Source: | Binary string: \??\C:\Windows\mscorlib.pdbJ source: vsl particulars packing list.exe, 00000000.00000002.1793149895.000001CD56988000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: Microsoft.VisualBasic.ni.pdb source: WER9CA2.tmp.dmp.4.dr |
Source: | Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdb2 source: vsl particulars packing list.exe, 00000000.00000002.1793149895.000001CD56988000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.ni.pdbRSDS source: WER9CA2.tmp.dmp.4.dr |
Source: | Binary string: pC:\Users\user\Desktop\vsl particulars packing list.PDB source: vsl particulars packing list.exe, 00000000.00000002.1792963395.000000C085F53000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdbl source: vsl particulars packing list.exe, 00000000.00000002.1793149895.000001CD56988000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: indows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbD402B source: vsl particulars packing list.exe, 00000000.00000002.1793149895.000001CD56924000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: mscorlib.ni.pdbRSDS7^3l source: WER9CA2.tmp.dmp.4.dr |
Source: | Binary string: Microsoft.VisualBasic.ni.pdbRSDS& source: WER9CA2.tmp.dmp.4.dr |
Source: | Binary string: \??\C:\Windows\dll\mscorlib.pdb- source: vsl particulars packing list.exe, 00000000.00000002.1793149895.000001CD56988000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\vsl particulars packing list.PDB source: vsl particulars packing list.exe, 00000000.00000002.1793149895.000001CD56924000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.pdb source: WER9CA2.tmp.dmp.4.dr |
Source: | Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdb source: vsl particulars packing list.exe, 00000000.00000002.1793149895.000001CD56924000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Users\user\Desktop\vsl particulars packing list.PDB source: vsl particulars packing list.exe, 00000000.00000002.1792963395.000000C085F53000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: Microsoft.VisualBasic.pdb source: WER9CA2.tmp.dmp.4.dr |
Source: | Binary string: System.Core.ni.pdb source: WER9CA2.tmp.dmp.4.dr |
Source: | Binary string: mscorlib.pdb source: WER9CA2.tmp.dmp.4.dr |
Source: | Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdbe source: vsl particulars packing list.exe, 00000000.00000002.1793149895.000001CD56924000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: vsl particulars packing list.PDB source: vsl particulars packing list.exe, 00000000.00000002.1792963395.000000C085F53000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdb3aF source: vsl particulars packing list.exe, 00000000.00000002.1793149895.000001CD56988000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: mscorlib.ni.pdb source: WER9CA2.tmp.dmp.4.dr |
Source: | Binary string: \??\C:\Windows\mscorlib.pdb source: vsl particulars packing list.exe, 00000000.00000002.1793149895.000001CD56988000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Core.pdb source: WER9CA2.tmp.dmp.4.dr |
Source: | Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdbnA source: vsl particulars packing list.exe, 00000000.00000002.1793149895.000001CD56988000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.ni.pdb source: WER9CA2.tmp.dmp.4.dr |
Source: | Binary string: System.Core.ni.pdbRSDS source: WER9CA2.tmp.dmp.4.dr |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4x nop then jmp 02E3F1F6h | 1_2_02E3F007 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4x nop then jmp 02E3FB80h | 1_2_02E3F007 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h | 1_2_02E3E528 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h | 1_2_02E3EB5B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h | 1_2_02E3ED3C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4x nop then jmp 06A38945h | 1_2_06A38608 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4x nop then jmp 06A36171h | 1_2_06A35EC8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4x nop then lea esp, dword ptr [ebp-04h] | 1_2_06A336CE |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4x nop then jmp 06A358C1h | 1_2_06A35618 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4x nop then jmp 06A36A21h | 1_2_06A36778 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4x nop then jmp 06A37751h | 1_2_06A374A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4x nop then jmp 06A30741h | 1_2_06A30498 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4x nop then jmp 06A30FF1h | 1_2_06A30D48 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4x nop then jmp 06A38001h | 1_2_06A37D58 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4x nop then jmp 06A35D19h | 1_2_06A35A70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4x nop then lea esp, dword ptr [ebp-04h] | 1_2_06A333A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4x nop then lea esp, dword ptr [ebp-04h] | 1_2_06A333B8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4x nop then jmp 06A36E79h | 1_2_06A36BD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4x nop then jmp 06A365C9h | 1_2_06A36320 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4x nop then jmp 06A30B99h | 1_2_06A308F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4x nop then jmp 06A302E9h | 1_2_06A30040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4x nop then jmp 06A372FAh | 1_2_06A37050 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4x nop then jmp 06A38459h | 1_2_06A381B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4x nop then jmp 06A35441h | 1_2_06A35198 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 4x nop then jmp 06A37BA9h | 1_2_06A37900 |
Source: CasPol.exe, 00000001.00000002.4124784571.0000000003462000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.00000000033FE000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.0000000003426000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.000000000336A000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.0000000003419000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.0000000003454000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.000000000340B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://checkip.dyndns.com |
Source: CasPol.exe, 00000001.00000002.4124784571.0000000003462000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.00000000033FE000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.00000000033AD000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.0000000003358000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.0000000003426000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.000000000336A000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.0000000003419000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.0000000003434000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.0000000003454000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.000000000340B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://checkip.dyndns.org |
Source: CasPol.exe, 00000001.00000002.4124784571.00000000032A1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://checkip.dyndns.org/ |
Source: vsl particulars packing list.exe, 00000000.00000002.1794048953.000001CD68577000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4123958072.0000000000402000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: http://checkip.dyndns.org/q |
Source: CasPol.exe, 00000001.00000002.4124784571.0000000003462000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.00000000033FE000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.0000000003426000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.0000000003419000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.0000000003454000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.000000000340B000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.0000000003383000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://reallyfreegeoip.org |
Source: CasPol.exe, 00000001.00000002.4124784571.00000000032A1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: Amcache.hve.4.dr | String found in binary or memory: http://upx.sf.net |
Source: CasPol.exe, 00000001.00000002.4124784571.0000000003462000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.00000000033FE000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.00000000033AD000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.0000000003426000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.000000000336A000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.0000000003419000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.0000000003454000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.000000000340B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://reallyfreegeoip.org |
Source: vsl particulars packing list.exe, 00000000.00000002.1794048953.000001CD68577000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4123958072.0000000000402000.00000040.00000400.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.000000000336A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://reallyfreegeoip.org/xml/ |
Source: CasPol.exe, 00000001.00000002.4124784571.000000000340B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33 |
Source: CasPol.exe, 00000001.00000002.4124784571.0000000003462000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.00000000033FE000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.00000000033AD000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.0000000003426000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.0000000003419000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.0000000003454000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000001.00000002.4124784571.000000000340B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33$ |
Source: 1.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 1.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 1.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 1.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 0.2.vsl particulars packing list.exe.1cd6860d828.4.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.vsl particulars packing list.exe.1cd6860d828.4.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.vsl particulars packing list.exe.1cd6860d828.4.unpack, type: UNPACKEDPE | Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.vsl particulars packing list.exe.1cd6860d828.4.unpack, type: UNPACKEDPE | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 0.2.vsl particulars packing list.exe.1cd6862e270.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.vsl particulars packing list.exe.1cd6862e270.2.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.vsl particulars packing list.exe.1cd6862e270.2.unpack, type: UNPACKEDPE | Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.vsl particulars packing list.exe.1cd6862e270.2.unpack, type: UNPACKEDPE | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 0.2.vsl particulars packing list.exe.1cd6862e270.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.vsl particulars packing list.exe.1cd6862e270.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.vsl particulars packing list.exe.1cd6862e270.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.vsl particulars packing list.exe.1cd6862e270.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 0.2.vsl particulars packing list.exe.1cd6860d828.4.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.vsl particulars packing list.exe.1cd6860d828.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.vsl particulars packing list.exe.1cd6860d828.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.vsl particulars packing list.exe.1cd6860d828.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 00000001.00000002.4123958072.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000001.00000002.4123958072.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 00000000.00000002.1794048953.000001CD68577000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000000.00000002.1794048953.000001CD68577000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: Process Memory Space: vsl particulars packing list.exe PID: 4888, type: MEMORYSTR | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: vsl particulars packing list.exe PID: 4888, type: MEMORYSTR | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: Process Memory Space: CasPol.exe PID: 6712, type: MEMORYSTR | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: CasPol.exe PID: 6712, type: MEMORYSTR | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Code function: 0_2_00007FFD9B8A4370 | 0_2_00007FFD9B8A4370 |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Code function: 0_2_00007FFD9B898390 | 0_2_00007FFD9B898390 |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Code function: 0_2_00007FFD9B898388 | 0_2_00007FFD9B898388 |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Code function: 0_2_00007FFD9B89B310 | 0_2_00007FFD9B89B310 |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Code function: 0_2_00007FFD9B89E279 | 0_2_00007FFD9B89E279 |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Code function: 0_2_00007FFD9B8937DC | 0_2_00007FFD9B8937DC |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Code function: 0_2_00007FFD9B89B6F1 | 0_2_00007FFD9B89B6F1 |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Code function: 0_2_00007FFD9B891608 | 0_2_00007FFD9B891608 |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Code function: 0_2_00007FFD9B8A43C9 | 0_2_00007FFD9B8A43C9 |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Code function: 0_2_00007FFD9B89FA0F | 0_2_00007FFD9B89FA0F |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Code function: 0_2_00007FFD9B9600D6 | 0_2_00007FFD9B9600D6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_02E3B328 | 1_2_02E3B328 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_02E3F007 | 1_2_02E3F007 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_02E3C190 | 1_2_02E3C190 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_02E36108 | 1_2_02E36108 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_02E3C752 | 1_2_02E3C752 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_02E3C470 | 1_2_02E3C470 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_02E34AD9 | 1_2_02E34AD9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_02E3CA32 | 1_2_02E3CA32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_02E3BBD2 | 1_2_02E3BBD2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_02E36880 | 1_2_02E36880 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_02E39858 | 1_2_02E39858 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_02E3BEB0 | 1_2_02E3BEB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_02E3B4F2 | 1_2_02E3B4F2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_02E33572 | 1_2_02E33572 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_02E3E528 | 1_2_02E3E528 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_02E3E517 | 1_2_02E3E517 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A3B6E8 | 1_2_06A3B6E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A38608 | 1_2_06A38608 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A3D670 | 1_2_06A3D670 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A3A408 | 1_2_06A3A408 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A3BD38 | 1_2_06A3BD38 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A3AA58 | 1_2_06A3AA58 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A3C388 | 1_2_06A3C388 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A38B58 | 1_2_06A38B58 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A3B0A0 | 1_2_06A3B0A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A3D028 | 1_2_06A3D028 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A311A0 | 1_2_06A311A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A3C9D8 | 1_2_06A3C9D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A35EB8 | 1_2_06A35EB8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A35EC8 | 1_2_06A35EC8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A3B6D8 | 1_2_06A3B6D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A3560B | 1_2_06A3560B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A35618 | 1_2_06A35618 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A3D663 | 1_2_06A3D663 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A33730 | 1_2_06A33730 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A3676B | 1_2_06A3676B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A36778 | 1_2_06A36778 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A374A8 | 1_2_06A374A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A30488 | 1_2_06A30488 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A37497 | 1_2_06A37497 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A30498 | 1_2_06A30498 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A34430 | 1_2_06A34430 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A385FC | 1_2_06A385FC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A3BD28 | 1_2_06A3BD28 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A30D39 | 1_2_06A30D39 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A30D48 | 1_2_06A30D48 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A37D48 | 1_2_06A37D48 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A37D58 | 1_2_06A37D58 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A35A60 | 1_2_06A35A60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A35A70 | 1_2_06A35A70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A3AA48 | 1_2_06A3AA48 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A333A8 | 1_2_06A333A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A333B8 | 1_2_06A333B8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A3A3F8 | 1_2_06A3A3F8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A36BC1 | 1_2_06A36BC1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A36BD0 | 1_2_06A36BD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A36320 | 1_2_06A36320 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A36313 | 1_2_06A36313 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A3C379 | 1_2_06A3C379 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A3B093 | 1_2_06A3B093 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A308E0 | 1_2_06A308E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A308F0 | 1_2_06A308F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A378F0 | 1_2_06A378F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A30007 | 1_2_06A30007 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A32807 | 1_2_06A32807 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A32818 | 1_2_06A32818 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A3D018 | 1_2_06A3D018 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A30040 | 1_2_06A30040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A37040 | 1_2_06A37040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A37050 | 1_2_06A37050 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A381A0 | 1_2_06A381A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A381B0 | 1_2_06A381B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A3518B | 1_2_06A3518B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A31191 | 1_2_06A31191 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A35198 | 1_2_06A35198 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A3C9C8 | 1_2_06A3C9C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Code function: 1_2_06A37900 | 1_2_06A37900 |
Source: 1.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 1.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 1.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 1.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.vsl particulars packing list.exe.1cd6860d828.4.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.vsl particulars packing list.exe.1cd6860d828.4.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.vsl particulars packing list.exe.1cd6860d828.4.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.vsl particulars packing list.exe.1cd6860d828.4.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.vsl particulars packing list.exe.1cd6862e270.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.vsl particulars packing list.exe.1cd6862e270.2.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.vsl particulars packing list.exe.1cd6862e270.2.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.vsl particulars packing list.exe.1cd6862e270.2.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.vsl particulars packing list.exe.1cd6862e270.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.vsl particulars packing list.exe.1cd6862e270.2.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.vsl particulars packing list.exe.1cd6862e270.2.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.vsl particulars packing list.exe.1cd6862e270.2.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.vsl particulars packing list.exe.1cd6860d828.4.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.vsl particulars packing list.exe.1cd6860d828.4.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.vsl particulars packing list.exe.1cd6860d828.4.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.vsl particulars packing list.exe.1cd6860d828.4.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 00000001.00000002.4123958072.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000001.00000002.4123958072.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 00000000.00000002.1794048953.000001CD68577000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000000.00000002.1794048953.000001CD68577000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: Process Memory Space: vsl particulars packing list.exe PID: 4888, type: MEMORYSTR | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: vsl particulars packing list.exe PID: 4888, type: MEMORYSTR | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: Process Memory Space: CasPol.exe PID: 6712, type: MEMORYSTR | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: CasPol.exe PID: 6712, type: MEMORYSTR | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: rasapi32.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: rtutils.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: schannel.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: | Binary string: \??\C:\Windows\mscorlib.pdbJ source: vsl particulars packing list.exe, 00000000.00000002.1793149895.000001CD56988000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: Microsoft.VisualBasic.ni.pdb source: WER9CA2.tmp.dmp.4.dr |
Source: | Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdb2 source: vsl particulars packing list.exe, 00000000.00000002.1793149895.000001CD56988000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.ni.pdbRSDS source: WER9CA2.tmp.dmp.4.dr |
Source: | Binary string: pC:\Users\user\Desktop\vsl particulars packing list.PDB source: vsl particulars packing list.exe, 00000000.00000002.1792963395.000000C085F53000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdbl source: vsl particulars packing list.exe, 00000000.00000002.1793149895.000001CD56988000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: indows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbD402B source: vsl particulars packing list.exe, 00000000.00000002.1793149895.000001CD56924000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: mscorlib.ni.pdbRSDS7^3l source: WER9CA2.tmp.dmp.4.dr |
Source: | Binary string: Microsoft.VisualBasic.ni.pdbRSDS& source: WER9CA2.tmp.dmp.4.dr |
Source: | Binary string: \??\C:\Windows\dll\mscorlib.pdb- source: vsl particulars packing list.exe, 00000000.00000002.1793149895.000001CD56988000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\vsl particulars packing list.PDB source: vsl particulars packing list.exe, 00000000.00000002.1793149895.000001CD56924000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.pdb source: WER9CA2.tmp.dmp.4.dr |
Source: | Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdb source: vsl particulars packing list.exe, 00000000.00000002.1793149895.000001CD56924000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Users\user\Desktop\vsl particulars packing list.PDB source: vsl particulars packing list.exe, 00000000.00000002.1792963395.000000C085F53000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: Microsoft.VisualBasic.pdb source: WER9CA2.tmp.dmp.4.dr |
Source: | Binary string: System.Core.ni.pdb source: WER9CA2.tmp.dmp.4.dr |
Source: | Binary string: mscorlib.pdb source: WER9CA2.tmp.dmp.4.dr |
Source: | Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdbe source: vsl particulars packing list.exe, 00000000.00000002.1793149895.000001CD56924000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: vsl particulars packing list.PDB source: vsl particulars packing list.exe, 00000000.00000002.1792963395.000000C085F53000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdb3aF source: vsl particulars packing list.exe, 00000000.00000002.1793149895.000001CD56988000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: mscorlib.ni.pdb source: WER9CA2.tmp.dmp.4.dr |
Source: | Binary string: \??\C:\Windows\mscorlib.pdb source: vsl particulars packing list.exe, 00000000.00000002.1793149895.000001CD56988000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Core.pdb source: WER9CA2.tmp.dmp.4.dr |
Source: | Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdbnA source: vsl particulars packing list.exe, 00000000.00000002.1793149895.000001CD56988000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.ni.pdb source: WER9CA2.tmp.dmp.4.dr |
Source: | Binary string: System.Core.ni.pdbRSDS source: WER9CA2.tmp.dmp.4.dr |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\vsl particulars packing list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 600000 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 599890 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 599781 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 599671 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 599562 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 599453 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 599343 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 599234 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 599125 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 599015 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 598906 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 598796 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 598685 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 598563 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 598452 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 598343 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 598234 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 598124 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 598015 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 597906 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 597796 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 597687 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 597578 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 597468 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 597359 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 597249 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 597140 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 597031 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 596921 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 596812 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 596703 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 596593 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 596483 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 596374 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 596265 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 596114 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 595984 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 595859 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 595749 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 595640 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 595531 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 595421 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 595312 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 595203 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 595093 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 594984 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 594874 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 594765 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 594656 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 594546 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep count: 38 > 30 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -35048813740048126s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -600000s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7228 | Thread sleep count: 1956 > 30 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -599890s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7228 | Thread sleep count: 7894 > 30 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -599781s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -599671s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -599562s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -599453s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -599343s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -599234s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -599125s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -599015s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -598906s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -598796s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -598685s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -598563s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -598452s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -598343s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -598234s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -598124s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -598015s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -597906s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -597796s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -597687s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -597578s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -597468s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -597359s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -597249s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -597140s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -597031s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -596921s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -596812s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -596703s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -596593s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -596483s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -596374s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -596265s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -596114s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -595984s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -595859s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -595749s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -595640s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -595531s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -595421s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -595312s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -595203s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -595093s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -594984s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -594874s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -594765s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -594656s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7224 | Thread sleep time: -594546s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 600000 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 599890 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 599781 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 599671 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 599562 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 599453 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 599343 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 599234 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 599125 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 599015 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 598906 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 598796 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 598685 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 598563 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 598452 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 598343 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 598234 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 598124 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 598015 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 597906 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 597796 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 597687 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 597578 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 597468 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 597359 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 597249 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 597140 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 597031 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 596921 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 596812 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 596703 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 596593 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 596483 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 596374 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 596265 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 596114 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 595984 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 595859 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 595749 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 595640 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 595531 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 595421 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 595312 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 595203 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 595093 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 594984 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 594874 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 594765 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 594656 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | Thread delayed: delay time: 594546 | Jump to behavior |
Source: Amcache.hve.4.dr | Binary or memory string: VMware |
Source: Amcache.hve.4.dr | Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.4.dr | Binary or memory string: vmci.syshbin |
Source: Amcache.hve.4.dr | Binary or memory string: VMware, Inc. |
Source: vsl particulars packing list.exe, 00000000.00000002.1793618699.000001CD58427000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: Amcache.hve.4.dr | Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.4.dr | Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.4.dr | Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.4.dr | Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.4.dr | Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: vsl particulars packing list.exe, 00000000.00000002.1793618699.000001CD58427000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMWARE |
Source: vsl particulars packing list.exe, 00000000.00000002.1793618699.000001CD58427000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\'C:\WINDOWS\system32\drivers\vmmouse.sys&C:\WINDOWS\system32\drivers\vmhgfs.sys |
Source: Amcache.hve.4.dr | Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: vsl particulars packing list.exe, 00000000.00000002.1793618699.000001CD58427000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: vsl particulars packing list.exe, 00000000.00000002.1793618699.000001CD58427000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMware SVGA II |
Source: Amcache.hve.4.dr | Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.4.dr | Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.4.dr | Binary or memory string: vmci.sys |
Source: Amcache.hve.4.dr | Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0 |
Source: vsl particulars packing list.exe, 00000000.00000002.1793618699.000001CD58427000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: C:\WINDOWS\system32\drivers\vmmouse.sys |
Source: Amcache.hve.4.dr | Binary or memory string: vmci.syshbin` |
Source: vsl particulars packing list.exe, 00000000.00000002.1793618699.000001CD58427000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: vmware |
Source: Amcache.hve.4.dr | Binary or memory string: \driver\vmci,\driver\pci |
Source: vsl particulars packing list.exe, 00000000.00000002.1793618699.000001CD58427000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: C:\WINDOWS\system32\drivers\vmhgfs.sys |
Source: CasPol.exe, 00000001.00000002.4124134329.000000000124E000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll/ |
Source: vsl particulars packing list.exe, 00000000.00000002.1793618699.000001CD58427000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: Amcache.hve.4.dr | Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.4.dr | Binary or memory string: VMware20,1 |
Source: Amcache.hve.4.dr | Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.4.dr | Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.4.dr | Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.4.dr | Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.4.dr | Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.4.dr | Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.4.dr | Binary or memory string: VMware PCI VMCI Bus Device |
Source: vsl particulars packing list.exe, 00000000.00000002.1793618699.000001CD58427000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: noValueButYesKey)C:\WINDOWS\system32\drivers\VBoxMouse.sys |
Source: vsl particulars packing list.exe, 00000000.00000002.1793618699.000001CD58427000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: C:\WINDOWS\system32\drivers\VBoxMouse.sys |
Source: Amcache.hve.4.dr | Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.4.dr | Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.4.dr | Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.4.dr | Binary or memory string: vmci.inf_amd64_68ed49469341f563 |