Source: Malware configuration extractor | IPs: 46.55.222.11:443 |
Source: Malware configuration extractor | IPs: 104.245.52.73:8080 |
Source: Malware configuration extractor | IPs: 41.76.108.46:8080 |
Source: Malware configuration extractor | IPs: 103.8.26.103:8080 |
Source: Malware configuration extractor | IPs: 185.184.25.237:8080 |
Source: Malware configuration extractor | IPs: 103.8.26.102:8080 |
Source: Malware configuration extractor | IPs: 203.114.109.124:443 |
Source: Malware configuration extractor | IPs: 45.118.115.99:8080 |
Source: Malware configuration extractor | IPs: 178.79.147.66:8080 |
Source: Malware configuration extractor | IPs: 58.227.42.236:80 |
Source: Malware configuration extractor | IPs: 45.118.135.203:7080 |
Source: Malware configuration extractor | IPs: 103.75.201.2:443 |
Source: Malware configuration extractor | IPs: 195.154.133.20:443 |
Source: Malware configuration extractor | IPs: 45.142.114.231:8080 |
Source: Malware configuration extractor | IPs: 212.237.5.209:443 |
Source: Malware configuration extractor | IPs: 207.38.84.195:8080 |
Source: Malware configuration extractor | IPs: 104.251.214.46:8080 |
Source: Malware configuration extractor | IPs: 212.237.17.99:8080 |
Source: Malware configuration extractor | IPs: 212.237.56.116:7080 |
Source: Malware configuration extractor | IPs: 216.158.226.206:443 |
Source: Malware configuration extractor | IPs: 110.232.117.186:8080 |
Source: Malware configuration extractor | IPs: 158.69.222.101:443 |
Source: Malware configuration extractor | IPs: 107.182.225.142:8080 |
Source: Malware configuration extractor | IPs: 176.104.106.96:8080 |
Source: Malware configuration extractor | IPs: 81.0.236.90:443 |
Source: Malware configuration extractor | IPs: 50.116.54.215:443 |
Source: Malware configuration extractor | IPs: 138.185.72.26:8080 |
Source: Malware configuration extractor | IPs: 51.68.175.8:8080 |
Source: Malware configuration extractor | IPs: 210.57.217.132:8080 |
Source: EXCEL.EXE, 00000000.00000002.746925862.00000000059AF000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.527173545.00000000059AF000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.746951484.00000000059CD000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.527070662.00000000059F2000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.527198087.00000000059D7000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.746994076.00000000059F2000.00000004.00000001.sdmp | String found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06 |
Source: EXCEL.EXE, 00000000.00000003.527070662.00000000059F2000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.746994076.00000000059F2000.00000004.00000001.sdmp | String found in binary or memory: http://crl.entrust.net/2048ca.crl0 |
Source: EXCEL.EXE, 00000000.00000002.746951484.00000000059CD000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.527070662.00000000059F2000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.527198087.00000000059D7000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.746994076.00000000059F2000.00000004.00000001.sdmp | String found in binary or memory: http://crl.entrust.net/server1.crl0 |
Source: EXCEL.EXE, 00000000.00000003.527070662.00000000059F2000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.746994076.00000000059F2000.00000004.00000001.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: EXCEL.EXE, 00000000.00000003.527070662.00000000059F2000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.746994076.00000000059F2000.00000004.00000001.sdmp | String found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0 |
Source: EXCEL.EXE, 00000000.00000003.527070662.00000000059F2000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.746994076.00000000059F2000.00000004.00000001.sdmp | String found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0 |
Source: EXCEL.EXE, 00000000.00000002.745031381.0000000005060000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.588445230.0000000001E60000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000002.740536430.0000000001E60000.00000002.00020000.sdmp | String found in binary or memory: http://investor.msn.com |
Source: EXCEL.EXE, 00000000.00000002.745031381.0000000005060000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.588445230.0000000001E60000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000002.740536430.0000000001E60000.00000002.00020000.sdmp | String found in binary or memory: http://investor.msn.com/ |
Source: EXCEL.EXE, 00000000.00000002.745207198.0000000005247000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.588579301.0000000002047000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000002.740860352.0000000002047000.00000002.00020000.sdmp | String found in binary or memory: http://localizability/practices/XML.asp |
Source: EXCEL.EXE, 00000000.00000002.745207198.0000000005247000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.588579301.0000000002047000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000002.740860352.0000000002047000.00000002.00020000.sdmp | String found in binary or memory: http://localizability/practices/XMLConfiguration.asp |
Source: EXCEL.EXE, 00000000.00000002.746925862.00000000059AF000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.527173545.00000000059AF000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.527070662.00000000059F2000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.746994076.00000000059F2000.00000004.00000001.sdmp | String found in binary or memory: http://ocsp.comodoca.com0 |
Source: EXCEL.EXE, 00000000.00000002.746925862.00000000059AF000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.527173545.00000000059AF000.00000004.00000001.sdmp | String found in binary or memory: http://ocsp.comodoca.com0% |
Source: EXCEL.EXE, 00000000.00000003.527070662.00000000059F2000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.746994076.00000000059F2000.00000004.00000001.sdmp | String found in binary or memory: http://ocsp.comodoca.com0- |
Source: EXCEL.EXE, 00000000.00000003.527070662.00000000059F2000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.746994076.00000000059F2000.00000004.00000001.sdmp | String found in binary or memory: http://ocsp.comodoca.com0/ |
Source: EXCEL.EXE, 00000000.00000002.746951484.00000000059CD000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.527198087.00000000059D7000.00000004.00000001.sdmp | String found in binary or memory: http://ocsp.comodoca.com05 |
Source: EXCEL.EXE, 00000000.00000002.746951484.00000000059CD000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.527070662.00000000059F2000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.527198087.00000000059D7000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.746994076.00000000059F2000.00000004.00000001.sdmp | String found in binary or memory: http://ocsp.entrust.net03 |
Source: EXCEL.EXE, 00000000.00000003.527070662.00000000059F2000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.746994076.00000000059F2000.00000004.00000001.sdmp | String found in binary or memory: http://ocsp.entrust.net0D |
Source: EXCEL.EXE, 00000000.00000002.748794538.0000000007076000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.748830176.0000000007226000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.748879315.0000000007316000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.748858460.0000000007266000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.open |
Source: EXCEL.EXE, 00000000.00000002.748830176.0000000007226000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.openformatrg/drawml/2006/spreadsheetD |
Source: EXCEL.EXE, 00000000.00000002.748794538.0000000007076000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.openformatrg/package/2006/content-t |
Source: EXCEL.EXE, 00000000.00000002.748879315.0000000007316000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.748858460.0000000007266000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.openformatrg/package/2006/r |
Source: EXCEL.EXE, 00000000.00000002.745207198.0000000005247000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.588579301.0000000002047000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000002.740860352.0000000002047000.00000002.00020000.sdmp | String found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check |
Source: EXCEL.EXE, 00000000.00000002.745207198.0000000005247000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.588579301.0000000002047000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000002.740860352.0000000002047000.00000002.00020000.sdmp | String found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true |
Source: EXCEL.EXE, 00000000.00000003.527070662.00000000059F2000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.746994076.00000000059F2000.00000004.00000001.sdmp | String found in binary or memory: http://www.digicert.com.my/cps.htm02 |
Source: EXCEL.EXE, 00000000.00000003.527070662.00000000059F2000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.746994076.00000000059F2000.00000004.00000001.sdmp | String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0 |
Source: EXCEL.EXE, 00000000.00000002.745031381.0000000005060000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.588445230.0000000001E60000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000002.740536430.0000000001E60000.00000002.00020000.sdmp | String found in binary or memory: http://www.hotmail.com/oe |
Source: EXCEL.EXE, 00000000.00000002.745207198.0000000005247000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.588579301.0000000002047000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000002.740860352.0000000002047000.00000002.00020000.sdmp | String found in binary or memory: http://www.icra.org/vocabulary/. |
Source: EXCEL.EXE, 00000000.00000002.745031381.0000000005060000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.588445230.0000000001E60000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000002.740536430.0000000001E60000.00000002.00020000.sdmp | String found in binary or memory: http://www.msnbc.com/news/ticker.txt |
Source: rundll32.exe, 00000006.00000002.740536430.0000000001E60000.00000002.00020000.sdmp | String found in binary or memory: http://www.windows.com/pctv. |
Source: EXCEL.EXE, 00000000.00000002.746925862.00000000059AF000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.527173545.00000000059AF000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.746951484.00000000059CD000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.527070662.00000000059F2000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.527198087.00000000059D7000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.746994076.00000000059F2000.00000004.00000001.sdmp | String found in binary or memory: https://secure.comodo.com/CPS0 |
Source: EXCEL.EXE, 00000000.00000002.748109035.0000000006B30000.00000004.00000001.sdmp | String found in binary or memory: https://www.escapelle.u |
Source: EXCEL.EXE, 00000000.00000002.746925862.00000000059AF000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.527173545.00000000059AF000.00000004.00000001.sdmp | String found in binary or memory: https://www.escapelle.uz/) |
Source: EXCEL.EXE, 00000000.00000002.746925862.00000000059AF000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.527173545.00000000059AF000.00000004.00000001.sdmp | String found in binary or memory: https://www.escapelle.uz/1 |
Source: EXCEL.EXE, 00000000.00000002.748109035.0000000006B30000.00000004.00000001.sdmp | String found in binary or memory: https://www.escapelle.uz/w |
Source: EXCEL.EXE, 00000000.00000002.748109035.0000000006B30000.00000004.00000001.sdmp | String found in binary or memory: https://www.escapelle.uz/wp-in |
Source: EXCEL.EXE, 00000000.00000002.748109035.0000000006B30000.00000004.00000001.sdmp | String found in binary or memory: https://www.escapelle.uz/wp-incl |
Source: EXCEL.EXE, 00000000.00000002.748109035.0000000006B30000.00000004.00000001.sdmp | String found in binary or memory: https://www.escapelle.uz/wp-includ$https://www.escapelle.uz/wp-includes |
Source: EXCEL.EXE, 00000000.00000002.748109035.0000000006B30000.00000004.00000001.sdmp | String found in binary or memory: https://www.escapelle.uz/wp-includes/n1 |
Source: EXCEL.EXE, 00000000.00000002.748109035.0000000006B30000.00000004.00000001.sdmp | String found in binary or memory: https://www.escapelle.uz/wp-includes/n1vS/ |
Source: EXCEL.EXE, 00000000.00000002.744930207.0000000004F56000.00000004.00000001.sdmp | String found in binary or memory: https://www.escapelle.uz/wp-includes/n1vS/D |
Source: EXCEL.EXE, 00000000.00000002.744930207.0000000004F56000.00000004.00000001.sdmp | String found in binary or memory: https://www.escapelle.uz/wp-includes/n1vS/a |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Code function: 0_2_024E6743 |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Code function: 0_2_024E6340 |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Code function: 0_2_024E6753 |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Code function: 0_2_024E66E8 |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Code function: 0_2_024E66F3 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_003106EF |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0030ED95 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_00300A37 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0030CC3F |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_00300824 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002F3E3B |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002FF20D |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_00301C12 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_00312C16 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0030BA18 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_00311C71 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0030E478 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_00310C66 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0030645F |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0030604E |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002F68AD |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0030B0BA |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002FF4A5 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_00303ABE |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_003004A4 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002FAEB9 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_003056A9 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002F3085 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002FC69B |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002FF699 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002FD899 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002FA8E8 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_003120F8 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002FE6FD |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002FBEF5 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_00310AD3 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_00307EDD |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002F54C0 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_00303130 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002FB12E |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0030473A |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002F6125 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002F7739 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002FE336 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0030CF2C |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_00308518 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_00313306 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002F4716 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0030D10B |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002F5314 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002F8112 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0030710D |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0030C772 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002F196D |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002F996C |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002F5166 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002FDD66 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002F9565 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_00305B7C |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0030F561 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_00312560 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002F597D |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002F2B7C |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002F2176 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002F2575 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002F4F42 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002F635F |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0030C145 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002F8D59 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0031314A |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_00312D4F |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002F33A9 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0030BFA1 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_003077A7 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002F938F |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_00306B91 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002F7D87 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002FF984 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_00311987 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002FFBEF |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002FB7EC |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_003091F7 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0030D5FE |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002F6BFE |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_003135E3 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002F1DF9 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0030E7DA |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002F2DC5 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_003089DA |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_003013DB |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002F5DC3 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_002F39C3 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_00304DC5 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_00300FC5 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E415980 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E416100 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E43AE28 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E441F65 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E422C70 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E431D50 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E412D10 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E42FD1F |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E4458EF |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E41E6B0 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E4457CB |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E440569 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E42C366 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E419380 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E42C132 |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006E416134 second address: 000000006E416168 instructions: 0x00000000 rdtscp 0x00000003 mov dword ptr [ebp-08h], ecx 0x00000006 test edx, edx 0x00000008 jne 00007FD5A8FC0564h 0x0000000a mov edi, 00D66F8Ch 0x0000000f mov dword ptr [ebp-14h], edi 0x00000012 rdtscp |
Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006E4179F7 second address: 000000006E417A0A instructions: 0x00000000 rdtscp 0x00000003 test edx, edx 0x00000005 jnbe 00007FD5A8FADBAEh 0x00000007 rdtscp |
Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006E417A0A second address: 000000006E4179F7 instructions: 0x00000000 rdtscp 0x00000003 mov ecx, dword ptr [esp+0Ch] 0x00000007 ror esi, 0Dh 0x0000000a mov eax, esi 0x0000000c pop esi 0x0000000d xor ecx, esp 0x0000000f call 00007FD5A8FCCC87h 0x00000014 cmp ecx, dword ptr [6E45D008h] 0x0000001a jne 00007FD5A8FC0543h 0x0000001c ret 0x0000001d mov esp, ebp 0x0000001f pop ebp 0x00000020 ret 0x00000021 mov cl, byte ptr [esi] 0x00000023 mov edi, eax 0x00000025 cmp cl, 00000061h 0x00000028 jc 00007FD5A8FC054Fh 0x0000002a movzx eax, cl 0x0000002d add edi, FFFFFFE0h 0x00000030 add edi, eax 0x00000032 jmp 00007FD5A8FC06A2h 0x00000037 mov eax, dword ptr [ebp-14h] 0x0000003a mov ecx, dword ptr [ebp-18h] 0x0000003d cdq 0x0000003e sub eax, edx 0x00000040 sar eax, 1 0x00000042 cmp eax, ecx 0x00000044 jl 00007FD5A8FC070Eh 0x0000004a add ebx, 0000FFFFh 0x00000050 inc esi 0x00000051 test bx, bx 0x00000054 jne 00007FD5A8FC039Eh 0x0000005a mov eax, dword ptr [ebp-14h] 0x0000005d cmp eax, ecx 0x0000005f cmovle eax, ecx 0x00000062 mov ecx, edi 0x00000064 mov dword ptr [ebp-14h], eax 0x00000067 call 00007FD5A8FC1AA3h 0x0000006c push ebp 0x0000006d mov ebp, esp 0x0000006f and esp, FFFFFFF8h 0x00000072 sub esp, 0Ch 0x00000075 mov eax, dword ptr [6E45D008h] 0x0000007a xor eax, esp 0x0000007c mov dword ptr [esp+08h], eax 0x00000080 push esi 0x00000081 mov esi, ecx 0x00000083 rdtscp |
Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006E416134 second address: 000000006E416168 instructions: 0x00000000 rdtscp 0x00000003 mov dword ptr [ebp-08h], ecx 0x00000006 test edx, edx 0x00000008 jne 00007FD5A8FADBC4h 0x0000000a mov edi, 00D66F8Ch 0x0000000f mov dword ptr [ebp-14h], edi 0x00000012 rdtscp |
Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006E4179F7 second address: 000000006E417A0A instructions: 0x00000000 rdtscp 0x00000003 test edx, edx 0x00000005 jnbe 00007FD5A8FC054Eh 0x00000007 rdtscp |
Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006E417A0A second address: 000000006E4179F7 instructions: 0x00000000 rdtscp 0x00000003 mov ecx, dword ptr [esp+0Ch] 0x00000007 ror esi, 0Dh 0x0000000a mov eax, esi 0x0000000c pop esi 0x0000000d xor ecx, esp 0x0000000f call 00007FD5A8FBA2E7h 0x00000014 cmp ecx, dword ptr [6E45D008h] 0x0000001a jne 00007FD5A8FADBA3h 0x0000001c ret 0x0000001d mov esp, ebp 0x0000001f pop ebp 0x00000020 ret 0x00000021 mov cl, byte ptr [esi] 0x00000023 mov edi, eax 0x00000025 cmp cl, 00000061h 0x00000028 jc 00007FD5A8FADBAFh 0x0000002a movzx eax, cl 0x0000002d add edi, FFFFFFE0h 0x00000030 add edi, eax 0x00000032 jmp 00007FD5A8FADD02h 0x00000037 mov eax, dword ptr [ebp-14h] 0x0000003a mov ecx, dword ptr [ebp-18h] 0x0000003d cdq 0x0000003e sub eax, edx 0x00000040 sar eax, 1 0x00000042 cmp eax, ecx 0x00000044 jl 00007FD5A8FADD6Eh 0x0000004a add ebx, 0000FFFFh 0x00000050 inc esi 0x00000051 test bx, bx 0x00000054 jne 00007FD5A8FAD9FEh 0x0000005a mov eax, dword ptr [ebp-14h] 0x0000005d cmp eax, ecx 0x0000005f cmovle eax, ecx 0x00000062 mov ecx, edi 0x00000064 mov dword ptr [ebp-14h], eax 0x00000067 call 00007FD5A8FAF103h 0x0000006c push ebp 0x0000006d mov ebp, esp 0x0000006f and esp, FFFFFFF8h 0x00000072 sub esp, 0Ch 0x00000075 mov eax, dword ptr [6E45D008h] 0x0000007a xor eax, esp 0x0000007c mov dword ptr [esp+08h], eax 0x00000080 push esi 0x00000081 mov esi, ecx 0x00000083 rdtscp |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, |