Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File opened: z: |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File opened: x: |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File opened: v: |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File opened: t: |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File opened: r: |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File opened: p: |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File opened: n: |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File opened: l: |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File opened: j: |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File opened: h: |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File opened: f: |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File opened: b: |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File opened: y: |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File opened: w: |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File opened: u: |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File opened: s: |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File opened: q: |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File opened: o: |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File opened: m: |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File opened: k: |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File opened: i: |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File opened: g: |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File opened: e: |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File opened: c: |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File opened: a: |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
DNS query: leafybuy.com is down |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
DNS query: leafybuy.com is down |
Source: Screenshot number: 4 |
Screenshot OCR: Enable Editing, please 15 from the yellow bar above ok 16 17 "- WHY I CANNOT OPEN THIS DOCUMENT? |
Source: Screenshot number: 8 |
Screenshot OCR: Enable Editing 11 12" from the yellow bar above 13 14" @Once You have Enable Editing, please cli |
Source: Screenshot number: 8 |
Screenshot OCR: Enable Content 15 from the yellow bar above 16 O Cl 17 " WHY I CANNOT OPEN THIS DOCUMENT? 19 2 |
Source: Document image extraction number: 2 |
Screenshot OCR: Enable Editing from the yellow bar above Once You have Enable Editing, please click Enable Content |
Source: Document image extraction number: 2 |
Screenshot OCR: Enable Content from the yellow bar above WHYICANNOTOPEN THIS DOCUMENT? You are using iOS or Andro |
Source: Document image extraction number: 8 |
Screenshot OCR: Enable Editing from the yellow bar above @Once You have Enable Editing, please click Enable Conten |
Source: Document image extraction number: 8 |
Screenshot OCR: Enable Content from the yellow bar above WHYICANNOTOPEN THIS DOCUMENT? wYou are using IDS or Andr |
Source: unknown |
Process created: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding |
|
Source: unknown |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32 ..\Flopers.GGRRDDFF,DllRegisterServer |
|
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32 ..\Flopers.GGRRDDFF,DllRegisterServer |
Jump to behavior |
Source: Refusal-1605078281-01212021.xlsm |
Initial sample: OLE zip file path = xl/worksheets/_rels/sheet2.xml.rels |
Source: Refusal-1605078281-01212021.xlsm |
Initial sample: OLE zip file path = xl/media/image1.png |
Source: Refusal-1605078281-01212021.xlsm |
Initial sample: OLE zip file path = xl/media/image3.png |
Source: Refusal-1605078281-01212021.xlsm |
Initial sample: OLE zip file path = xl/media/image2.png |
Source: Refusal-1605078281-01212021.xlsm |
Initial sample: OLE zip file path = xl/printerSettings/printerSettings2.bin |
Source: Refusal-1605078281-01212021.xlsm |
Initial sample: OLE zip file path = xl/printerSettings/printerSettings3.bin |
Source: Refusal-1605078281-01212021.xlsm |
Initial sample: OLE zip file path = xl/calcChain.xml |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: rundll32.exe, 00000001.00000002.266967478.0000000000BE0000.00000002.00000001.sdmp |
Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: rundll32.exe, 00000001.00000002.266967478.0000000000BE0000.00000002.00000001.sdmp |
Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: rundll32.exe, 00000001.00000002.266967478.0000000000BE0000.00000002.00000001.sdmp |
Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: rundll32.exe, 00000001.00000002.266967478.0000000000BE0000.00000002.00000001.sdmp |
Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |