Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
#U0437#U0430#U043a#U0430#U0437#U0430_03M4138.docx.doc

Overview

General Information

Sample name:#U0437#U0430#U043a#U0430#U0437#U0430_03M4138.docx.doc
renamed because original name is a hash value
Original sample name:_03M4138.docx.doc
Analysis ID:1639308
MD5:d3471e9ab5dd039c31569b1484ff4fd6
SHA1:908c3bbfd45179d698b92707f271bf135d3beb7d
SHA256:bdf218f09b5db054b5e919b56e332c690e05ea07876c7e141ab0c100b5625e58
Tags:docdocxuser-abuse_ch
Infos:

Detection

Score:64
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Contains an external reference to another file
Document exploit detected (process start blacklist hit)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w11x64_office
  • WINWORD.EXE (PID: 2692 cmdline: "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding MD5: A9F0EC89897AC6C878D217DFB64CA752)
    • EXCEL.EXE (PID: 7344 cmdline: "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" -Embedding MD5: F9F7B6C42211B06E7AC3E4B60AA8FB77)
      • splwow64.exe (PID: 7644 cmdline: C:\Windows\splwow64.exe 12288 MD5: AF4A7EBF6114EE9E6FBCC910EC3C96E6)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Excel Network Connections
Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 13.107.246.60, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 7344, Protocol: tcp, SourceIp: 192.168.2.24, SourceIsIpv6: false, SourcePort: 53997
Sigma detected: Suspicious Office Outbound Connections
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.24, DestinationIsIpv6: false, DestinationPort: 53966, EventID: 3, Image: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE, Initiated: true, ProcessId: 2692, Protocol: tcp, SourceIp: 3.39.153.44, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-15T09:32:52.645294+010018100041Potentially Bad Traffic192.168.2.24539743.39.153.44443TCP
2025-03-15T09:32:53.312322+010018100041Potentially Bad Traffic192.168.2.2453976213.165.70.9080TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-15T09:32:49.151194+010018100051Potentially Bad Traffic192.168.2.24539683.39.153.44443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: #U0437#U0430#U043a#U0430#U0437#U0430_03M4138.docx.docVirustotal: Detection: 17%Perma Link
Source: #U0437#U0430#U043a#U0430#U0437#U0430_03M4138.docx.docReversingLabs: Detection: 22%
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile opened: C:\Program Files\Microsoft Office\root\vfs\System\MSVCR100.dllJump to behavior
Source: unknownHTTPS traffic detected: 3.39.153.44:443 -> 192.168.2.24:53966 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.24:53997 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.24:53998 version: TLS 1.2

Software Vulnerabilities

barindex
Document exploit detected (process start blacklist hit)
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
Source: global trafficDNS query: name: link.saja.market
Source: global trafficDNS query: name: otelrules.svc.static.microsoft
Source: global trafficTCP traffic: 192.168.2.24:53974 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53997 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.24:53998 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53966 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53966 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53966 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53966 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53966 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53966 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53966 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53966 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53974 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53974 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53974 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53974 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53974 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53974 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53974 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53974 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53974 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53974 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53974 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53974 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53997 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.24:53997 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.24:53998 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.24:53998 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.24:53997 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.24:53998 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.24:53997 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.24:53997 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.24:53997 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.24:53998 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.24:53998 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.24:53998 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.24:53997 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.24:53997 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.24:53997 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.24:53998 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.24:53998 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.24:53998 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.24:53998 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.24:53966 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53966
Source: global trafficTCP traffic: 192.168.2.24:53966 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53966 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53966
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53966
Source: global trafficTCP traffic: 192.168.2.24:53966 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53966 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53966
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53966
Source: global trafficTCP traffic: 192.168.2.24:53966 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53966
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53966
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53966
Source: global trafficTCP traffic: 192.168.2.24:53966 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53966 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53966
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53968
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53968
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53968
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53968
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53968
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53968
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53968
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53968
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53968
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53968
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53968
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53968
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53968
Source: global trafficTCP traffic: 192.168.2.24:53968 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53971
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53971
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53971
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53971
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53971
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53971
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53971
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53971
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53971
Source: global trafficTCP traffic: 192.168.2.24:53973 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53973
Source: global trafficTCP traffic: 192.168.2.24:53973 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53973 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53973
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53973
Source: global trafficTCP traffic: 192.168.2.24:53974 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53974
Source: global trafficTCP traffic: 192.168.2.24:53974 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53974 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53974
Source: global trafficTCP traffic: 192.168.2.24:53973 -> 213.165.70.90:80
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53974
Source: global trafficTCP traffic: 192.168.2.24:53974 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53974 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53974
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53974
Source: global trafficTCP traffic: 192.168.2.24:53974 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53974 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53974
Source: global trafficTCP traffic: 192.168.2.24:53974 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53974 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53974
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53974
Source: global trafficTCP traffic: 192.168.2.24:53974 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53974
Source: global trafficTCP traffic: 192.168.2.24:53974 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53974 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53974
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53978
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53978
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53978
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53978
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53978
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53978
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53978
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53978
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53978
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.24:53978
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53973
Source: global trafficTCP traffic: 192.168.2.24:53973 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53973 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53973
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53976
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53997 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.24:53997
Source: global trafficTCP traffic: 192.168.2.24:53997 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.24:53998 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.24:53998
Source: global trafficTCP traffic: 192.168.2.24:53998 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.24:53997 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.24:53997
Source: global trafficTCP traffic: 192.168.2.24:53998 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.24:53998
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.24:53997
Source: global trafficTCP traffic: 192.168.2.24:53997 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.24:53997 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.24:53997
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.24:53997
Source: global trafficTCP traffic: 192.168.2.24:53997 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.24:53998
Source: global trafficTCP traffic: 192.168.2.24:53998 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.24:53998 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.24:53998
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.24:53998
Source: global trafficTCP traffic: 192.168.2.24:53998 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.24:53997
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.24:53998
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.24:53997
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.24:53997
Source: global trafficTCP traffic: 192.168.2.24:53997 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.24:53997 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.24:53997
Source: global trafficTCP traffic: 192.168.2.24:53997 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.24:53997
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.24:53998
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.24:53998
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.24:53998
Source: global trafficTCP traffic: 192.168.2.24:53998 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.24:53998 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.24:53998 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.24:53998
Source: global trafficTCP traffic: 192.168.2.24:53998 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.24:53998
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53976 -> 213.165.70.90:80
Source: excel.exeMemory has grown: Private usage: 11MB later: 93MB

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 1810004 - Severity 1 - Joe Security ANOMALY Microsoft Office HTTP activity : 192.168.2.24:53976 -> 213.165.70.90:80
Source: Network trafficSuricata IDS: 1810005 - Severity 1 - Joe Security ANOMALY Microsoft Office WebDAV Discovery : 192.168.2.24:53968 -> 3.39.153.44:443
Source: Network trafficSuricata IDS: 1810004 - Severity 1 - Joe Security ANOMALY Microsoft Office HTTP activity : 192.168.2.24:53974 -> 3.39.153.44:443
Source: Joe Sandbox ViewIP Address: 3.39.153.44 3.39.153.44
Source: Joe Sandbox ViewIP Address: 13.107.246.60 13.107.246.60
Source: Joe Sandbox ViewASN Name: ONEANDONE-ASBrauerstrasse48DE ONEANDONE-ASBrauerstrasse48DE
Source: Joe Sandbox ViewJA3 fingerprint: 258a5a1e95b8a911872bae9081526644
Source: global trafficHTTP traffic detected: GET /6DOhfU9pHu?&motorboat=madly&atm HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: link.saja.marketConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /346/fusce/givenbestresultswithglorryeyeshappiness________givenbestresultswithglorryeyeshappiness_________givenbestresultswithglorryeyeshappiness.doc?&explanation=puffy&bestseller HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)UA-CPU: AMD64Accept-Encoding: gzip, deflateConnection: Keep-AliveHost: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: global trafficHTTP traffic detected: GET /6DOhfU9pHu?&motorboat=madly&atm HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: link.saja.marketConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /rules/rule170146v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.18129; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120201v19s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.18129; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /346/fusce/givenbestresultswithglorryeyeshappiness________givenbestresultswithglorryeyeshappiness_________givenbestresultswithglorryeyeshappiness.doc?&explanation=puffy&bestseller HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)UA-CPU: AMD64Accept-Encoding: gzip, deflateConnection: Keep-AliveHost: 213.165.70.90
Source: global trafficDNS traffic detected: DNS query: link.saja.market
Source: global trafficDNS traffic detected: DNS query: otelrules.svc.static.microsoft
Source: unknownNetwork traffic detected: HTTP traffic on port 53971 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53968
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53978
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53966
Source: unknownNetwork traffic detected: HTTP traffic on port 53974 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53998 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53968 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53997 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53971
Source: unknownNetwork traffic detected: HTTP traffic on port 53966 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53998
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53997
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53974
Source: unknownNetwork traffic detected: HTTP traffic on port 53978 -> 443
Source: unknownHTTPS traffic detected: 3.39.153.44:443 -> 192.168.2.24:53966 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.24:53997 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.24:53998 version: TLS 1.2
Source: classification engineClassification label: mal64.expl.evad.winDOC@5/8@2/3
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\Desktop\~$0437#U0430#U043a#U0430#U0437#U0430_03M4138.docx.docJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\{07D39753-63BD-4709-BB76-6DE9F738A212} - OProcSessId.datJump to behavior
Source: #U0437#U0430#U043a#U0430#U0437#U0430_03M4138.docx.docOLE indicator, Word Document stream: true
Source: ~WRD0000.tmp.0.drOLE indicator, Word Document stream: true
Source: #U0437#U0430#U043a#U0430#U0437#U0430_03M4138.docx.docOLE document summary: title field not present or empty
Source: ~WRD0000.tmp.0.drOLE document summary: title field not present or empty
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: #U0437#U0430#U043a#U0430#U0437#U0430_03M4138.docx.docVirustotal: Detection: 17%
Source: #U0437#U0430#U043a#U0430#U0437#U0430_03M4138.docx.docReversingLabs: Detection: 22%
Source: unknownProcess created: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" -Embedding
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: #U0437#U0430#U043a#U0430#U0437#U0430_03M4138.docx.docInitial sample: OLE zip file path = word/_rels/settings.xml.rels
Source: ~WRD0000.tmp.0.drInitial sample: OLE zip file path = word/_rels/settings.xml.rels
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: ~WRD0000.tmp.0.drInitial sample: OLE summary template = F5779A1B.doc
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile opened: C:\Program Files\Microsoft Office\root\vfs\System\MSVCR100.dllJump to behavior
Source: #U0437#U0430#U043a#U0430#U0437#U0430_03M4138.docx.docInitial sample: OLE summary lastprinted = 2024-10-24 04:40:59
Source: #U0437#U0430#U043a#U0430#U0437#U0430_03M4138.docx.docInitial sample: OLE indicators vbamacros = False

Persistence and Installation Behavior

barindex
Contains an external reference to another file
Source: settings.xml.relsExtracted files from sample: https://link.saja.market/6dohfu9phu?&motorboat=madly&atm
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 1811Jump to behavior
Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 8097Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
Windows Management Instrumentation		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts13
Exploitation for Client Execution		Boot or Logon Initialization Scripts1
Extra Window Memory Injection		11
Virtualization/Sandbox Evasion		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager11
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Extra Window Memory Injection		NTDS1
Application Window Discovery		Distributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials2
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.