Source: C:\Windows\System32\wermgr.exe |
Code function: 4x nop then dec eax |
6_2_000784E0 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 4x nop then dec eax |
6_2_000789B0 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 4x nop then movzx ecx, word ptr [eax+02h] |
6_2_00069200 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 4x nop then mov ecx, 00004E20h |
6_2_00082659 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 4x nop then movzx edx, word ptr [eax] |
6_2_000646F0 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 4x nop then inc dword ptr [esp+40h] |
6_2_000743C0 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 4x nop then dec eax |
6_2_000743C0 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 4x nop then dec eax |
6_2_00072C44 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 4x nop then inc ecx |
6_2_0007B050 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 4x nop then dec eax |
6_2_00073860 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 4x nop then dec ecx |
6_2_00081890 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 4x nop then dec eax |
6_2_00081890 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 4x nop then dec eax |
6_2_000698D0 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 4x nop then inc esp |
6_2_000624E0 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 4x nop then cmp byte ptr [ecx+edx+01h], 00000000h |
6_2_00061500 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 4x nop then dec eax |
6_2_00065DF0 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 4x nop then movzx eax, byte ptr [ebx] |
6_2_0007BE20 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 4x nop then inc esp |
6_2_0007B240 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 4x nop then dec eax |
6_2_000772A0 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 4x nop then inc edx |
6_2_0006BEC0 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 4x nop then movzx ebx, word ptr [eax] |
6_2_00073B00 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 4x nop then mov ebx, edx |
6_2_0006EBE0 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.155.173.242 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.155.173.242 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.155.173.242 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.155.173.242 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.155.173.242 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.155.173.242 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.155.173.242 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.155.173.242 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.155.173.242 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.249.156 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.249.156 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.249.156 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.249.156 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.249.156 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.249.156 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.8.194.96 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.8.194.96 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.8.194.96 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.8.194.96 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.8.194.96 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.8.194.96 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.8.194.96 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.8.194.96 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.8.194.96 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.8.194.96 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.8.194.96 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.8.194.96 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.8.194.96 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.8.194.96 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.8.194.96 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.8.194.96 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.8.194.96 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.8.194.96 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.8.194.96 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.8.194.96 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.8.194.96 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.8.194.96 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 5.202.150.151 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.8.194.96 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 5.202.150.151 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 5.202.150.151 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.155.173.242 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.155.173.242 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.155.173.242 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 5.202.150.151 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 5.202.150.151 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 5.202.150.151 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.220.47.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.220.47.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.220.47.220 |
Source: E0F5C59F9FA661F6F4C50B87FEF3A15A.6.dr |
String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c |
Source: wermgr.exe, 00000006.00000003.2217176292.0000000033614000.00000004.00000001.sdmp |
String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0 |
Source: wermgr.exe, 00000006.00000003.2217176292.0000000033614000.00000004.00000001.sdmp |
String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c5f3x |
Source: wermgr.exe, 00000006.00000003.2218495867.0000000033613000.00000004.00000001.sdmp |
String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c8 |
Source: wermgr.exe, 00000006.00000003.2217176292.0000000033614000.00000004.00000001.sdmp |
String found in binary or memory: http://cps.letsencrypt.org0 |
Source: wermgr.exe, 00000006.00000003.2217176292.0000000033614000.00000004.00000001.sdmp |
String found in binary or memory: http://cps.root-x1.letsencrypt.org0 |
Source: wermgr.exe, 00000006.00000002.2364479573.000000000036D000.00000004.00000020.sdmp |
String found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06 |
Source: wermgr.exe, 00000006.00000002.2364479573.000000000036D000.00000004.00000020.sdmp |
String found in binary or memory: http://crl.entrust.net/2048ca.crl0 |
Source: wermgr.exe, 00000006.00000002.2364479573.000000000036D000.00000004.00000020.sdmp |
String found in binary or memory: http://crl.entrust.net/server1.crl0 |
Source: wermgr.exe, 00000006.00000002.2364479573.000000000036D000.00000004.00000020.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: wermgr.exe, 00000006.00000003.2217176292.0000000033614000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0 |
Source: wermgr.exe, 00000006.00000003.2218495867.0000000033613000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.microsofv |
Source: wermgr.exe, 00000006.00000002.2364479573.000000000036D000.00000004.00000020.sdmp |
String found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0 |
Source: wermgr.exe, 00000006.00000002.2364479573.000000000036D000.00000004.00000020.sdmp |
String found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0 |
Source: wermgr.exe, 00000006.00000002.2364479573.000000000036D000.00000004.00000020.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en&r |
Source: wermgr.exe, 00000006.00000002.2364517634.00000000003D1000.00000004.00000020.sdmp, 77EC63BDA74BD0D0E0426DC8F8008506.6.dr |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: rundll32.exe, 00000003.00000002.2101338428.0000000001B80000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.2099089069.0000000001E10000.00000002.00000001.sdmp, wermgr.exe, 00000006.00000002.2370111419.0000000033B90000.00000002.00000001.sdmp, rundll32.exe, 00000009.00000002.2364431540.00000000007E0000.00000002.00000001.sdmp |
String found in binary or memory: http://investor.msn.com |
Source: rundll32.exe, 00000003.00000002.2101338428.0000000001B80000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.2099089069.0000000001E10000.00000002.00000001.sdmp, wermgr.exe, 00000006.00000002.2370111419.0000000033B90000.00000002.00000001.sdmp, rundll32.exe, 00000009.00000002.2364431540.00000000007E0000.00000002.00000001.sdmp |
String found in binary or memory: http://investor.msn.com/ |
Source: rundll32.exe, 00000003.00000002.2101706813.0000000001D67000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.2099318193.0000000001FF7000.00000002.00000001.sdmp, wermgr.exe, 00000006.00000002.2371380931.0000000033D77000.00000002.00000001.sdmp, rundll32.exe, 00000009.00000002.2364622522.00000000009C7000.00000002.00000001.sdmp |
String found in binary or memory: http://localizability/practices/XML.asp |
Source: rundll32.exe, 00000003.00000002.2101706813.0000000001D67000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.2099318193.0000000001FF7000.00000002.00000001.sdmp, wermgr.exe, 00000006.00000002.2371380931.0000000033D77000.00000002.00000001.sdmp, rundll32.exe, 00000009.00000002.2364622522.00000000009C7000.00000002.00000001.sdmp |
String found in binary or memory: http://localizability/practices/XMLConfiguration.asp |
Source: wermgr.exe, 00000006.00000002.2364479573.000000000036D000.00000004.00000020.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0 |
Source: wermgr.exe, 00000006.00000002.2364479573.000000000036D000.00000004.00000020.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0% |
Source: wermgr.exe, 00000006.00000002.2364479573.000000000036D000.00000004.00000020.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0- |
Source: wermgr.exe, 00000006.00000002.2364479573.000000000036D000.00000004.00000020.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0/ |
Source: wermgr.exe, 00000006.00000002.2364479573.000000000036D000.00000004.00000020.sdmp |
String found in binary or memory: http://ocsp.comodoca.com05 |
Source: wermgr.exe, 00000006.00000002.2364479573.000000000036D000.00000004.00000020.sdmp |
String found in binary or memory: http://ocsp.entrust.net03 |
Source: wermgr.exe, 00000006.00000002.2364479573.000000000036D000.00000004.00000020.sdmp |
String found in binary or memory: http://ocsp.entrust.net0D |
Source: wermgr.exe, 00000006.00000003.2217176292.0000000033614000.00000004.00000001.sdmp |
String found in binary or memory: http://r3.i.lencr.org/0; |
Source: wermgr.exe, 00000006.00000003.2217176292.0000000033614000.00000004.00000001.sdmp |
String found in binary or memory: http://r3.o.lencr.org0 |
Source: wermgr.exe, 00000006.00000002.2369701585.00000000337A0000.00000002.00000001.sdmp, taskeng.exe, 00000008.00000002.2364456344.0000000000770000.00000002.00000001.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous. |
Source: wermgr.exe, 00000006.00000002.2372115954.0000000034180000.00000002.00000001.sdmp |
String found in binary or memory: http://servername/isapibackend.dll |
Source: rundll32.exe, 00000003.00000002.2101706813.0000000001D67000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.2099318193.0000000001FF7000.00000002.00000001.sdmp, wermgr.exe, 00000006.00000002.2371380931.0000000033D77000.00000002.00000001.sdmp, rundll32.exe, 00000009.00000002.2364622522.00000000009C7000.00000002.00000001.sdmp |
String found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check |
Source: rundll32.exe, 00000003.00000002.2101706813.0000000001D67000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.2099318193.0000000001FF7000.00000002.00000001.sdmp, wermgr.exe, 00000006.00000002.2371380931.0000000033D77000.00000002.00000001.sdmp, rundll32.exe, 00000009.00000002.2364622522.00000000009C7000.00000002.00000001.sdmp |
String found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true |
Source: wermgr.exe, 00000006.00000002.2369701585.00000000337A0000.00000002.00000001.sdmp, taskeng.exe, 00000008.00000002.2364456344.0000000000770000.00000002.00000001.sdmp |
String found in binary or memory: http://www.%s.comPA |
Source: wermgr.exe, 00000006.00000002.2364479573.000000000036D000.00000004.00000020.sdmp |
String found in binary or memory: http://www.digicert.com.my/cps.htm02 |
Source: wermgr.exe, 00000006.00000002.2364479573.000000000036D000.00000004.00000020.sdmp |
String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0 |
Source: rundll32.exe, 00000003.00000002.2101338428.0000000001B80000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.2099089069.0000000001E10000.00000002.00000001.sdmp, wermgr.exe, 00000006.00000002.2370111419.0000000033B90000.00000002.00000001.sdmp, rundll32.exe, 00000009.00000002.2364431540.00000000007E0000.00000002.00000001.sdmp |
String found in binary or memory: http://www.hotmail.com/oe |
Source: rundll32.exe, 00000003.00000002.2101706813.0000000001D67000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.2099318193.0000000001FF7000.00000002.00000001.sdmp, wermgr.exe, 00000006.00000002.2371380931.0000000033D77000.00000002.00000001.sdmp, rundll32.exe, 00000009.00000002.2364622522.00000000009C7000.00000002.00000001.sdmp |
String found in binary or memory: http://www.icra.org/vocabulary/. |
Source: rundll32.exe, 00000003.00000002.2101338428.0000000001B80000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.2099089069.0000000001E10000.00000002.00000001.sdmp, wermgr.exe, 00000006.00000002.2370111419.0000000033B90000.00000002.00000001.sdmp, rundll32.exe, 00000009.00000002.2364431540.00000000007E0000.00000002.00000001.sdmp |
String found in binary or memory: http://www.msnbc.com/news/ticker.txt |
Source: rundll32.exe, 00000009.00000002.2364431540.00000000007E0000.00000002.00000001.sdmp |
String found in binary or memory: http://www.windows.com/pctv. |
Source: wermgr.exe, 00000006.00000002.2364517634.00000000003D1000.00000004.00000020.sdmp |
String found in binary or memory: https://103.220.47.220:447/rob60/134349_W617601.1D7953BB38B5711FB702EBB79BB8BAD5/5/pwgrab64/ |
Source: wermgr.exe, 00000006.00000002.2369616233.00000000335C0000.00000004.00000001.sdmp |
String found in binary or memory: https://103.233.118.34:447/rob60/134349_W617601.1D7953BB38B5711FB702EBB79BB8BAD5/5/pwgrab64/ |
Source: wermgr.exe, 00000006.00000002.2364479573.000000000036D000.00000004.00000020.sdmp, wermgr.exe, 00000006.00000002.2369616233.00000000335C0000.00000004.00000001.sdmp |
String found in binary or memory: https://193.8.194.96/rob60/134349_W617601.1D7953BB38B5711FB702EBB79BB8BAD5/14/NAT%20status/client%20 |
Source: wermgr.exe, 00000006.00000002.2364462409.000000000035A000.00000004.00000020.sdmp |
String found in binary or memory: https://45.155.173.242/rob60/134349_W617601.1D7953BB38B5711FB702EBB79BB8BAD5/5/file/ |
Source: wermgr.exe, 00000006.00000002.2364479573.000000000036D000.00000004.00000020.sdmp |
String found in binary or memory: https://ident.me/ |
Source: wermgr.exe, 00000006.00000002.2364479573.000000000036D000.00000004.00000020.sdmp |
String found in binary or memory: https://secure.comodo.com/CPS0 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_00068010 |
6_2_00068010 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_00082060 |
6_2_00082060 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_0007BCA0 |
6_2_0007BCA0 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_00078CA0 |
6_2_00078CA0 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_0006E0F0 |
6_2_0006E0F0 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_000789B0 |
6_2_000789B0 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_00069200 |
6_2_00069200 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_00061290 |
6_2_00061290 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_000743C0 |
6_2_000743C0 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_00077840 |
6_2_00077840 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_00080870 |
6_2_00080870 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_000644C0 |
6_2_000644C0 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_000790E0 |
6_2_000790E0 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_000714F0 |
6_2_000714F0 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_00061500 |
6_2_00061500 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_00076100 |
6_2_00076100 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_00076D10 |
6_2_00076D10 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_00072580 |
6_2_00072580 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_0007CA00 |
6_2_0007CA00 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_0007BE20 |
6_2_0007BE20 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_00077630 |
6_2_00077630 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_0007CE70 |
6_2_0007CE70 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_0006A280 |
6_2_0006A280 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_0006C290 |
6_2_0006C290 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_0006CEB0 |
6_2_0006CEB0 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_0007B700 |
6_2_0007B700 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_00073B00 |
6_2_00073B00 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_0006E310 |
6_2_0006E310 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_00062720 |
6_2_00062720 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_00075F70 |
6_2_00075F70 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_000763A8 |
6_2_000763A8 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_000717B0 |
6_2_000717B0 |
Source: C:\Windows\System32\wermgr.exe |
Code function: 6_2_000A0040 |
6_2_000A0040 |
Source: unknown |
Process created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding |
|
Source: unknown |
Process created: C:\Windows\System32\rundll32.exe rundll32 ..\BASE.BABAA,DllRegisterServer |
|
Source: unknown |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32 ..\BASE.BABAA,DllRegisterServer |
|
Source: unknown |
Process created: C:\Windows\System32\wermgr.exe C:\Windows\system32\wermgr.exe |
|
Source: unknown |
Process created: C:\Windows\System32\wermgr.exe C:\Windows\system32\wermgr.exe |
|
Source: unknown |
Process created: C:\Windows\System32\taskeng.exe taskeng.exe {C999D15C-7BEE-4793-989A-0EF4E6A22007} S-1-5-18:NT AUTHORITY\System:Service: |
|
Source: unknown |
Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.EXE 'C:\Users\user\AppData\Roaming\QNetMonitor3154395120\ujBASEmc.rrd',DllRegisterServer |
|
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process created: C:\Windows\System32\rundll32.exe rundll32 ..\BASE.BABAA,DllRegisterServer |
Jump to behavior |
Source: C:\Windows\System32\rundll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32 ..\BASE.BABAA,DllRegisterServer |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\System32\wermgr.exe C:\Windows\system32\wermgr.exe |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\System32\wermgr.exe C:\Windows\system32\wermgr.exe |
Jump to behavior |
Source: C:\Windows\System32\taskeng.exe |
Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.EXE 'C:\Users\user\AppData\Roaming\QNetMonitor3154395120\ujBASEmc.rrd',DllRegisterServer |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\wermgr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\wermgr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |