Source: | Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.pdb source: CasPol.exe, 0000000B.00000002.1880395156.0000000036380000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Xml.ni.pdb source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: @cn.pdb source: CasPol.exe, 0000000B.00000002.1875353906.0000000033F87000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: System.ni.pdbRSDS source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: mscorlib.pdb| source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: Microsoft.VisualBasic.pdb)Q source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\net6.0-Release\System.Reflection.Primitives.pdb source: System.Reflection.Primitives.dll.0.dr |
Source: | Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\net6.0-Release\System.Reflection.Primitives.pdb8+N+ @+_CorDllMainmscoree.dll source: System.Reflection.Primitives.dll.0.dr |
Source: | Binary string: System.Reflection.TypeExtensions.ni.pdb source: System.Reflection.TypeExtensions.dll.0.dr |
Source: | Binary string: C:\Windows\caspol.pdbpdbpol.pdb source: CasPol.exe, 0000000B.00000002.1880395156.0000000036380000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Configuration.ni.pdb source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: \??\C:\Windows\exe\caspol.pdby33o source: CasPol.exe, 0000000B.00000002.1880395156.0000000036380000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\symbols\exe\caspol.pdb source: CasPol.exe, 0000000B.00000002.1859898012.0000000003AEF000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Configuration.pdb source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: \??\C:\Windows\symbols\exe\caspol.pdbd source: CasPol.exe, 0000000B.00000002.1859898012.0000000003AEF000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Xml.pdb source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: System.pdb source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: System.Xml.ni.pdbRSDS# source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: ;6##.pdb source: CasPol.exe, 0000000B.00000002.1875353906.0000000033F87000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: Microsoft.VisualBasic.pdb source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: System.Core.ni.pdb source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: System.Windows.Forms.pdb source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: mscorlib.pdb source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: mscorlib.ni.pdbRSDSrMV9 source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.pdbGhY source: CasPol.exe, 0000000B.00000002.1880395156.0000000036380000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Windows.Forms.pdbp source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: mscorlib.ni.pdb source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: bwcaspol.PDB 8: source: CasPol.exe, 0000000B.00000002.1875353906.0000000033F87000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: caspol.pdb source: CasPol.exe, 0000000B.00000002.1880395156.0000000036380000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Core.pdb source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.TypeExtensions\net6.0-Release\System.Reflection.TypeExtensions.pdb source: System.Reflection.TypeExtensions.dll.0.dr |
Source: | Binary string: System.Configuration.ni.pdbRSDScUN source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: \??\C:\Windows\caspol.pdb source: CasPol.exe, 0000000B.00000002.1880395156.0000000036380000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ?cnC:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.pdb source: CasPol.exe, 0000000B.00000002.1875353906.0000000033F87000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.PDBFiV source: CasPol.exe, 0000000B.00000002.1880395156.0000000036380000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.ni.pdb source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: System.pdbSystem.Core.dll source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: 3symbols\exe\caspol.pdb source: CasPol.exe, 0000000B.00000002.1875353906.0000000033F87000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: 96HPWn,C:\Windows\caspol.pdb source: CasPol.exe, 0000000B.00000002.1875353906.0000000033F87000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: System.Core.ni.pdbRSDS source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: caspol.pdbcaspol.pdbpdbpol.pdb\v4.0.30319\caspol.pdbp source: CasPol.exe, 0000000B.00000002.1875353906.0000000033F87000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\exe\caspol.pdb source: CasPol.exe, 0000000B.00000002.1880395156.0000000036380000.00000004.00000020.00020000.00000000.sdmp |
Source: CasPol.exe, 0000000B.00000002.1876903989.00000000342A5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://checkip.dyndns.com |
Source: CasPol.exe, 0000000B.00000002.1876903989.0000000034291000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.1876903989.00000000342A5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://checkip.dyndns.org |
Source: CasPol.exe, 0000000B.00000002.1876903989.00000000341E1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://checkip.dyndns.org/ |
Source: battery-level-90-charging-symbolic.svg.0.dr | String found in binary or memory: http://creativecommons.org/licenses/by-sa/4.0/ |
Source: battery-level-90-charging-symbolic.svg.0.dr | String found in binary or memory: http://creativecommons.org/ns# |
Source: battery-level-90-charging-symbolic.svg.0.dr | String found in binary or memory: http://creativecommons.org/ns#Attribution |
Source: battery-level-90-charging-symbolic.svg.0.dr | String found in binary or memory: http://creativecommons.org/ns#DerivativeWorks |
Source: battery-level-90-charging-symbolic.svg.0.dr | String found in binary or memory: http://creativecommons.org/ns#Distribution |
Source: battery-level-90-charging-symbolic.svg.0.dr | String found in binary or memory: http://creativecommons.org/ns#Notice |
Source: battery-level-90-charging-symbolic.svg.0.dr | String found in binary or memory: http://creativecommons.org/ns#Reproduction |
Source: battery-level-90-charging-symbolic.svg.0.dr | String found in binary or memory: http://creativecommons.org/ns#ShareAlike |
Source: rFACTURA_FAC_2023_1-1000733.PDF.exe | String found in binary or memory: http://crl.certum.pl/ctnca.crl0k |
Source: rFACTURA_FAC_2023_1-1000733.PDF.exe | String found in binary or memory: http://crl.certum.pl/ctnca2.crl0l |
Source: rFACTURA_FAC_2023_1-1000733.PDF.exe | String found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o |
Source: CasPol.exe, 0000000B.00000003.1385137269.0000000003A94000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: CasPol.exe, 0000000B.00000003.1385137269.0000000003A94000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.1389269538.0000000003AAA000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.1859898012.0000000003AA9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: rFACTURA_FAC_2023_1-1000733.PDF.exe | String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: rFACTURA_FAC_2023_1-1000733.PDF.exe | String found in binary or memory: http://repository.certum.pl/ctnca.cer09 |
Source: rFACTURA_FAC_2023_1-1000733.PDF.exe | String found in binary or memory: http://repository.certum.pl/ctnca2.cer09 |
Source: rFACTURA_FAC_2023_1-1000733.PDF.exe | String found in binary or memory: http://repository.certum.pl/ctsca2021.cer0 |
Source: CasPol.exe, 0000000B.00000002.1876903989.00000000341E1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: rFACTURA_FAC_2023_1-1000733.PDF.exe | String found in binary or memory: http://subca.ocsp-certum.com01 |
Source: rFACTURA_FAC_2023_1-1000733.PDF.exe | String found in binary or memory: http://subca.ocsp-certum.com02 |
Source: rFACTURA_FAC_2023_1-1000733.PDF.exe | String found in binary or memory: http://subca.ocsp-certum.com05 |
Source: Amcache.hve.LOG1.15.dr, Amcache.hve.15.dr | String found in binary or memory: http://upx.sf.net |
Source: rFACTURA_FAC_2023_1-1000733.PDF.exe | String found in binary or memory: http://www.certum.pl/CPS0 |
Source: CasPol.exe, 0000000B.00000003.1385137269.0000000003AC6000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.1385837889.0000000003AD9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external |
Source: CasPol.exe, 0000000B.00000002.1859898012.0000000003A59000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.1389269538.0000000003AC0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://doc-0s-a8-docs.googleusercontent.com/ |
Source: CasPol.exe, 0000000B.00000002.1859898012.0000000003A59000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://doc-0s-a8-docs.googleusercontent.com/# |
Source: CasPol.exe, 0000000B.00000003.1385137269.0000000003AC6000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.1859898012.0000000003A90000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.1389269538.0000000003A90000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.1385837889.0000000003AD9000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.1859898012.0000000003A78000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://doc-0s-a8-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/mjejjps3 |
Source: CasPol.exe, 0000000B.00000002.1859898012.0000000003A1B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://drive.google.com/2 |
Source: CasPol.exe, 0000000B.00000002.1859898012.0000000003A1B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://drive.google.com/j |
Source: CasPol.exe, 0000000B.00000002.1859898012.0000000003A59000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.1859898012.0000000003A1B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://drive.google.com/uc?export=download&id=1XARcr4sm_5_dvnsnsVtsDOfjHfua_08k |
Source: CasPol.exe, 0000000B.00000002.1859898012.0000000003A1B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://drive.google.com/uc?export=download&id=1XARcr4sm_5_dvnsnsVtsDOfjHfua_08kQ |
Source: CasPol.exe, 0000000B.00000002.1859898012.0000000003A59000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://drive.google.com/uc?export=download&id=1XARcr4sm_5_dvnsnsVtsDOfjHfua_08ktsv |
Source: rFACTURA_FAC_2023_1-1000733.PDF.exe, 00000000.00000002.1411917018.0000000000789000.00000004.00000001.01000000.00000003.sdmp, System.Reflection.Primitives.dll.0.dr, System.Reflection.TypeExtensions.dll.0.dr | String found in binary or memory: https://github.com/dotnet/runtime |
Source: rFACTURA_FAC_2023_1-1000733.PDF.exe, 00000000.00000002.1411917018.0000000000789000.00000004.00000001.01000000.00000003.sdmp, System.Reflection.TypeExtensions.dll.0.dr | String found in binary or memory: https://github.com/dotnet/runtimeBSJB |
Source: C:\Users\user\Desktop\rFACTURA_FAC_2023_1-1000733.PDF.exe | Code function: 0_2_00405402 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,LdrInitializeThunk,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,LdrInitializeThunk,SendMessageW,CreatePopupMenu,LdrInitializeThunk,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, |
Source: C:\Users\user\Desktop\rFACTURA_FAC_2023_1-1000733.PDF.exe | Code function: 0_2_00403350 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess, |
Source: C:\Users\user\Desktop\rFACTURA_FAC_2023_1-1000733.PDF.exe | Code function: 0_2_00404C3F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 11_2_341934F2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 11_2_34196DDF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 11_2_34194858 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 11_2_341920D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 11_2_341962EF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 11_2_34196300 |
Source: C:\Users\user\Desktop\rFACTURA_FAC_2023_1-1000733.PDF.exe | Code function: 0_2_00403350 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess, |
Source: | Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.pdb source: CasPol.exe, 0000000B.00000002.1880395156.0000000036380000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Xml.ni.pdb source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: @cn.pdb source: CasPol.exe, 0000000B.00000002.1875353906.0000000033F87000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: System.ni.pdbRSDS source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: mscorlib.pdb| source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: Microsoft.VisualBasic.pdb)Q source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\net6.0-Release\System.Reflection.Primitives.pdb source: System.Reflection.Primitives.dll.0.dr |
Source: | Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\net6.0-Release\System.Reflection.Primitives.pdb8+N+ @+_CorDllMainmscoree.dll source: System.Reflection.Primitives.dll.0.dr |
Source: | Binary string: System.Reflection.TypeExtensions.ni.pdb source: System.Reflection.TypeExtensions.dll.0.dr |
Source: | Binary string: C:\Windows\caspol.pdbpdbpol.pdb source: CasPol.exe, 0000000B.00000002.1880395156.0000000036380000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Configuration.ni.pdb source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: \??\C:\Windows\exe\caspol.pdby33o source: CasPol.exe, 0000000B.00000002.1880395156.0000000036380000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\symbols\exe\caspol.pdb source: CasPol.exe, 0000000B.00000002.1859898012.0000000003AEF000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Configuration.pdb source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: \??\C:\Windows\symbols\exe\caspol.pdbd source: CasPol.exe, 0000000B.00000002.1859898012.0000000003AEF000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Xml.pdb source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: System.pdb source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: System.Xml.ni.pdbRSDS# source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: ;6##.pdb source: CasPol.exe, 0000000B.00000002.1875353906.0000000033F87000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: Microsoft.VisualBasic.pdb source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: System.Core.ni.pdb source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: System.Windows.Forms.pdb source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: mscorlib.pdb source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: mscorlib.ni.pdbRSDSrMV9 source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.pdbGhY source: CasPol.exe, 0000000B.00000002.1880395156.0000000036380000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Windows.Forms.pdbp source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: mscorlib.ni.pdb source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: bwcaspol.PDB 8: source: CasPol.exe, 0000000B.00000002.1875353906.0000000033F87000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: caspol.pdb source: CasPol.exe, 0000000B.00000002.1880395156.0000000036380000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Core.pdb source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.TypeExtensions\net6.0-Release\System.Reflection.TypeExtensions.pdb source: System.Reflection.TypeExtensions.dll.0.dr |
Source: | Binary string: System.Configuration.ni.pdbRSDScUN source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: \??\C:\Windows\caspol.pdb source: CasPol.exe, 0000000B.00000002.1880395156.0000000036380000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ?cnC:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.pdb source: CasPol.exe, 0000000B.00000002.1875353906.0000000033F87000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.PDBFiV source: CasPol.exe, 0000000B.00000002.1880395156.0000000036380000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.ni.pdb source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: System.pdbSystem.Core.dll source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: 3symbols\exe\caspol.pdb source: CasPol.exe, 0000000B.00000002.1875353906.0000000033F87000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: 96HPWn,C:\Windows\caspol.pdb source: CasPol.exe, 0000000B.00000002.1875353906.0000000033F87000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: System.Core.ni.pdbRSDS source: WER2B2E.tmp.dmp.15.dr |
Source: | Binary string: caspol.pdbcaspol.pdbpdbpol.pdb\v4.0.30319\caspol.pdbp source: CasPol.exe, 0000000B.00000002.1875353906.0000000033F87000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\exe\caspol.pdb source: CasPol.exe, 0000000B.00000002.1880395156.0000000036380000.00000004.00000020.00020000.00000000.sdmp |
Source: C:\Users\user\Desktop\rFACTURA_FAC_2023_1-1000733.PDF.exe | Code function: 0_2_10002DE0 push eax; ret |
Source: C:\Users\user\Desktop\rFACTURA_FAC_2023_1-1000733.PDF.exe | Code function: 0_2_048B4C0D push edi; iretd |
Source: C:\Users\user\Desktop\rFACTURA_FAC_2023_1-1000733.PDF.exe | Code function: 0_2_048B4C15 push edi; iretd |
Source: C:\Users\user\Desktop\rFACTURA_FAC_2023_1-1000733.PDF.exe | Code function: 0_2_048B5A6C push cs; ret |
Source: C:\Users\user\Desktop\rFACTURA_FAC_2023_1-1000733.PDF.exe | Code function: 0_2_048B2072 push FFFFFF83h; retf |
Source: C:\Users\user\Desktop\rFACTURA_FAC_2023_1-1000733.PDF.exe | Code function: 0_2_048B7C71 push es; iretd |
Source: C:\Users\user\Desktop\rFACTURA_FAC_2023_1-1000733.PDF.exe | Code function: 0_2_048B4BAE push edi; iretd |
Source: C:\Users\user\Desktop\rFACTURA_FAC_2023_1-1000733.PDF.exe | Code function: 0_2_048B4BC1 push edi; iretd |
Source: C:\Users\user\Desktop\rFACTURA_FAC_2023_1-1000733.PDF.exe | Code function: 0_2_048B71FA push esi; ret |
Source: C:\Users\user\Desktop\rFACTURA_FAC_2023_1-1000733.PDF.exe | Code function: 0_2_048B7DFA pushfd ; retf |
Source: C:\Users\user\Desktop\rFACTURA_FAC_2023_1-1000733.PDF.exe | Code function: 0_2_048B4B26 push eax; retf |
Source: C:\Users\user\Desktop\rFACTURA_FAC_2023_1-1000733.PDF.exe | Code function: 0_2_048B0D3A pushad ; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 11_2_00FC7C71 push es; iretd |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 11_2_00FC2072 push FFFFFF83h; retf |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 11_2_00FC5A6C push cs; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 11_2_00FC4C15 push edi; iretd |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 11_2_00FC4C0D push edi; iretd |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 11_2_00FC71FA push esi; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 11_2_00FC7DFA pushfd ; retf |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 11_2_00FC4BC1 push edi; iretd |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 11_2_00FC4BAE push edi; iretd |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 11_2_00FC0D3A pushad ; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 11_2_00FC4B26 push eax; retf |
Source: C:\Users\user\Desktop\rFACTURA_FAC_2023_1-1000733.PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: rFACTURA_FAC_2023_1-1000733.PDF.exe, 00000000.00000002.1463555266.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.1862719819.00000000053F9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V Guest Shutdown Service |
Source: rFACTURA_FAC_2023_1-1000733.PDF.exe, 00000000.00000002.1463555266.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.1862719819.00000000053F9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V Remote Desktop Virtualization Service |
Source: CasPol.exe, 0000000B.00000002.1862719819.00000000053F9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: vmicshutdown |
Source: rFACTURA_FAC_2023_1-1000733.PDF.exe, 00000000.00000002.1463555266.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.1862719819.00000000053F9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V Volume Shadow Copy Requestor |
Source: rFACTURA_FAC_2023_1-1000733.PDF.exe, 00000000.00000002.1463555266.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.1862719819.00000000053F9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V PowerShell Direct Service |
Source: rFACTURA_FAC_2023_1-1000733.PDF.exe, 00000000.00000002.1463555266.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.1862719819.00000000053F9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V Time Synchronization Service |
Source: CasPol.exe, 0000000B.00000002.1862719819.00000000053F9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: vmicvss |
Source: CasPol.exe, 0000000B.00000002.1859898012.0000000003A1B000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.1859898012.0000000003A78000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW |
Source: Amcache.hve.15.dr | Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: rFACTURA_FAC_2023_1-1000733.PDF.exe, 00000000.00000002.1414281617.0000000000B58000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exea |
Source: rFACTURA_FAC_2023_1-1000733.PDF.exe, 00000000.00000002.1463555266.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.1862719819.00000000053F9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V Data Exchange Service |
Source: rFACTURA_FAC_2023_1-1000733.PDF.exe, 00000000.00000002.1414281617.0000000000B58000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe0 |
Source: rFACTURA_FAC_2023_1-1000733.PDF.exe, 00000000.00000002.1463555266.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.1862719819.00000000053F9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V Heartbeat Service |
Source: rFACTURA_FAC_2023_1-1000733.PDF.exe, 00000000.00000002.1463555266.0000000010059000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.1862719819.00000000053F9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V Guest Service Interface |
Source: CasPol.exe, 0000000B.00000002.1862719819.00000000053F9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: vmicheartbeat |
Source: C:\Users\user\Desktop\rFACTURA_FAC_2023_1-1000733.PDF.exe | Code function: 0_2_00403350 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess, |