Source: unknown |
TCP traffic detected without corresponding DNS query: 192.119.14.178 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 192.119.14.178 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 192.119.14.178 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 192.119.14.178 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 192.119.14.178 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 192.119.14.178 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 192.119.14.178 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 192.119.14.178 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 192.119.14.178 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 192.119.14.178 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 192.119.14.178 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 192.119.14.178 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 192.119.14.178 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 192.119.14.178 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.147.28.34 |
Source: appscomhost, 00000005.00000003.259267495.0000000004B50000.00000004.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: appscomhost, 00000005.00000003.259267495.0000000004B50000.00000004.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0 |
Source: appscomhost, 00000005.00000003.259267495.0000000004B50000.00000004.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0 |
Source: appscomhost, 00000005.00000003.259267495.0000000004B50000.00000004.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: appscomhost, 00000005.00000003.259267495.0000000004B50000.00000004.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: appscomhost, 00000005.00000003.259267495.0000000004B50000.00000004.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 |
Source: appscomhost, 00000005.00000003.259267495.0000000004B50000.00000004.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07 |
Source: appscomhost, 00000005.00000003.259267495.0000000004B50000.00000004.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: appscomhost, 00000005.00000003.259267495.0000000004B50000.00000004.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: appscomhost, 00000005.00000003.259267495.0000000004B50000.00000004.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 |
Source: appscomhost, 00000005.00000003.259267495.0000000004B50000.00000004.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0J |
Source: appscomhost, 00000005.00000003.259267495.0000000004B50000.00000004.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: Javelin.exe, 00000008.00000002.294909755.0000000000401000.00000020.00020000.sdmp, Javelin.exe, 0000000B.00000003.315153554.000000007DEF0000.00000004.00000001.sdmp |
String found in binary or memory: http://madExcept.comU |
Source: appscomhost, 00000005.00000002.284875976.000000000040A000.00000004.00020000.sdmp |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: appscomhost, 00000005.00000003.259267495.0000000004B50000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: appscomhost, 00000005.00000003.259267495.0000000004B50000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com0H |
Source: appscomhost, 00000005.00000003.259267495.0000000004B50000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com0I |
Source: appscomhost, 00000005.00000003.259267495.0000000004B50000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com0O |
Source: Javelin.exe, 00000008.00000002.300472994.0000000001208000.00000002.00020000.sdmp, Javelin.exe, 00000008.00000002.302591567.0000000001463000.00000002.00020000.sdmp, Javelin.exe, 0000000B.00000003.311749860.000000007D910000.00000004.00000001.sdmp |
String found in binary or memory: http://rmansys.ru/internet-id/ |
Source: Javelin.exe, 00000008.00000002.294909755.0000000000401000.00000020.00020000.sdmp, Javelin.exe, 0000000B.00000003.315153554.000000007DEF0000.00000004.00000001.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/ |
Source: Javelin.exe, 00000008.00000002.294909755.0000000000401000.00000020.00020000.sdmp |
String found in binary or memory: http://update.remoteutilities.net/upgrade.ini |
Source: Javelin.exe, 00000008.00000002.294909755.0000000000401000.00000020.00020000.sdmp |
String found in binary or memory: http://update.remoteutilities.net/upgrade_beta.ini |
Source: appscomhost, 00000005.00000003.259267495.0000000004B50000.00000004.00000001.sdmp |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: appscomhost, 00000005.00000003.259267495.0000000004B50000.00000004.00000001.sdmp |
String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0 |
Source: Javelin.exe, 00000008.00000000.272062914.0000000000E01000.00000020.00020000.sdmp, Javelin.exe, 0000000B.00000003.311749860.000000007D910000.00000004.00000001.sdmp |
String found in binary or memory: http://www.indyproject.org/ |
Source: appscomhost, 00000005.00000003.259267495.0000000004B50000.00000004.00000001.sdmp, Javelin.exe, 00000008.00000002.305300851.0000000011149000.00000002.00020000.sdmp |
String found in binary or memory: http://www.openssl.org/V |
Source: Javelin.exe, 00000008.00000002.304923395.00000000110E7000.00000002.00020000.sdmp |
String found in binary or memory: http://www.openssl.org/support/faq.html |
Source: Javelin.exe, 00000008.00000002.304923395.00000000110E7000.00000002.00020000.sdmp |
String found in binary or memory: http://www.openssl.org/support/faq.html....................rbwb.rndC:HOMERANDFILEPRNG |
Source: appscomhost, 00000005.00000003.259267495.0000000004B50000.00000004.00000001.sdmp |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: C:\Users\Public\Libraries\appscomhost |
Code function: 5_2_004055B8 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, |
5_2_004055B8 |
Source: C:\Users\Public\Libraries\appscomhost |
Code function: 5_2_004034C5 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
5_2_004034C5 |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: Javelin.exe.5.dr |
Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: C:\Users\Public\Libraries\appscomhost |
Code function: 5_2_004034C5 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
5_2_004034C5 |
Source: unknown |
Process created: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding |
|
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic process call create 'C:\Users\Public\Libraries/appscomhost' |
|
Source: C:\Windows\SysWOW64\wbem\WMIC.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Users\Public\Libraries\appscomhost C:\Users\Public\Libraries/appscomhost |
|
Source: C:\Users\Public\Libraries\appscomhost |
Process created: C:\Users\Public\JavelinNew\Javelin.exe 'C:\Users\Public\JavelinNew\Javelin.exe' |
|
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process created: C:\Users\Public\JavelinNew\Javelin.exe C:\Users\Public\JavelinNew\Javelin.exe -run_agent -second |
|
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\net.exe net user /domain |
|
Source: C:\Windows\SysWOW64\net.exe |
Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user /domain |
|
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic process call create 'C:\Users\Public\Libraries/appscomhost' |
Jump to behavior |
Source: C:\Users\Public\Libraries\appscomhost |
Process created: C:\Users\Public\JavelinNew\Javelin.exe 'C:\Users\Public\JavelinNew\Javelin.exe' |
Jump to behavior |
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\net.exe net user /domain |
Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe |
Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user /domain |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\Libraries\appscomhost |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\Libraries\appscomhost |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\Libraries\appscomhost |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\Libraries\appscomhost |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\Libraries\appscomhost |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\Libraries\appscomhost |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\Libraries\appscomhost |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\Libraries\appscomhost |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\Public\JavelinNew\Javelin.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: WMIC.exe, 00000001.00000002.258960030.0000000000700000.00000002.00000001.sdmp, Javelin.exe, 00000008.00000002.303131921.0000000001A70000.00000002.00000001.sdmp |
Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: Javelin.exe, 0000000B.00000003.331432284.00000000052E1000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V RAW |
Source: WMIC.exe, 00000001.00000002.258960030.0000000000700000.00000002.00000001.sdmp, Javelin.exe, 00000008.00000002.303131921.0000000001A70000.00000002.00000001.sdmp |
Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: WMIC.exe, 00000001.00000002.258960030.0000000000700000.00000002.00000001.sdmp, Javelin.exe, 00000008.00000002.303131921.0000000001A70000.00000002.00000001.sdmp |
Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: WMIC.exe, 00000001.00000002.258960030.0000000000700000.00000002.00000001.sdmp, Javelin.exe, 00000008.00000002.303131921.0000000001A70000.00000002.00000001.sdmp |
Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Users\Public\Libraries\appscomhost |
Code function: 5_2_004034C5 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
5_2_004034C5 |
Source: Yara match |
File source: 00000008.00000002.300472994.0000000001208000.00000002.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000008.00000000.273261388.0000000001208000.00000002.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000B.00000003.311749860.000000007D910000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000B.00000003.319348250.000000007E8F0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000B.00000000.293269223.0000000001208000.00000002.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000B.00000003.324153787.000000007F8D0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: Javelin.exe PID: 6832, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: Javelin.exe PID: 7128, type: MEMORY |
Source: Yara match |
File source: C:\Users\Public\JavelinNew\Javelin.exe, type: DROPPED |