Windows Analysis Report
20220714 DWG.doc

Overview

General Information

Sample Name: 20220714 DWG.doc
Analysis ID: 665041
MD5: 5fd0deaaca6ac9645ba3e9aa8af3311c
SHA1: 4823c45cde3606a5189462a8c4441686706d04f3
SHA256: b78c36823ab0b86b683d165e53405855b8e910c5011997e5a4a4620200cffc0a
Tags: doc
Infos:

Detection

Score: 48
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Potential document exploit detected (performs HTTP gets)
Document misses a certain OLE stream usually present in this Microsoft Office document type

Classification

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll Jump to behavior
Source: global traffic TCP traffic: 192.168.2.22:49173 -> 45.141.237.18:80
Source: global traffic TCP traffic: 192.168.2.22:49173 -> 45.141.237.18:80
Source: global traffic HTTP traffic detected: GET /Glomet.html HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: 45.141.237.18Connection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /Glomet.html HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: 45.141.237.18If-Modified-Since: Thu, 14 Jul 2022 16:59:59 GMTIf-None-Match: "80119226a397d81:0"Connection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /icons/ubuntu-logo.png HTTP/1.1Accept: */*Referer: http://45.141.237.18/Glomet.htmlAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 45.141.237.18Connection: Keep-Alive
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/htmlContent-Encoding: gzipLast-Modified: Thu, 14 Jul 2022 16:59:59 GMTAccept-Ranges: bytesETag: "80119226a397d81:0"Vary: Accept-EncodingServer: Microsoft-IIS/10.0Date: Fri, 15 Jul 2022 13:19:28 GMTContent-Length: 4357Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bc 5a 7b 77 da c8 92 ff 7f ce 99 ef a0 70 f7 1e 4c 02 08 49 3c 84 6d bc 27 f1 23 f1 ac f3 18 db 49 26 ce e6 78 5b 52 0b 34 16 6a 5d a9 65 4c b2 f9 ee 5b d5 dd 12 02 04 38 73 37 c3 b1 0c 52 77 d7 ab ab 7e 55 d5 70 f8 c4 63 2e 9f c7 54 9b f0 69 78 f4 eb 2f 87 f8 ae 85 24 1a 8f 6a 34 aa e1 93 27 ad d6 af bf 68 f0 7a cd bc c0 0f a8 a7 f9 09 9b 6a 7c 42 b5 13 ea 04 24 d2 58 12 8c 83 88 84 9a cf 12 ed bd 93 45 3c 93 2b 2e 48 ca b5 2c f6 08 a7 de be 66 76 8c 7e cb 30 5a 46 5f 8e 5e 51 ba 0f 7c 79 9c ee eb 7a 48 b2 c8 9d c4 c4 6b 47 94 eb 4e 36 4e 75 c3 b4 ed fe b0 83 93 5b ad 23 7c 3b 9c 50 e2 1d c9 d5 87 53 ca 89 58 de a2 ff ca 82 fb 51 ed 98 45 9c 46 bc 75 0d fa d4 34 57 de 8d 6a 9c 3e 70 1d d5 3a d0 dc 09 49 52 ca 47 ef af cf 5a 76 4d d3 73 52 3c e0 21 3d 7a 1e 13 77 42 4d a5 01 28 e7 93 2c e4 da 3b 32 06 39 cf b9 36 63 c9 5d 7a a8 cb c9 6a 65 ca e7 21 d5 d0 82 8a 91 9b a6 35 6d 4a bd 80 8c 6a a9 9b 50 69 44 4d 7b aa 7d 93 4b a6 24 01 63 ed 6b 9d f8 a1 7c 1d c8 51 30 80 17 44 e3 ea e1 ef bf fe 82 6f 0e f3 e6 4d b1 61 39 cd 62 95 05 b3 4b d7 81 5c 00 4b 88 7b 37 4e 58 16 79 2d 97 85 2c d9 d7 fe 71 62 9f bc 38 35 8b 19 3e 98 ab e5 93 69 10 ce f7 b5 0f 34 f1 48 44 9a 5a 4a a2 b4 95 d2 24 f0 0f 4a d3 d2 e0 2b 58 c4 30 62 ae 9e a2 e6 2d 12 06 63 d0 cb 05 a3 d3 a4 2c af 17 dc b7 a7 24 88 6e 63 b0 64 21 32 4b 03 1e 30 58 90 d0 90 f0 e0 9e 2a 5a 5e 90 c6 21 01 21 38 71 42 5a c8 37 0b 3c 3e d9 d7 ec 4e a7 a4 96 b4 65 cb 61 9c b3 e9 be d2 b8 34 10 52 9f ef 6b 24 e3 6c f9 39 f8 eb 64 79 60 8b dd 95 05 59 e2 d1 a4 a5 c4 30 0b 4e ea 79 6e 55 d3 30 07 96 bd 3c 26 7c 64 5f 4b 59 18 78 db 76 e4 4c bc 8a 19 bb 8d 8a f6 bc c5 90 a0 49 6e d6 09 95 aa 0d 87 85 84 4a 64 a3 d3 f9 e7 56 ee bd b3 fe d9 60 1b 8b 34 86 58 5f f1 62 a3 57 b2 57 af 6c b0 b2 a7 d8 82 75 f1 74 a6 84 74 58 e8 6d 63 18 4c c7 ab fc ac 12 bb ee fa fe ec 6f 8a 19 24 2d 1c ea 96 f9 b7 0a 1a d2 9c b8 1b 52 02 4b d1 5b 16 ae 05 6e 92 6f 76 85 cf fd 50 a8 6d d9 58 c5 73 bb 9c b7 01 a7 d3 6d c2 56 6d 71 2e 67 77 93 43 ef 94 33 7f dc 11 af 83 7f 4b 78 b2 ba 91 fd 92 58 fd f5 bd 52 ab 6f 53 ea 22 4a 54 b9 c1 cf 31 fe 0a e3 5b 9c bf 06 b3 68 53 1b 3d 50 be 6f b7 58 39 10 3a 2a 10 76 31 8c 13 ba aa b2 ad 8c 65 57 e7 0b 5b 0d d9 2b 22 2d e3 96 b1 8a 5b 0a 9b 3c 40 50 ea 55 43 5a a1 cc 6e e8 28 2b 2c 09 07 1c 6c ed 3e 4e e7 65 8d 0b 54 df ed 1d 72 7d 16 36 37 0f 86 c1 d6 4d 34 2a 98 e4 eb 97 01 76 29 d5 f6 95 0b f6 b7 bb a0 7d 3a 3c 7e 61 ae 79 49 e1 99 9b 81 71 25 e1 9a ff ac 88 c2 ea dc b0 2c fd 6d 02 65 db b7 8d 02 1e 9f 98 46 f7 6c 07 89 71 42 e7 5b 68 0c cf 86 96 dd 2f d3 68 fb 21 83 cc 1e 8d 6f 69 48 a7 20 e5 ce dc 2f 16 fc 18 ae 34 b7 fa 44 01 3b c2 60 1e 75 59 42 24 e7 88 45 f4 b1 39 69 13 ef fd 30 8
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: unknown TCP traffic detected without corresponding DNS query: 45.141.237.18
Source: global traffic HTTP traffic detected: GET /Glomet.html HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: 45.141.237.18Connection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /Glomet.html HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: 45.141.237.18If-Modified-Since: Thu, 14 Jul 2022 16:59:59 GMTIf-None-Match: "80119226a397d81:0"Connection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /icons/ubuntu-logo.png HTTP/1.1Accept: */*Referer: http://45.141.237.18/Glomet.htmlAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 45.141.237.18Connection: Keep-Alive
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0Date: Fri, 15 Jul 2022 13:19:30 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 7
Source: ~WRF{3BCD92F0-1C3B-4D0C-AD4B-E4107D6CB424}.tmp.0.dr, ~WRS{2D922950-B6AB-4AD8-83F9-D5771B48C810}.tmp.0.dr String found in binary or memory: http://45.141.237.18/Glomet.html
Source: ~WRF{3BCD92F0-1C3B-4D0C-AD4B-E4107D6CB424}.tmp.0.dr String found in binary or memory: http://45.141.237.18/Glomet.htmlyX
Source: 72919526.htm.0.dr, 2264EBF3.htm.0.dr, Glomet[1].htm.0.dr String found in binary or memory: http://httpd.apache.org/docs/2.4/mod/mod_userdir.html
Source: 72919526.htm.0.dr, 2264EBF3.htm.0.dr, Glomet[1].htm.0.dr String found in binary or memory: https://bugs.launchpad.net/ubuntu/
Source: 72919526.htm.0.dr, 2264EBF3.htm.0.dr, Glomet[1].htm.0.dr String found in binary or memory: https://launchpad.net/bugs/1288690
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{45930AE1-8162-4D9A-BE35-4DB39144DF11}.tmp Jump to behavior

System Summary

barindex
Source: Document image extraction number: 0 Screenshot OCR: enable editing" to view content ~ 0 ~ 0 4~~ - m gm " . ~ ~ m~ ~ Wp 0 0 mb ~ "
Source: Document image extraction number: 1 Screenshot OCR: enable editing" to view content wm .~ ~ - D m
Source: Screenshot number: 12 Screenshot OCR: enable editing" to view content , ii:, ^ Cl m ~ "" au":,g
Source: ~WRF{3BCD92F0-1C3B-4D0C-AD4B-E4107D6CB424}.tmp.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE File created: C:\Users\user\AppData\Local\Temp\CVR696C.tmp Jump to behavior
Source: classification engine Classification label: mal48.winDOC@1/19@0/1
Source: ~WRF{3BCD92F0-1C3B-4D0C-AD4B-E4107D6CB424}.tmp.0.dr OLE document summary: title field not present or empty
Source: ~WRF{3BCD92F0-1C3B-4D0C-AD4B-E4107D6CB424}.tmp.0.dr OLE document summary: author field not present or empty
Source: ~WRF{3BCD92F0-1C3B-4D0C-AD4B-E4107D6CB424}.tmp.0.dr OLE document summary: edited time not present or 0
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE File read: C:\Users\desktop.ini Jump to behavior
Source: 20220714 DWG.LNK.0.dr LNK file: ..\..\..\..\..\Desktop\20220714 DWG.doc
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE File created: C:\Users\user\Desktop\~$220714 DWG.doc Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll Jump to behavior
Source: ~WRF{3BCD92F0-1C3B-4D0C-AD4B-E4107D6CB424}.tmp.0.dr Initial sample: OLE indicators vbamacros = False
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs