Source: CasPol.exe, 0000000A.00000002.767841057.0000000002881000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: CasPol.exe, 0000000A.00000002.767841057.0000000002881000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://DynDns.comDynDNSnamejidpasswordPsi/Psi |
Source: CasPol.exe, 0000000A.00000003.409423403.000000000592A000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000A.00000002.779812564.000000000592A000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000A.00000003.399211019.000000000590A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: CasPol.exe, 0000000A.00000002.772635350.0000000002B66000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000A.00000002.772655142.0000000002B6A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ftp.electrobist.com |
Source: CasPol.exe, 0000000A.00000002.767841057.0000000002881000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: CasPol.exe, 0000000A.00000002.767841057.0000000002881000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://xgrPBN.com |
Source: CasPol.exe, 0000000A.00000002.767841057.0000000002881000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.ipify.org |
Source: CasPol.exe, 0000000A.00000002.767841057.0000000002881000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.ipify.org/ |
Source: CasPol.exe, 0000000A.00000002.767841057.0000000002881000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.ipify.orgftp://ftp.electrobist.comuser1 |
Source: CasPol.exe, 0000000A.00000002.768390327.00000000028D4000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000A.00000002.772635350.0000000002B66000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://eyUBHCqVhczCNfHAY6U.org |
Source: CasPol.exe, 0000000A.00000002.767841057.0000000002881000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.ziphttps://www |
Source: 10.0.CasPol.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 10.0.CasPol.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 0000000A.00000000.345984518.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: Process Memory Space: CasPol.exe PID: 688, type: MEMORYSTR |
Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 10_2_023FFC48 |
10_2_023FFC48 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 10_2_023F6D20 |
10_2_023F6D20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 10_2_05DF9708 |
10_2_05DF9708 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 10_2_05DFF2A0 |
10_2_05DFF2A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 10_2_05DFBE50 |
10_2_05DFBE50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 10_2_05DFB4E0 |
10_2_05DFB4E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 10_2_05DF84B8 |
10_2_05DF84B8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 10_2_05DF8408 |
10_2_05DF8408 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 10_2_05DFD9A8 |
10_2_05DFD9A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 10_2_05E90480 |
10_2_05E90480 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 10_2_05E92170 |
10_2_05E92170 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 10_2_05E9BC40 |
10_2_05E9BC40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 10_2_05E95F40 |
10_2_05E95F40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 10_2_05E929C8 |
10_2_05E929C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 10_2_05E92020 |
10_2_05E92020 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 10_2_05E9CA68 |
10_2_05E9CA68 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 10_2_05EE3D4C |
10_2_05EE3D4C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 10_2_05EE372C |
10_2_05EE372C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 10_2_05EE5668 |
10_2_05EE5668 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 10_2_05EEC1E0 |
10_2_05EEC1E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 10_2_05EE0040 |
10_2_05EE0040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 10_2_05EEC054 |
10_2_05EEC054 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 10_2_05EE33E4 |
10_2_05EE33E4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 10_2_05EED3A0 |
10_2_05EED3A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 10_2_05EE8B28 |
10_2_05EE8B28 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 10_2_05EE3730 |
10_2_05EE3730 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 10_2_05E93958 |
10_2_05E93958 |
Source: C:\Users\user\AppData\Roaming\newapp\newapp.exe |
Code function: 11_2_01130958 |
11_2_01130958 |
Source: C:\Users\user\AppData\Roaming\newapp\newapp.exe |
Code function: 13_2_00C00958 |
13_2_00C00958 |
Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\newapp\newapp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\newapp\newapp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\newapp\newapp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\newapp\newapp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\newapp\newapp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\newapp\newapp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\newapp\newapp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\newapp\newapp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\newapp\newapp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\newapp\newapp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\newapp\newapp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\newapp\newapp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\newapp\newapp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\newapp\newapp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\newapp\newapp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\newapp\newapp.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe |
Queries volume information: C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\newapp\newapp.exe |
Queries volume information: C:\Users\user\AppData\Roaming\newapp\newapp.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\newapp\newapp.exe |
Queries volume information: C:\Users\user\AppData\Roaming\newapp\newapp.exe VolumeInformation |
Jump to behavior |