B9000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Time Synchronization Service |
Source: CasPol.exe, 00000009.00000002.39551309400.00000000032B9000.00000004.00000001.sdmp |
Binary or memory string: vmicvss |
Source: CasPol.exe, 00000009.00000002.39549397505.00000000016D0000.00000004.00000001.sdmp |
Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32APPDATA=https://drive.google.com/uc?export=download&id=1e3nVGX3LlhNn9Zf6RwTjDw6FKTCAih9T |
Source: CasPol.exe, 00000009.00000002.39548757610.0000000001584000.00000004.00000020.sdmp, CasPol.exe, 00000009.00000002.39547979743.0000000001508000.00000004.00000020.sdmp |
Binary or memory string: Hyper-V RAW |
Source: FACTURAS.exe, 00000001.00000002.34928491010.0000000003120000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000002.39549397505.00000000016D0000.00000004.00000001.sdmp |
Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: FACTURAS.exe, 00000001.00000002.34928607256.00000000031E9000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000002.39551309400.00000000032B9000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Data Exchange Service |
Source: FACTURAS.exe, 00000001.00000002.34928607256.00000000031E9000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000002.39551309400.00000000032B9000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Heartbeat Service |
Source: FACTURAS.exe, 00000001.00000002.34928607256.00000000031E9000.00000004.00000001.sdmp, CasPol.exe, 00000009.00000002.39551309400.00000000032B9000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Guest Service Interface |
Source: CasPol.exe, 00000009.00000002.39551309400.00000000032B9000.00000004.00000001.sdmp |
Binary or memory string: vmicheartbeat |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |