Source: CasPol.exe, 00000001.00000002.819488007.0000000003151000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: CasPol.exe, 00000001.00000002.819488007.0000000003151000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://DynDns.comDynDNSnamejidpasswordPsi/Psi |
Source: CasPol.exe, 00000001.00000002.819488007.0000000003151000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://TcwLAp.com |
Source: CasPol.exe, 00000001.00000002.824168793.00000000034D8000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://api.telegram.org |
Source: CasPol.exe, 00000001.00000002.829202853.000000000634E000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: CasPol.exe, 00000001.00000002.824079455.00000000034C3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: CasPol.exe, 00000001.00000002.819488007.0000000003151000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.824168793.00000000034D8000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.823692783.0000000003476000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://FZsMKmQQms.net |
Source: CasPol.exe, 00000001.00000002.824079455.00000000034C3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org |
Source: CasPol.exe, 00000001.00000002.819488007.0000000003151000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot5515611206:AAEcQSX8hXHOAxSYr8KUdLxGF5eqw4FRXoA/ |
Source: CasPol.exe, 00000001.00000002.819488007.0000000003151000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot5515611206:AAEcQSX8hXHOAxSYr8KUdLxGF5eqw4FRXoA/1504449137%discordapi%yyy |
Source: CasPol.exe, 00000001.00000002.824079455.00000000034C3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot5515611206:AAEcQSX8hXHOAxSYr8KUdLxGF5eqw4FRXoA/sendDocument |
Source: CasPol.exe, 00000001.00000002.824079455.00000000034C3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org4 |
Source: ?????.sys.0.dr |
String found in binary or memory: https://www.sysinternals.com0 |
Source: CasPol.exe, 00000001.00000002.819488007.0000000003151000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.ziphttps://www |
Source: 1.0.CasPol.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 1.0.CasPol.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 00000001.00000000.397838302.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: Process Memory Space: CasPol.exe PID: 5312, type: MEMORYSTR |
Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 1_2_013DF928 |
1_2_013DF928 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 1_2_062276F0 |
1_2_062276F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 1_2_0622CF70 |
1_2_0622CF70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 1_2_0622A4C0 |
1_2_0622A4C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 1_2_06225BC0 |
1_2_06225BC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 1_2_0622768E |
1_2_0622768E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 1_2_06225A70 |
1_2_06225A70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 1_2_0622F2E0 |
1_2_0622F2E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 1_2_06223330 |
1_2_06223330 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 1_2_0623BE8D |
1_2_0623BE8D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 1_2_06239330 |
1_2_06239330 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 1_2_0623AF88 |
1_2_0623AF88 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 1_2_062355A0 |
1_2_062355A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 1_2_06237F80 |
1_2_06237F80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 1_2_06235148 |
1_2_06235148 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 1_2_06260040 |
1_2_06260040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 1_2_06266BA8 |
1_2_06266BA8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Code function: 1_2_06264940 |
1_2_06264940 |
Source: C:\Users\user\Desktop\BL-SHIPPING DOCUMENTS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\BL-SHIPPING DOCUMENTS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\BL-SHIPPING DOCUMENTS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\BL-SHIPPING DOCUMENTS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\BL-SHIPPING DOCUMENTS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\BL-SHIPPING DOCUMENTS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\BL-SHIPPING DOCUMENTS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\BL-SHIPPING DOCUMENTS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\BL-SHIPPING DOCUMENTS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\BL-SHIPPING DOCUMENTS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\BL-SHIPPING DOCUMENTS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\BL-SHIPPING DOCUMENTS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\BL-SHIPPING DOCUMENTS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\BL-SHIPPING DOCUMENTS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\BL-SHIPPING DOCUMENTS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\BL-SHIPPING DOCUMENTS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\BL-SHIPPING DOCUMENTS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\BL-SHIPPING DOCUMENTS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\BL-SHIPPING DOCUMENTS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\BL-SHIPPING DOCUMENTS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\BL-SHIPPING DOCUMENTS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\BL-SHIPPING DOCUMENTS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\BL-SHIPPING DOCUMENTS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\BL-SHIPPING DOCUMENTS.exe |
Queries volume information: C:\Users\user\Desktop\BL-SHIPPING DOCUMENTS.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |