Source: | Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.pdb source: CasPol.exe, 00000005.00000002.2497690963.0000000036968000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: @{n.pdb source: CasPol.exe, 00000005.00000002.2493152343.0000000034667000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: System.Xml.ni.pdb source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: System.ni.pdbRSDS source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: f4symbols\exe\caspol.pdb source: CasPol.exe, 00000005.00000002.2493152343.0000000034667000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: caspol.pdbcaspol.pdbpdbpol.pdb\v4.0.30319\caspol.pdb source: CasPol.exe, 00000005.00000002.2493152343.0000000034667000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\net6.0-Release\System.Reflection.Primitives.pdb source: System.Reflection.Primitives.dll.0.dr |
Source: | Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\net6.0-Release\System.Reflection.Primitives.pdb8+N+ @+_CorDllMainmscoree.dll source: System.Reflection.Primitives.dll.0.dr |
Source: | Binary string: System.Reflection.TypeExtensions.ni.pdb source: System.Reflection.TypeExtensions.dll.0.dr |
Source: | Binary string: C:\Windows\caspol.pdbpdbpol.pdb source: CasPol.exe, 00000005.00000002.2497690963.0000000036968000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.pdbb source: CasPol.exe, 00000005.00000002.2497690963.0000000036968000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: caspol.pdbR/ source: CasPol.exe, 00000005.00000002.2497690963.0000000036968000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Configuration.ni.pdb source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: ?{nC:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.pdb source: CasPol.exe, 00000005.00000002.2493152343.0000000034667000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: 6HPon,C:\Windows\caspol.pdb source: CasPol.exe, 00000005.00000002.2493152343.0000000034667000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\symbols\exe\caspol.pdb source: CasPol.exe, 00000005.00000002.2476781418.0000000004134000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\symbols\exe\caspol.pdbc source: CasPol.exe, 00000005.00000002.2476781418.0000000004134000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Configuration.pdb source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: System.Windows.Forms.pdb4v?t4v?t source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: System.Xml.pdb source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: ##.pdb source: CasPol.exe, 00000005.00000002.2493152343.0000000034667000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: System.pdb source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: System.Xml.ni.pdbRSDS# source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: System.Core.ni.pdb source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: Microsoft.VisualBasic.pdb source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: System.pdbTLIs source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: System.Windows.Forms.pdb source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: caspol.pdbloopback_0 source: CasPol.exe, 00000005.00000002.2497690963.0000000036968000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: mscorlib.pdb source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: mscorlib.ni.pdbRSDSrMV9 source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: mscorlib.ni.pdb source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: caspol.pdb source: CasPol.exe, 00000005.00000002.2476781418.0000000004134000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Core.pdb source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: \??\C:\Windows\caspol.pdb0 source: CasPol.exe, 00000005.00000002.2497690963.0000000036968000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.PDB5 source: CasPol.exe, 00000005.00000002.2497690963.0000000036968000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.TypeExtensions\net6.0-Release\System.Reflection.TypeExtensions.pdb source: System.Reflection.TypeExtensions.dll.0.dr |
Source: | Binary string: System.Configuration.ni.pdbRSDScUN source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: \??\C:\Windows\caspol.pdb source: CasPol.exe, 00000005.00000002.2497690963.0000000036968000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Xml.pdb@ source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: wcaspol.PDB 8 source: CasPol.exe, 00000005.00000002.2493152343.0000000034667000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: System.ni.pdb source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: System.Core.ni.pdbRSDS source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: \??\C:\Windows\exe\caspol.pdb source: CasPol.exe, 00000005.00000002.2497690963.0000000036968000.00000004.00000020.00020000.00000000.sdmp |
Source: CasPol.exe, 00000005.00000002.2494898818.000000003497D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://checkip.dyndns.com |
Source: CasPol.exe, 00000005.00000002.2494898818.000000003497D000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000005.00000002.2494898818.0000000034966000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://checkip.dyndns.org |
Source: CasPol.exe, 00000005.00000002.2494898818.00000000348C1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://checkip.dyndns.org/ |
Source: battery-level-90-charging-symbolic.svg.0.dr | String found in binary or memory: http://creativecommons.org/licenses/by-sa/4.0/ |
Source: battery-level-90-charging-symbolic.svg.0.dr | String found in binary or memory: http://creativecommons.org/ns# |
Source: battery-level-90-charging-symbolic.svg.0.dr | String found in binary or memory: http://creativecommons.org/ns#Attribution |
Source: battery-level-90-charging-symbolic.svg.0.dr | String found in binary or memory: http://creativecommons.org/ns#DerivativeWorks |
Source: battery-level-90-charging-symbolic.svg.0.dr | String found in binary or memory: http://creativecommons.org/ns#Distribution |
Source: battery-level-90-charging-symbolic.svg.0.dr | String found in binary or memory: http://creativecommons.org/ns#Notice |
Source: battery-level-90-charging-symbolic.svg.0.dr | String found in binary or memory: http://creativecommons.org/ns#Reproduction |
Source: battery-level-90-charging-symbolic.svg.0.dr | String found in binary or memory: http://creativecommons.org/ns#ShareAlike |
Source: rAEAT-AvisodeNotificaci__n.exe | String found in binary or memory: http://crl.certum.pl/ctnca.crl0k |
Source: rAEAT-AvisodeNotificaci__n.exe | String found in binary or memory: http://crl.certum.pl/ctnca2.crl0l |
Source: rAEAT-AvisodeNotificaci__n.exe | String found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o |
Source: CasPol.exe, 00000005.00000003.2000934593.00000000040FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: CasPol.exe, 00000005.00000003.2000934593.00000000040FE000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000005.00000002.2476781418.000000000410B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: rAEAT-AvisodeNotificaci__n.exe | String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: rAEAT-AvisodeNotificaci__n.exe | String found in binary or memory: http://repository.certum.pl/ctnca.cer09 |
Source: rAEAT-AvisodeNotificaci__n.exe | String found in binary or memory: http://repository.certum.pl/ctnca2.cer09 |
Source: rAEAT-AvisodeNotificaci__n.exe | String found in binary or memory: http://repository.certum.pl/ctsca2021.cer0 |
Source: CasPol.exe, 00000005.00000002.2494898818.00000000348C1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: rAEAT-AvisodeNotificaci__n.exe | String found in binary or memory: http://subca.ocsp-certum.com01 |
Source: rAEAT-AvisodeNotificaci__n.exe | String found in binary or memory: http://subca.ocsp-certum.com02 |
Source: rAEAT-AvisodeNotificaci__n.exe | String found in binary or memory: http://subca.ocsp-certum.com05 |
Source: Amcache.hve.LOG1.9.dr, Amcache.hve.9.dr | String found in binary or memory: http://upx.sf.net |
Source: rAEAT-AvisodeNotificaci__n.exe | String found in binary or memory: http://www.certum.pl/CPS0 |
Source: CasPol.exe, 00000005.00000002.2476781418.00000000040C7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://doc-08-as-docs.googleusercontent.com/ |
Source: CasPol.exe, 00000005.00000003.2000934593.00000000040FE000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000005.00000003.2005562805.0000000004134000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000005.00000002.2476781418.0000000004134000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000005.00000002.2476781418.00000000040C7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://doc-08-as-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/19pk727c |
Source: CasPol.exe, 00000005.00000002.2476781418.000000000406B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://drive.google.com/ |
Source: CasPol.exe, 00000005.00000002.2476781418.000000000406B000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000005.00000002.2492021767.0000000033910000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: https://drive.google.com/uc?export=download&id=1z2zMikfPb67TZJIo_lB5FRH6cO_UKsr4 |
Source: CasPol.exe, 00000005.00000002.2476781418.000000000406B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://drive.google.com/uc?export=download&id=1z2zMikfPb67TZJIo_lB5FRH6cO_UKsr4m |
Source: rAEAT-AvisodeNotificaci__n.exe, 00000000.00000002.2027970951.0000000000789000.00000004.00000001.01000000.00000003.sdmp, System.Reflection.Primitives.dll.0.dr, System.Reflection.TypeExtensions.dll.0.dr | String found in binary or memory: https://github.com/dotnet/runtime |
Source: rAEAT-AvisodeNotificaci__n.exe, 00000000.00000002.2027970951.0000000000789000.00000004.00000001.01000000.00000003.sdmp, System.Reflection.TypeExtensions.dll.0.dr | String found in binary or memory: https://github.com/dotnet/runtimeBSJB |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_00405402 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_00403350 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_00404C3F |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C069F |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C089A |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C0091 |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C04B3 |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C02C0 |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C00D0 |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C04EB |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C06E2 |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C02FB |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C0209 |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C0001 |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C0414 |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C0011 |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C0629 |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C0826 |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C023F |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C0444 |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C0053 |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C066C |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C0866 |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C047D |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C0279 |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C0986 |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C0196 |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C07DE |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C05DF |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C03D9 |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C01FD |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C0517 |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C0117 |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C0727 |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C033F |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C0551 |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C0769 |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C0377 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F302FB |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F306E2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F304EB |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F300D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F302C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F304B3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F30091 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F3089A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F3069F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F30279 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F3047D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F30866 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F3066C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F30053 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F30444 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F3023F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F30826 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F30629 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F30011 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F30414 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F30001 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F30209 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F301FD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F303D9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F305DF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F307DE |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F30196 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F30986 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F30377 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F30769 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F30551 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F3033F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F30727 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F30517 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F30117 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_348734F2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_34876DDF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_348720D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_34874858 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_348762EF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_34876300 |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_00403350 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
Source: | Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.pdb source: CasPol.exe, 00000005.00000002.2497690963.0000000036968000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: @{n.pdb source: CasPol.exe, 00000005.00000002.2493152343.0000000034667000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: System.Xml.ni.pdb source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: System.ni.pdbRSDS source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: f4symbols\exe\caspol.pdb source: CasPol.exe, 00000005.00000002.2493152343.0000000034667000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: caspol.pdbcaspol.pdbpdbpol.pdb\v4.0.30319\caspol.pdb source: CasPol.exe, 00000005.00000002.2493152343.0000000034667000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\net6.0-Release\System.Reflection.Primitives.pdb source: System.Reflection.Primitives.dll.0.dr |
Source: | Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\net6.0-Release\System.Reflection.Primitives.pdb8+N+ @+_CorDllMainmscoree.dll source: System.Reflection.Primitives.dll.0.dr |
Source: | Binary string: System.Reflection.TypeExtensions.ni.pdb source: System.Reflection.TypeExtensions.dll.0.dr |
Source: | Binary string: C:\Windows\caspol.pdbpdbpol.pdb source: CasPol.exe, 00000005.00000002.2497690963.0000000036968000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.pdbb source: CasPol.exe, 00000005.00000002.2497690963.0000000036968000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: caspol.pdbR/ source: CasPol.exe, 00000005.00000002.2497690963.0000000036968000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Configuration.ni.pdb source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: ?{nC:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.pdb source: CasPol.exe, 00000005.00000002.2493152343.0000000034667000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: 6HPon,C:\Windows\caspol.pdb source: CasPol.exe, 00000005.00000002.2493152343.0000000034667000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\symbols\exe\caspol.pdb source: CasPol.exe, 00000005.00000002.2476781418.0000000004134000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\symbols\exe\caspol.pdbc source: CasPol.exe, 00000005.00000002.2476781418.0000000004134000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Configuration.pdb source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: System.Windows.Forms.pdb4v?t4v?t source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: System.Xml.pdb source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: ##.pdb source: CasPol.exe, 00000005.00000002.2493152343.0000000034667000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: System.pdb source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: System.Xml.ni.pdbRSDS# source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: System.Core.ni.pdb source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: Microsoft.VisualBasic.pdb source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: System.pdbTLIs source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: System.Windows.Forms.pdb source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: caspol.pdbloopback_0 source: CasPol.exe, 00000005.00000002.2497690963.0000000036968000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: mscorlib.pdb source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: mscorlib.ni.pdbRSDSrMV9 source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: mscorlib.ni.pdb source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: caspol.pdb source: CasPol.exe, 00000005.00000002.2476781418.0000000004134000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Core.pdb source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: \??\C:\Windows\caspol.pdb0 source: CasPol.exe, 00000005.00000002.2497690963.0000000036968000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.PDB5 source: CasPol.exe, 00000005.00000002.2497690963.0000000036968000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.TypeExtensions\net6.0-Release\System.Reflection.TypeExtensions.pdb source: System.Reflection.TypeExtensions.dll.0.dr |
Source: | Binary string: System.Configuration.ni.pdbRSDScUN source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: \??\C:\Windows\caspol.pdb source: CasPol.exe, 00000005.00000002.2497690963.0000000036968000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Xml.pdb@ source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: wcaspol.PDB 8 source: CasPol.exe, 00000005.00000002.2493152343.0000000034667000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: System.ni.pdb source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: System.Core.ni.pdbRSDS source: WER3F32.tmp.dmp.9.dr |
Source: | Binary string: \??\C:\Windows\exe\caspol.pdb source: CasPol.exe, 00000005.00000002.2497690963.0000000036968000.00000004.00000020.00020000.00000000.sdmp |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_10002DE0 push eax; ret |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C508C push bx; retf |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C828D push BC5D77DBh; iretd |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C6497 push es; retf |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C5AB1 push es; iretd |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C7AC5 push eax; iretd |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C50EC push bx; retf |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C68E7 push es; iretd |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C50F5 push bx; retf |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C6409 push es; retf |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C81D4 push cs; iretd |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C81E3 push cs; retf |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C572D push ecx; iretd |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_048C8343 push 6F430E00h; retf |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F350F5 push bx; retf |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F368E7 push es; iretd |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F350EC push bx; retf |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F37AC5 push eax; iretd |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F35AB1 push es; iretd |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F36497 push es; retf |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F3828D push BC5D77DBh; iretd |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F3508C push bx; retf |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F36409 push es; retf |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F381E3 push cs; retf |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F381D4 push cs; iretd |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F38343 push 6F430E00h; retf |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 5_2_00F3572D push ecx; iretd |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: rAEAT-AvisodeNotificaci__n.exe, 00000000.00000002.2083714063.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000005.00000002.2479913570.0000000005A49000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V Guest Shutdown Service |
Source: rAEAT-AvisodeNotificaci__n.exe, 00000000.00000002.2083714063.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000005.00000002.2479913570.0000000005A49000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V Remote Desktop Virtualization Service |
Source: CasPol.exe, 00000005.00000002.2479913570.0000000005A49000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: vmicshutdown |
Source: rAEAT-AvisodeNotificaci__n.exe, 00000000.00000002.2083714063.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000005.00000002.2479913570.0000000005A49000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V Volume Shadow Copy Requestor |
Source: rAEAT-AvisodeNotificaci__n.exe, 00000000.00000002.2083714063.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000005.00000002.2479913570.0000000005A49000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V PowerShell Direct Service |
Source: rAEAT-AvisodeNotificaci__n.exe, 00000000.00000002.2029819324.0000000000B38000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe0^ |
Source: CasPol.exe, 00000005.00000002.2476781418.000000000406B000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW@U |
Source: rAEAT-AvisodeNotificaci__n.exe, 00000000.00000002.2083714063.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000005.00000002.2479913570.0000000005A49000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V Time Synchronization Service |
Source: CasPol.exe, 00000005.00000002.2479913570.0000000005A49000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: vmicvss |
Source: CasPol.exe, 00000005.00000002.2476781418.00000000040C7000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW |
Source: Amcache.hve.9.dr | Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: CasPol.exe, 00000005.00000002.2476781418.00000000040C7000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAWt` |
Source: rAEAT-AvisodeNotificaci__n.exe, 00000000.00000002.2083714063.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000005.00000002.2479913570.0000000005A49000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V Data Exchange Service |
Source: rAEAT-AvisodeNotificaci__n.exe, 00000000.00000002.2083714063.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000005.00000002.2479913570.0000000005A49000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V Heartbeat Service |
Source: rAEAT-AvisodeNotificaci__n.exe, 00000000.00000002.2083714063.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000005.00000002.2479913570.0000000005A49000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V Guest Service Interface |
Source: rAEAT-AvisodeNotificaci__n.exe, 00000000.00000002.2029819324.0000000000B38000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: CasPol.exe, 00000005.00000002.2479913570.0000000005A49000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: vmicheartbeat |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_00403D1B SetWindowPos,ShowWindow,DestroyWindow,SetWindowLongW,GetDlgItem,SendMessageW,IsWindowEnabled,LdrInitializeThunk,SendMessageW,GetDlgItem,GetDlgItem,GetDlgItem,SetClassLongW,SendMessageW,LdrInitializeThunk,GetDlgItem,ShowWindow,KiUserCallbackDispatcher,EnableWindow,GetSystemMenu,EnableMenuItem,SendMessageW,SendMessageW,SendMessageW,lstrlenW,SetWindowTextW,DestroyWindow,CreateDialogParamW,GetDlgItem,GetWindowRect,ScreenToClient,SetWindowPos,ShowWindow,DestroyWindow,EndDialog,ShowWindow, |
Source: C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe | Code function: 0_2_00403350 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |