Source: Yara match |
File source: dump.pcap, type: PCAP |
Source: Yara match |
File source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\exploit[1].htm, type: DROPPED |
Source: Yara match |
File source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7341AC3F.htm, type: DROPPED |
Source: Yara match |
File source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\722BFA5.htm, type: DROPPED |
Source: Yara match |
File source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\exploit[1].htm, type: DROPPED |
Source: Traffic |
Snort IDS: 2023942 ET TROJAN Possibly Malicious Base64 Unicode WebClient DownloadString M2 117.48.146.246:8008 -> 192.168.2.22:49178 |
Source: Traffic |
Snort IDS: 2023941 ET TROJAN Possibly Malicious Base64 Unicode WebClient DownloadString M1 117.48.146.246:8008 -> 192.168.2.22:49178 |
Source: Traffic |
Snort IDS: 2036726 ET EXPLOIT Possible Microsoft Support Diagnostic Tool Exploitation Inbound (CVE-2022-30190) 117.48.146.246:8008 -> 192.168.2.22:49178 |
Source: Traffic |
Snort IDS: 2023942 ET TROJAN Possibly Malicious Base64 Unicode WebClient DownloadString M2 117.48.146.246:8008 -> 192.168.2.22:49181 |
Source: Traffic |
Snort IDS: 2023941 ET TROJAN Possibly Malicious Base64 Unicode WebClient DownloadString M1 117.48.146.246:8008 -> 192.168.2.22:49181 |
Source: Traffic |
Snort IDS: 2036726 ET EXPLOIT Possible Microsoft Support Diagnostic Tool Exploitation Inbound (CVE-2022-30190) 117.48.146.246:8008 -> 192.168.2.22:49181 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49173 -> 8008 |
Source: unknown |
Network traffic detected: HTTP traffic on port 8008 -> 49173 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49174 -> 8008 |
Source: unknown |
Network traffic detected: HTTP traffic on port 8008 -> 49174 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49175 -> 8008 |
Source: unknown |
Network traffic detected: HTTP traffic on port 8008 -> 49175 |
Source: unknown |
Network traffic detected: HTTP traffic on port 8008 -> 49176 |
Source: unknown |
Network traffic detected: HTTP traffic on port 8008 -> 49177 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49178 -> 8008 |
Source: unknown |
Network traffic detected: HTTP traffic on port 8008 -> 49178 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49179 -> 8008 |
Source: unknown |
Network traffic detected: HTTP traffic on port 8008 -> 49179 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49180 -> 8008 |
Source: unknown |
Network traffic detected: HTTP traffic on port 8008 -> 49180 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49181 -> 8008 |
Source: unknown |
Network traffic detected: HTTP traffic on port 8008 -> 49181 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49182 -> 8008 |
Source: unknown |
Network traffic detected: HTTP traffic on port 8008 -> 49182 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 117.48.146.246 |
Source: ~WRF{365EE8EB-26DD-4793-A79E-4CD05254F7C9}.tmp.0.dr |
String found in binary or memory: http://117.48.146.246:8008/exp |
Source: ~WRF{365EE8EB-26DD-4793-A79E-4CD05254F7C9}.tmp.0.dr, ~WRS{E3D2E09D-939E-4CE8-8CEF-3005BD062461}.tmp.0.dr |
String found in binary or memory: http://117.48.146.246:8008/exploit.htm |
Source: ~WRF{365EE8EB-26DD-4793-A79E-4CD05254F7C9}.tmp.0.dr |
String found in binary or memory: http://117.48.146.246:8008/exploit.htmyX |
Source: document.xml |
String found in binary or memory: https://img1.18183.com/image/20220427/1651040288153109.png |
Source: document.xml |
String found in binary or memory: https://img1.18183.com/image/20220427/1651040297422300.png |
Source: document.xml |
String found in binary or memory: https://img1.18183.com/image/20220427/1651040303449177.png |
Source: dump.pcap, type: PCAP |
Matched rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 date = 2022-05-30, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-05-31, hash = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784 |
Source: document.xml.rels, type: SAMPLE |
Matched rule: SUSP_Doc_WordXMLRels_May22 date = 2022-05-30, author = Tobias Michalski, Christian Burkard, Wojciech Cieslak, description = Detects a suspicious pattern in docx document.xml.rels file as seen in CVE-2022-30190 / Follina exploitation, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-06-02, hash = 62f262d180a5a48f89be19369a8425bec596bc6a02ed23100424930791ae3df0 |
Source: document.xml.rels, type: SAMPLE |
Matched rule: INDICATOR_OLE_RemoteTemplate author = ditekSHen, description = Detects XML relations where an OLE object is refrencing an external target in dropper OOXML documents |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\exploit[1].htm, type: DROPPED |
Matched rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 date = 2022-05-30, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-05-31, hash = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7341AC3F.htm, type: DROPPED |
Matched rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 date = 2022-05-30, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-05-31, hash = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\722BFA5.htm, type: DROPPED |
Matched rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 date = 2022-05-30, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-05-31, hash = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\exploit[1].htm, type: DROPPED |
Matched rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 date = 2022-05-30, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-05-31, hash = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49173 -> 8008 |
Source: unknown |
Network traffic detected: HTTP traffic on port 8008 -> 49173 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49174 -> 8008 |
Source: unknown |
Network traffic detected: HTTP traffic on port 8008 -> 49174 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49175 -> 8008 |
Source: unknown |
Network traffic detected: HTTP traffic on port 8008 -> 49175 |
Source: unknown |
Network traffic detected: HTTP traffic on port 8008 -> 49176 |
Source: unknown |
Network traffic detected: HTTP traffic on port 8008 -> 49177 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49178 -> 8008 |
Source: unknown |
Network traffic detected: HTTP traffic on port 8008 -> 49178 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49179 -> 8008 |
Source: unknown |
Network traffic detected: HTTP traffic on port 8008 -> 49179 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49180 -> 8008 |
Source: unknown |
Network traffic detected: HTTP traffic on port 8008 -> 49180 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49181 -> 8008 |
Source: unknown |
Network traffic detected: HTTP traffic on port 8008 -> 49181 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49182 -> 8008 |
Source: unknown |
Network traffic detected: HTTP traffic on port 8008 -> 49182 |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |