Source: CasPol.exe, 00000004.00000002.39282146178.000000001DA11000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: CasPol.exe, 00000004.00000002.39282146178.000000001DA11000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://DynDns.comDynDNSnamejidpasswordPsi/Psi |
Source: CasPol.exe, 00000004.00000002.39283527029.000000001DB4C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://api.telegram.org |
Source: CasPol.exe, 00000004.00000003.34615691496.0000000001521000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.39259342233.000000000151A000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000003.34611069380.0000000001521000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000003.34610499874.0000000001521000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: CasPol.exe, 00000004.00000003.34615691496.0000000001521000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.39259342233.000000000151A000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000003.34611069380.0000000001521000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000003.34610499874.0000000001521000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: CasPol.exe, 00000004.00000002.39283433304.000000001DB37000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: CasPol.exe, 00000004.00000002.39282146178.000000001DA11000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://yCCtaB.com |
Source: CasPol.exe, 00000004.00000002.39282146178.000000001DA11000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.39283362097.000000001DB2F000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://Yp7sE2ZThKzSHqA.com |
Source: CasPol.exe, 00000004.00000002.39282146178.000000001DA11000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.ipify.org%%startupfolder% |
Source: CasPol.exe, 00000004.00000002.39282146178.000000001DA11000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.ipify.org%t- |
Source: CasPol.exe, 00000004.00000002.39283433304.000000001DB37000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.telegram.org |
Source: CasPol.exe, 00000004.00000002.39259342233.000000000151A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://api.telegram.org/ |
Source: CasPol.exe, 00000004.00000002.39283433304.000000001DB37000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.telegram.org/bot5362707045:AAGBjkYF97cvI4xaEhJ1OrouiqS3umCPqqA/sendDocument |
Source: CasPol.exe, 00000004.00000002.39282146178.000000001DA11000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.telegram.org/bot5362707045:AAGBjkYF97cvI4xaEhJ1OrouiqS3umCPqqA/sendDocumentdocument----- |
Source: CasPol.exe, 00000004.00000003.34615691496.0000000001521000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://doc-04-bk-docs.googleusercontent.com/ |
Source: CasPol.exe, 00000004.00000002.39258953296.00000000014E0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://doc-04-bk-docs.googleusercontent.com/R |
Source: CasPol.exe, 00000004.00000002.39258953296.00000000014E0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://doc-04-bk-docs.googleusercontent.com/_ |
Source: CasPol.exe, 00000004.00000003.34615691496.0000000001521000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.39259342233.000000000151A000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000003.34611069380.0000000001521000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000003.34610499874.0000000001521000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://doc-04-bk-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/3q810s3j |
Source: CasPol.exe, 00000004.00000002.39258621414.000000000149B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://drive.google.com/ |
Source: CasPol.exe, 00000004.00000002.39258621414.000000000149B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://drive.google.com/5s( |
Source: CasPol.exe, 00000004.00000002.39258621414.000000000149B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://drive.google.com/uc?export=download&id=1o9xcx-d3Bxjd3qTkG604DI9J3fWxwqqB |
Source: CasPol.exe, 00000004.00000002.39282146178.000000001DA11000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.ziphttps://www |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_004056DE GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_0040755C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_00406D85 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_71751BFF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A164A5 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A15C99 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A2366D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A173FA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A155C1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A24F24 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A254A6 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A186A5 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A19A80 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A18C91 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A18C97 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A1A0ED |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A20EF4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A1A2C3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A19AD4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A174DA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A1D4DC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A2483A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A18238 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A1A03D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A1A207 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A1480F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A21010 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A1A41D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A17C64 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A1946F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A1A473 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A1A07C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A19A49 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A1885D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A25BA4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A25FB7 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A193B9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A1CD83 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A1DB87 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A1A38F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A18B93 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A1A19B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A147E3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A189E5 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A18BF7 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A199C9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A187DD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A1A528 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A18B2D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A24301 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A25904 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A1A50E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A18715 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A1896D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A28153 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A17756 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4_2_1D826B62 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4_2_1D82A160 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4_2_1D829890 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4_2_1D829548 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4_2_20980040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4_2_20986078 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4_2_2098DA18 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4_2_20985E58 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4_2_20987250 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4_2_209ECD08 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4_2_209E1070 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4_2_209EDFF4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_717530C0 push eax; ret |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A1AAE1 pushad ; iretd |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A14C30 push ebx; iretd |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A1B63A push 155B0F6Bh; ret |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A1B261 push ebp; ret |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A14BF3 push ebx; iretd |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A16322 push 26E9F687h; retn 0000h |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A24301 push CA145685h; retf 77CCh |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A14D17 push ebx; iretd |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A15F4C push ecx; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4_2_01113DD4 push FFFFFFB9h; retf |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4_2_01113DF9 push FFFFFFB9h; retf |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: SecuriteInfo.com.W32.AIDetect.malware2.8516.exe, 00000001.00000002.34640199629.0000000004699000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.39260591348.0000000003069000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V Guest Shutdown Service |
Source: SecuriteInfo.com.W32.AIDetect.malware2.8516.exe, 00000001.00000002.34640199629.0000000004699000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.39260591348.0000000003069000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V Remote Desktop Virtualization Service |
Source: CasPol.exe, 00000004.00000002.39260591348.0000000003069000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: vmicshutdown |
Source: SecuriteInfo.com.W32.AIDetect.malware2.8516.exe, 00000001.00000002.34640199629.0000000004699000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.39260591348.0000000003069000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V Volume Shadow Copy Requestor |
Source: SecuriteInfo.com.W32.AIDetect.malware2.8516.exe, 00000001.00000002.34640199629.0000000004699000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.39260591348.0000000003069000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V PowerShell Direct Service |
Source: SecuriteInfo.com.W32.AIDetect.malware2.8516.exe, 00000001.00000002.34639859146.0000000002B01000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: ntdlluser32kernel32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=windir=\Microsoft.NET\Framework\v4.0.30319\caspol.exewindir=\syswow64\iertutil.dllwindir=\Microsoft.NET\Framework\v4.0.30319\caspol.exewindir=\syswow64\iertutil.dll |
Source: SecuriteInfo.com.W32.AIDetect.malware2.8516.exe, 00000001.00000002.34640199629.0000000004699000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.39260591348.0000000003069000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V Time Synchronization Service |
Source: CasPol.exe, 00000004.00000002.39260591348.0000000003069000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: vmicvss |
Source: CasPol.exe, 00000004.00000002.39259082655.00000000014F7000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.39258621414.000000000149B000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW |
Source: SecuriteInfo.com.W32.AIDetect.malware2.8516.exe, 00000001.00000002.34639859146.0000000002B01000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: SecuriteInfo.com.W32.AIDetect.malware2.8516.exe, 00000001.00000002.34640199629.0000000004699000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.39260591348.0000000003069000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V Data Exchange Service |
Source: SecuriteInfo.com.W32.AIDetect.malware2.8516.exe, 00000001.00000002.34640199629.0000000004699000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.39260591348.0000000003069000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V Heartbeat Service |
Source: SecuriteInfo.com.W32.AIDetect.malware2.8516.exe, 00000001.00000002.34640199629.0000000004699000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.39260591348.0000000003069000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V Guest Service Interface |
Source: CasPol.exe, 00000004.00000002.39260591348.0000000003069000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: vmicheartbeat |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A186A5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A24AAA mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A1D4DC mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A20E4B mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A241B0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A25FB7 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_02A1CD83 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe | Code function: 1_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |