Source: Process started | Author: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: rundll32 ..\Flopers.GGRRDDFF,DllRegisterServer, CommandLine: rundll32 ..\Flopers.GGRRDDFF,DllRegisterServer, CommandLine|base64offset|contains: ], Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE, ParentProcessId: 3252, ProcessCommandLine: rundll32 ..\Flopers.GGRRDDFF,DllRegisterServer, ProcessId: 3412 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | File opened: z: |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | File opened: x: |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | File opened: v: |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | File opened: t: |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | File opened: r: |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | File opened: p: |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | File opened: n: |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | File opened: l: |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | File opened: j: |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | File opened: h: |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | File opened: f: |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | File opened: b: |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | File opened: y: |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | File opened: w: |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | File opened: u: |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | File opened: s: |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | File opened: q: |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | File opened: o: |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | File opened: m: |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | File opened: k: |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | File opened: i: |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | File opened: g: |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | File opened: e: |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | File opened: c: |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | File opened: a: |
Source: Screenshot number: 4 | Screenshot OCR: Enable Editing, please 15 from the yellow bar above ok 16 17 "- WHY I CANNOT OPEN THIS DOCUMENT? |
Source: Screenshot number: 8 | Screenshot OCR: Enable Editing 11 12" from the yellow bar above 13 14" @Once You have Enable Editing, please cli |
Source: Screenshot number: 8 | Screenshot OCR: Enable Content 15 from the yellow bar above 16 O Cl 17 " WHY I CANNOT OPEN THIS DOCUMENT? 19 2 |
Source: Document image extraction number: 2 | Screenshot OCR: Enable Editing from the yellow bar above Once You have Enable Editing, please click Enable Content |
Source: Document image extraction number: 2 | Screenshot OCR: Enable Content from the yellow bar above WHYICANNOTOPEN THIS DOCUMENT? You are using iOS or Andro |
Source: Document image extraction number: 8 | Screenshot OCR: Enable Editing from the yellow bar above @Once You have Enable Editing, please click Enable Conten |
Source: Document image extraction number: 8 | Screenshot OCR: Enable Content from the yellow bar above WHYICANNOTOPEN THIS DOCUMENT? wYou are using IDS or Andr |
Source: Refusal-1605078281-01212021.xlsm | Initial sample: OLE zip file path = xl/worksheets/_rels/sheet2.xml.rels |
Source: Refusal-1605078281-01212021.xlsm | Initial sample: OLE zip file path = xl/media/image1.png |
Source: Refusal-1605078281-01212021.xlsm | Initial sample: OLE zip file path = xl/media/image3.png |
Source: Refusal-1605078281-01212021.xlsm | Initial sample: OLE zip file path = xl/media/image2.png |
Source: Refusal-1605078281-01212021.xlsm | Initial sample: OLE zip file path = xl/printerSettings/printerSettings2.bin |
Source: Refusal-1605078281-01212021.xlsm | Initial sample: OLE zip file path = xl/printerSettings/printerSettings3.bin |
Source: Refusal-1605078281-01212021.xlsm | Initial sample: OLE zip file path = xl/calcChain.xml |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: rundll32.exe, 00000001.00000002.266967478.0000000000BE0000.00000002.00000001.sdmp | Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: rundll32.exe, 00000001.00000002.266967478.0000000000BE0000.00000002.00000001.sdmp | Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: rundll32.exe, 00000001.00000002.266967478.0000000000BE0000.00000002.00000001.sdmp | Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: rundll32.exe, 00000001.00000002.266967478.0000000000BE0000.00000002.00000001.sdmp | Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.