Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: unknown | TCP traffic detected without corresponding DNS query: 141.98.6.239 |
Source: CasPol.exe, 00000009.00000002.44517603260.000000001D981000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: CasPol.exe, 00000009.00000002.44498847642.00000000014D6000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://141.98.6.239/zeaveZtePRlRbWLesj75.dwp |
Source: CasPol.exe, 00000009.00000002.44498847642.00000000014D6000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://141.98.6.239/zeaveZtePRlRbWLesj75.dwplh |
Source: CasPol.exe, 00000009.00000002.44517603260.000000001D981000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://DynDns.comDynDNSnamejidpasswordPsi/Psi |
Source: CasPol.exe, 00000009.00000002.44517603260.000000001D981000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://FvewWS.com |
Source: FanControlWrapper.dll.1.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: FanControlWrapper.dll.1.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: CasPol.exe, 00000009.00000002.44498847642.00000000014D6000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000009.00000002.44519232973.000000001DA9D000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000009.00000002.44529629703.0000000020F90000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000009.00000002.44519910229.000000001DB05000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: CasPol.exe, 00000009.00000002.44519232973.000000001DA9D000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000009.00000002.44529629703.0000000020F90000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000009.00000002.44519910229.000000001DB05000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q |
Source: CasPol.exe, 00000009.00000002.44519232973.000000001DA9D000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000009.00000002.44529629703.0000000020F90000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000009.00000002.44519910229.000000001DB05000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthority.crl0 |
Source: FanControlWrapper.dll.1.dr | String found in binary or memory: http://crl.globalsign.com/gsextendcodesignsha2g3.crl0 |
Source: FanControlWrapper.dll.1.dr | String found in binary or memory: http://crl.globalsign.com/root-r3.crl0b |
Source: FanControlWrapper.dll.1.dr | String found in binary or memory: http://crl.globalsign.com/root.crl0G |
Source: FanControlWrapper.dll.1.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: FanControlWrapper.dll.1.dr | String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: FanControlWrapper.dll.1.dr | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: FanControlWrapper.dll.1.dr | String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: CasPol.exe, 00000009.00000002.44519232973.000000001DA9D000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000009.00000002.44519910229.000000001DB05000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://mail.merian.com.ar |
Source: CasPol.exe, 00000009.00000002.44519232973.000000001DA9D000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000009.00000002.44519910229.000000001DB05000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://merian.com.ar |
Source: Ordene 501527,pdf.exe | String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: CasPol.exe, 00000009.00000002.44498847642.00000000014D6000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000009.00000002.44519232973.000000001DA9D000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000009.00000002.44529629703.0000000020F90000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000009.00000002.44519910229.000000001DB05000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.comodoca.com0 |
Source: FanControlWrapper.dll.1.dr | String found in binary or memory: http://ocsp.digicert.com0C |
Source: FanControlWrapper.dll.1.dr | String found in binary or memory: http://ocsp.digicert.com0O |
Source: FanControlWrapper.dll.1.dr | String found in binary or memory: http://ocsp.globalsign.com/rootr103 |
Source: FanControlWrapper.dll.1.dr | String found in binary or memory: http://ocsp2.globalsign.com/gsextendcodesignsha2g30U |
Source: FanControlWrapper.dll.1.dr | String found in binary or memory: http://ocsp2.globalsign.com/rootr306 |
Source: Ordene 501527,pdf.exe | String found in binary or memory: http://s.symcb.com/universal-root.crl0 |
Source: Ordene 501527,pdf.exe | String found in binary or memory: http://s.symcd.com06 |
Source: FanControlWrapper.dll.1.dr | String found in binary or memory: http://secure.globalsign.com/cacert/gsextendcodesignsha2g3ocsp.crt0 |
Source: Ordene 501527,pdf.exe | String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0( |
Source: Ordene 501527,pdf.exe | String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0 |
Source: Ordene 501527,pdf.exe | String found in binary or memory: http://ts-ocsp.ws.symantec.com0; |
Source: FanControlWrapper.dll.1.dr | String found in binary or memory: http://www.digicert.com/CPS0 |
Source: CasPol.exe, 00000009.00000002.44517603260.000000001D981000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.ipify.org%appdata |
Source: CasPol.exe, 00000009.00000002.44517603260.000000001D981000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.ipify.org%t- |
Source: Ordene 501527,pdf.exe | String found in binary or memory: https://d.symcb.com/cps0% |
Source: Ordene 501527,pdf.exe | String found in binary or memory: https://d.symcb.com/rpa0 |
Source: Ordene 501527,pdf.exe | String found in binary or memory: https://d.symcb.com/rpa0. |
Source: CasPol.exe, 00000009.00000002.44518397705.000000001DA13000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000009.00000002.44517603260.000000001D981000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ |
Source: CasPol.exe, 00000009.00000002.44518397705.000000001DA13000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com// |
Source: CasPol.exe, 00000009.00000002.44518397705.000000001DA13000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/https://login.live.com/ |
Source: CasPol.exe, 00000009.00000002.44518397705.000000001DA13000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/v104 |
Source: CasPol.exe, 00000009.00000002.44518958056.000000001DA75000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000009.00000003.40043700714.000000001C831000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000009.00000002.44519232973.000000001DA9D000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000009.00000002.44519545264.000000001DAD1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://rwUCPncwlnlg0H1LG.net |
Source: CasPol.exe, 00000009.00000002.44518958056.000000001DA75000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://rwUCPncwlnlg0H1LG.nett- |
Source: CasPol.exe, 00000009.00000002.44529629703.0000000020F90000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://sectigo.com |
Source: CasPol.exe, 00000009.00000002.44519232973.000000001DA9D000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000009.00000002.44529629703.0000000020F90000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000009.00000002.44519910229.000000001DB05000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://sectigo.com/CPS0 |
Source: CasPol.exe, 00000009.00000002.44518397705.000000001DA13000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash |
Source: FanControlWrapper.dll.1.dr | String found in binary or memory: https://www.digicert.com/CPS0 |
Source: FanControlWrapper.dll.1.dr | String found in binary or memory: https://www.globalsign.com/repository/0 |
Source: CasPol.exe, 00000009.00000002.44517603260.000000001D981000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.ziphttps://www |
Source: C:\Users\user\Desktop\Ordene 501527,pdf.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Misundes | Jump to behavior |
Source: C:\Users\user\Desktop\Ordene 501527,pdf.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Misundes\Caesural4 | Jump to behavior |
Source: C:\Users\user\Desktop\Ordene 501527,pdf.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Misundes\Caesural4\Perciform | Jump to behavior |
Source: C:\Users\user\Desktop\Ordene 501527,pdf.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Misundes\Caesural4\Perciform\Selskabelig | Jump to behavior |
Source: C:\Users\user\Desktop\Ordene 501527,pdf.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Misundes\Caesural4\Perciform\Selskabelig\Hjemmeopgaven | Jump to behavior |
Source: C:\Users\user\Desktop\Ordene 501527,pdf.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Misundes\Caesural4\Perciform\Selskabelig\Hjemmeopgaven\vrkstedsbygninger | Jump to behavior |
Source: C:\Users\user\Desktop\Ordene 501527,pdf.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Misundes\Caesural4\Perciform\Selskabelig\Hjemmeopgaven\vrkstedsbygninger\Ricciaceae185.Inc | Jump to behavior |
Source: C:\Users\user\Desktop\Ordene 501527,pdf.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Misundes\Caesural4\Kvalitative209 | Jump to behavior |
Source: C:\Users\user\Desktop\Ordene 501527,pdf.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Misundes\Caesural4\Kvalitative209\FanControlWrapper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Ordene 501527,pdf.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Misundes\Caesural4\Kvalitative209\Microsoft.Office.Tools.Common.v9.0.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Ordene 501527,pdf.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Misundes\Caesural4\Kvalitative209\edit-cut-symbolic.svg | Jump to behavior |
Source: C:\Users\user\Desktop\Ordene 501527,pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\flex\flex.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\flex\flex.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\flex\flex.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\flex\flex.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\flex\flex.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\flex\flex.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\flex\flex.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\flex\flex.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\flex\flex.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\flex\flex.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\flex\flex.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\flex\flex.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\flex\flex.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\flex\flex.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\flex\flex.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\flex\flex.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\flex\flex.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\flex\flex.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\flex\flex.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\flex\flex.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\flex\flex.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\flex\flex.exe | Process information set: NOOPENFILEERRORBOX |
Source: Ordene 501527,pdf.exe, 00000001.00000002.39990823877.0000000010059000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V Guest Shutdown Service |
Source: Ordene 501527,pdf.exe, 00000001.00000002.39990823877.0000000010059000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V Remote Desktop Virtualization Service |
Source: Ordene 501527,pdf.exe, 00000001.00000002.39990823877.0000000010059000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: vmicshutdown |
Source: Ordene 501527,pdf.exe, 00000001.00000002.39990823877.0000000010059000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V Volume Shadow Copy Requestor |
Source: Ordene 501527,pdf.exe, 00000001.00000002.39990823877.0000000010059000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V PowerShell Direct Service |
Source: Ordene 501527,pdf.exe, 00000001.00000002.39990362848.00000000038B1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoKERNELBASE.DLLshell32advapi32TEMP=windir=\Microsoft.NET\Framework\v4.0.30319\caspol.exewindir=\syswow64\iertutil.dllwindir=\Microsoft.NET\Framework\v4.0.30319\caspol.exewindir=\syswow64\iertutil.dll |
Source: Ordene 501527,pdf.exe, 00000001.00000002.39990823877.0000000010059000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V Time Synchronization Service |
Source: Ordene 501527,pdf.exe, 00000001.00000002.39990823877.0000000010059000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: vmicvss |
Source: CasPol.exe, 00000009.00000002.44498257269.0000000001498000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000009.00000002.44499138063.00000000014F8000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW |
Source: Ordene 501527,pdf.exe, 00000001.00000002.39990362848.00000000038B1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: Ordene 501527,pdf.exe, 00000001.00000002.39990823877.0000000010059000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V Data Exchange Service |
Source: Ordene 501527,pdf.exe, 00000001.00000002.39988097728.0000000000928000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exep |
Source: Ordene 501527,pdf.exe, 00000001.00000002.39990823877.0000000010059000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V Heartbeat Service |
Source: Ordene 501527,pdf.exe, 00000001.00000002.39988097728.0000000000928000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: Ordene 501527,pdf.exe, 00000001.00000002.39990823877.0000000010059000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V Guest Service Interface |
Source: Ordene 501527,pdf.exe, 00000001.00000002.39990823877.0000000010059000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: vmicheartbeat |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Source: C:\Users\user\AppData\Roaming\flex\flex.exe | Queries volume information: C:\Users\user\AppData\Roaming\flex\flex.exe VolumeInformation |
Source: C:\Users\user\AppData\Roaming\flex\flex.exe | Queries volume information: C:\Users\user\AppData\Roaming\flex\flex.exe VolumeInformation |