Windows Analysis Report
INVOICEX-XCopy.docx.doc

Overview

General Information

Sample name: INVOICEX-XCopy.docx.doc
Analysis ID: 1538505
MD5: ec621a479efeb5576dbe1ede8245894b
SHA1: 9a3c1d701f29f7f65c9d1fab217cd55a1cc3609e
SHA256: 06894236b22810452dd0bfaf02c3a0cde3428fe19eb9e789b344de6ba4079083
Tags: docuser-lowmal3
Infos:

Detection

Score: 72
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Microsoft Office launches external ms-search protocol handler (WebDAV)
Multi AV Scanner detection for submitted file
Contains an external reference to another file
Office viewer loads remote template
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sigma detected: Suspicious Office Outbound Connections
Uses a known web browser user agent for HTTP communication

Classification

AV Detection

barindex
Source: INVOICEX-XCopy.docx.doc Avira: detected
Source: INVOICEX-XCopy.docx.doc ReversingLabs: Detection: 54%
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll Jump to behavior
Source: global traffic TCP traffic: 192.168.2.22:49163 -> 87.120.84.38:80
Source: global traffic TCP traffic: 192.168.2.22:49163 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49163
Source: global traffic TCP traffic: 192.168.2.22:49163 -> 87.120.84.38:80
Source: global traffic TCP traffic: 192.168.2.22:49163 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49163
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49163
Source: global traffic TCP traffic: 192.168.2.22:49163 -> 87.120.84.38:80
Source: global traffic TCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
Source: global traffic TCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
Source: global traffic TCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
Source: global traffic TCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
Source: global traffic TCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
Source: global traffic TCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
Source: global traffic TCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
Source: global traffic TCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
Source: global traffic TCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
Source: global traffic TCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
Source: global traffic TCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
Source: global traffic TCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
Source: global traffic TCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
Source: global traffic TCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
Source: global traffic TCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
Source: global traffic TCP traffic: 192.168.2.22:49163 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49163
Source: global traffic TCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49163
Source: global traffic TCP traffic: 192.168.2.22:49163 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
Source: global traffic TCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
Source: global traffic TCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
Source: global traffic TCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
Source: global traffic TCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49163
Source: global traffic TCP traffic: 192.168.2.22:49163 -> 87.120.84.38:80
Source: global traffic TCP traffic: 192.168.2.22:49163 -> 87.120.84.38:80
Source: global traffic TCP traffic: 87.120.84.38:80 -> 192.168.2.22:49163
Source: Joe Sandbox View IP Address: 87.120.84.38 87.120.84.38
Source: Joe Sandbox View ASN Name: SHARCOM-ASBG SHARCOM-ASBG
Source: global traffic HTTP traffic detected: GET /txt/mncharliezx.doc HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: 87.120.84.38Connection: Keep-Alive
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.84.38
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A57117A8-FF75-46DD-B526-20AA3941D964}.tmp Jump to behavior
Source: global traffic HTTP traffic detected: GET /txt/mncharliezx.doc HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: 87.120.84.38Connection: Keep-Alive
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Mon, 21 Oct 2024 11:27:33 GMTContent-Type: text/html; charset=iso-8859-1Connection: keep-alive
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Mon, 21 Oct 2024 11:27:33 GMTContent-Type: text/html; charset=iso-8859-1Connection: keep-alive
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Mon, 21 Oct 2024 11:27:40 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 65 36 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 4f c1 4a c4 30 14 bc f7 2b 9e 7b d2 83 79 6d 0d d8 43 08 ac db 2e 2e d4 b5 68 7a f0 98 dd 3c c9 c2 da d4 24 55 fc 7b d3 2e 82 97 07 33 6f 66 98 11 57 f5 f3 46 bd 75 0d 3c aa a7 16 ba fe a1 dd 6d 60 75 8b b8 6b d4 16 b1 56 f5 e5 53 b2 1c b1 d9 af 64 26 6c fc 38 4b 61 49 9b 04 e2 29 9e 49 f2 9c c3 de 45 d8 ba 69 30 02 2f 64 26 70 11 89 83 33 3f b3 af 90 ff 34 09 65 62 94 ca 12 78 fa 9c 28 44 32 d0 bf b4 f0 ad 03 0c 29 eb 7d ce 02 37 40 b4 a7 00 81 fc 17 79 26 70 9c 93 7c 3a da 18 4f 21 c8 f5 a8 8f 96 b0 64 9c f1 02 ae fb c3 34 c4 e9 06 5e 17 03 e8 08 d5 3d 2b ca 9c 55 9c dd 55 d0 39 9f 98 5c e0 9f 3d b5 5c fa a5 b2 f3 ae ec 17 81 af 29 7c 12 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: e6MOJ0+{ymC..hz<$U{.3ofWFu<m`ukVSd&l8KaI)IEi0/d&p3?4ebx(D2)}7@y&p|:O!d4^=+UU9\=\)|0
Source: classification engine Classification label: mal72.evad.winDOC@1/12@0/1
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE File created: C:\Users\user\Desktop\~$VOICEX-XCopy.docx.doc Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE File created: C:\Users\user\AppData\Local\Temp\CVRADCB.tmp Jump to behavior
Source: INVOICEX-XCopy.docx.doc OLE indicator, Word Document stream: true
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE File read: C:\Users\desktop.ini Jump to behavior
Source: INVOICEX-XCopy.docx.doc ReversingLabs: Detection: 54%
Source: INVOICEX-XCopy.docx.LNK.0.dr LNK file: ..\..\..\..\..\Desktop\INVOICEX-XCopy.docx.doc
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Automated click: OK
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Automated click: OK
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Automated click: OK
Source: Window Recorder Window detected: More than 3 window changes detected
Source: INVOICEX-XCopy.docx.doc Initial sample: OLE zip file path = word/_rels/settings.xml.rels
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll Jump to behavior
Source: INVOICEX-XCopy.docx.doc Initial sample: OLE indicators vbamacros = False

Persistence and Installation Behavior

barindex
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE File opened: \Device\RdpDr\;:1\87.120.84.38\DavWWWRoot Jump to behavior
Source: settings.xml.rels Extracted files from sample: http://87.120.84.38/txt/mncharliezx.doc
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Section loaded: netapi32.dll and davhlpr.dll loaded Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs