Loading ...

Play interactive tourEdit tour

Analysis Report Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx

Overview

General Information

Sample Name:Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx
Analysis ID:367670
MD5:8ea35bdf2130db8f534db290aaceb9d0
SHA1:ef23db1561ad4a51f3a3ba45e591a0ece7eff702
SHA256:f0ffa6cda325df3c792de8f50f1fba7611c53731588d107bc40a8351d12d7da8
Infos:

Most interesting Screenshot:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

Startup

  • System is w10x64
  • EXCEL.EXE (PID: 5256 cmdline: 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding MD5: 5D6638F2C8F8571C593999C58866007E)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dll
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://api.aadrm.com/
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://api.cortana.ai
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://api.office.net
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://api.onedrive.com
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://augloop.office.com
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://augloop.office.com/v2
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://cdn.entity.
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://clients.config.office.net/
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://config.edge.skype.com
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://cortana.ai
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://cortana.ai/api
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://cr.office.com
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://dev.cortana.ai
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://devnull.onenote.com
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://directory.services.
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://graph.windows.net
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://graph.windows.net/
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://lifecycle.office.com
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://login.windows.local
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://management.azure.com
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://management.azure.com/
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://messaging.office.com/
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://ncus.contentsync.
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://officeapps.live.com
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://onedrive.live.com
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://outlook.office.com/
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://outlook.office365.com/
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://powerlift.acompli.net
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://settings.outlook.com
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://staging.cortana.ai
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://store.office.com/?productgroup=Outlook
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://store.office.com/addinstemplate
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://store.officeppe.com/addinstemplate
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://tasks.office.com
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://templatelogging.office.com/client/log
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://webshell.suite.office.com
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://wus2.contentsync.
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: 30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: classification engineClassification label: clean0.winXLSX@1/2@0/0
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCacheJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{8720B8F7-2587-46B1-8580-A2DC3C0F0D79} - OProcSessId.datJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsxInitial sample: OLE zip file path = xl/worksheets/_rels/sheet2.xml.rels
Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsxInitial sample: OLE zip file path = xl/printerSettings/printerSettings2.bin
Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsxInitial sample: OLE zip file path = xl/calcChain.xml
Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsxInitial sample: OLE zip file path = customXml/item2.xml
Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsxInitial sample: OLE zip file path = customXml/itemProps2.xml
Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsxInitial sample: OLE zip file path = customXml/item3.xml
Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsxInitial sample: OLE zip file path = customXml/itemProps3.xml
Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsxInitial sample: OLE zip file path = docProps/custom.xml
Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsxInitial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsxInitial sample: OLE zip file path = customXml/_rels/item3.xml.rels
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dll
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionMasquerading1OS Credential DumpingFile and Directory Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemorySystem Information Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://cdn.entity.0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://ofcrecsvcapi-int.azurewebsites.net/0%VirustotalBrowse
https://ofcrecsvcapi-int.azurewebsites.net/0%Avira URL Cloudsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%VirustotalBrowse
https://officeci.azurewebsites.net/api/0%Avira URL Cloudsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://store.officeppe.com/addinstemplate0%URL Reputationsafe
https://store.officeppe.com/addinstemplate0%URL Reputationsafe
https://store.officeppe.com/addinstemplate0%URL Reputationsafe
https://store.officeppe.com/addinstemplate0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://asgsmsproxyapi.azurewebsites.net/0%VirustotalBrowse
https://asgsmsproxyapi.azurewebsites.net/0%Avira URL Cloudsafe
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://ncus.pagecontentsync.0%URL Reputationsafe
https://ncus.pagecontentsync.0%URL Reputationsafe
https://ncus.pagecontentsync.0%URL Reputationsafe
https://ncus.pagecontentsync.0%URL Reputationsafe
https://skyapi.live.net/Activity/0%URL Reputationsafe
https://skyapi.live.net/Activity/0%URL Reputationsafe
https://skyapi.live.net/Activity/0%URL Reputationsafe
https://skyapi.live.net/Activity/0%URL Reputationsafe
https://dataservice.o365filtering.com0%URL Reputationsafe
https://dataservice.o365filtering.com0%URL Reputationsafe
https://dataservice.o365filtering.com0%URL Reputationsafe
https://dataservice.o365filtering.com0%URL Reputationsafe
https://api.cortana.ai0%URL Reputationsafe
https://api.cortana.ai0%URL Reputationsafe
https://api.cortana.ai0%URL Reputationsafe
https://api.cortana.ai0%URL Reputationsafe
https://ovisualuiapp.azurewebsites.net/pbiagave/0%Avira URL Cloudsafe
https://directory.services.0%URL Reputationsafe
https://directory.services.0%URL Reputationsafe
https://directory.services.0%URL Reputationsafe
https://staging.cortana.ai0%URL Reputationsafe
https://staging.cortana.ai0%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://api.diagnosticssdf.office.com30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
    high
    https://login.microsoftonline.com/30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
      high
      https://shell.suite.office.com:144330DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
        high
        https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
          high
          https://autodiscover-s.outlook.com/30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
            high
            https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
              high
              https://cdn.entity.30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              unknown
              https://api.addins.omex.office.net/appinfo/query30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                high
                https://clients.config.office.net/user/v1.0/tenantassociationkey30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                  high
                  https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                    high
                    https://powerlift.acompli.net30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    unknown
                    https://rpsticket.partnerservices.getmicrosoftkey.com30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    unknown
                    https://lookup.onenote.com/lookup/geolocation/v130DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                      high
                      https://cortana.ai30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      unknown
                      https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                        high
                        https://cloudfiles.onenote.com/upload.aspx30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                          high
                          https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                            high
                            https://entitlement.diagnosticssdf.office.com30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                              high
                              https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                high
                                https://api.aadrm.com/30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                unknown
                                https://ofcrecsvcapi-int.azurewebsites.net/30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                unknown
                                https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                  high
                                  https://api.microsoftstream.com/api/30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                    high
                                    https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                      high
                                      https://cr.office.com30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                        high
                                        https://portal.office.com/account/?ref=ClientMeControl30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                          high
                                          https://ecs.office.com/config/v2/Office30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                            high
                                            https://graph.ppe.windows.net30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                              high
                                              https://res.getmicrosoftkey.com/api/redemptionevents30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              unknown
                                              https://powerlift-frontdesk.acompli.net30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              unknown
                                              https://tasks.office.com30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                high
                                                https://officeci.azurewebsites.net/api/30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                • 0%, Virustotal, Browse
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://sr.outlook.office.net/ws/speech/recognize/assistant/work30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                  high
                                                  https://store.office.cn/addinstemplate30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  unknown
                                                  https://outlook.office.com/autosuggest/api/v1/init?cvid=30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                    high
                                                    https://globaldisco.crm.dynamics.com30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                      high
                                                      https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                        high
                                                        https://store.officeppe.com/addinstemplate30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        unknown
                                                        https://dev0-api.acompli.net/autodetect30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        unknown
                                                        https://www.odwebp.svc.ms30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        unknown
                                                        https://api.powerbi.com/v1.0/myorg/groups30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                          high
                                                          https://web.microsoftstream.com/video/30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                            high
                                                            https://graph.windows.net30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                              high
                                                              https://dataservice.o365filtering.com/30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              unknown
                                                              https://officesetup.getmicrosoftkey.com30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              unknown
                                                              https://analysis.windows.net/powerbi/api30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                high
                                                                https://prod-global-autodetect.acompli.net/autodetect30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                unknown
                                                                https://outlook.office365.com/autodiscover/autodiscover.json30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                  high
                                                                  https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                    high
                                                                    https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                      high
                                                                      https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                        high
                                                                        https://ncus.contentsync.30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                          high
                                                                          https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                            high
                                                                            http://weather.service.msn.com/data.aspx30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                              high
                                                                              https://apis.live.net/v5.0/30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              unknown
                                                                              https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                high
                                                                                https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                  high
                                                                                  https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                    high
                                                                                    https://management.azure.com30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                      high
                                                                                      https://wus2.contentsync.30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                      • URL Reputation: safe
                                                                                      • URL Reputation: safe
                                                                                      • URL Reputation: safe
                                                                                      • URL Reputation: safe
                                                                                      unknown
                                                                                      https://incidents.diagnostics.office.com30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                        high
                                                                                        https://clients.config.office.net/user/v1.0/ios30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                          high
                                                                                          https://insertmedia.bing.office.net/odc/insertmedia30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                            high
                                                                                            https://o365auditrealtimeingestion.manage.office.com30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                              high
                                                                                              https://outlook.office365.com/api/v1.0/me/Activities30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                high
                                                                                                https://api.office.net30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                  high
                                                                                                  https://incidents.diagnosticssdf.office.com30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                    high
                                                                                                    https://asgsmsproxyapi.azurewebsites.net/30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                    • 0%, Virustotal, Browse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    unknown
                                                                                                    https://clients.config.office.net/user/v1.0/android/policies30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                      high
                                                                                                      https://entitlement.diagnostics.office.com30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                        high
                                                                                                        https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                          high
                                                                                                          https://outlook.office.com/30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                            high
                                                                                                            https://storage.live.com/clientlogs/uploadlocation30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                              high
                                                                                                              https://templatelogging.office.com/client/log30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                                high
                                                                                                                https://outlook.office365.com/30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                                  high
                                                                                                                  https://webshell.suite.office.com30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                                    high
                                                                                                                    https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                                      high
                                                                                                                      https://management.azure.com/30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                                        high
                                                                                                                        https://login.windows.net/common/oauth2/authorize30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                                          high
                                                                                                                          https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          • URL Reputation: safe
                                                                                                                          • URL Reputation: safe
                                                                                                                          • URL Reputation: safe
                                                                                                                          unknown
                                                                                                                          https://graph.windows.net/30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                                            high
                                                                                                                            https://api.powerbi.com/beta/myorg/imports30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                                              high
                                                                                                                              https://devnull.onenote.com30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                                                high
                                                                                                                                https://ncus.pagecontentsync.30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                unknown
                                                                                                                                https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                                                  high
                                                                                                                                  https://messaging.office.com/30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                                                    high
                                                                                                                                    https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                                                      high
                                                                                                                                      https://augloop.office.com/v230DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                                                        high
                                                                                                                                        https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                                                          high
                                                                                                                                          https://skyapi.live.net/Activity/30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          unknown
                                                                                                                                          https://clients.config.office.net/user/v1.0/mac30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                                                            high
                                                                                                                                            https://dataservice.o365filtering.com30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            unknown
                                                                                                                                            https://api.cortana.ai30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            unknown
                                                                                                                                            https://onedrive.live.com30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                                                              high
                                                                                                                                              https://ovisualuiapp.azurewebsites.net/pbiagave/30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              unknown
                                                                                                                                              https://visio.uservoice.com/forums/368202-visio-on-devices30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                                                                high
                                                                                                                                                https://directory.services.30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                unknown
                                                                                                                                                https://login.windows-ppe.net/common/oauth2/authorize30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                                                                  high
                                                                                                                                                  https://staging.cortana.ai30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD.0.drfalse
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  unknown

                                                                                                                                                  Contacted IPs

                                                                                                                                                  No contacted IP infos

                                                                                                                                                  General Information

                                                                                                                                                  Joe Sandbox Version:31.0.0 Emerald
                                                                                                                                                  Analysis ID:367670
                                                                                                                                                  Start date:11.03.2021
                                                                                                                                                  Start time:23:11:31
                                                                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                                                                  Overall analysis duration:0h 9m 57s
                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                  Report type:light
                                                                                                                                                  Sample file name:Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx
                                                                                                                                                  Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                  Run name:Potential for more IOCs and behavior
                                                                                                                                                  Number of analysed new started processes analysed:35
                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                  Technologies:
                                                                                                                                                  • HCA enabled
                                                                                                                                                  • EGA enabled
                                                                                                                                                  • HDC enabled
                                                                                                                                                  • AMSI enabled
                                                                                                                                                  Analysis Mode:default
                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                  Detection:CLEAN
                                                                                                                                                  Classification:clean0.winXLSX@1/2@0/0
                                                                                                                                                  Cookbook Comments:
                                                                                                                                                  • Adjust boot time
                                                                                                                                                  • Enable AMSI
                                                                                                                                                  • Found application associated with file extension: .xlsx
                                                                                                                                                  • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                  • Attach to Office via COM
                                                                                                                                                  • Scroll down
                                                                                                                                                  • Close Viewer
                                                                                                                                                  Warnings:
                                                                                                                                                  Show All
                                                                                                                                                  • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, RuntimeBroker.exe, backgroundTaskHost.exe, UsoClient.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, MusNotifyIcon.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 104.43.193.48, 52.147.198.201, 52.255.188.83, 13.64.90.137, 52.109.76.68, 52.109.8.22, 52.109.12.23, 52.109.12.24, 13.107.5.88, 13.107.42.23, 51.104.144.132, 184.30.24.56, 20.54.26.129, 2.20.142.210, 2.20.142.209, 92.122.213.194, 92.122.213.247, 52.155.217.156, 20.190.160.73, 20.190.160.2, 20.190.160.4, 20.190.160.136, 20.190.160.71, 20.190.160.67, 20.190.160.129, 20.190.160.134, 51.11.168.232, 51.104.136.2, 51.11.168.160
                                                                                                                                                  • Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, www.tm.lg.prod.aadmsa.akadns.net, fs-wildcard.microsoft.com.edgekey.net, www.tm.a.prd.aadg.trafficmanager.net, login.live.com, audownload.windowsupdate.nsatc.net, officeclient.microsoft.com, watson.telemetry.microsoft.com, au-bg-shim.trafficmanager.net, afdo-tas-offload.trafficmanager.net, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, db3p-ris-pf-prod-atm.trafficmanager.net, ris-prod.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, skypedataprdcolcus15.cloudapp.net, settingsfd-geo.trafficmanager.net, ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, europe.configsvc1.live.com.akadns.net, au.download.windowsupdate.com.edgesuite.net, prod-w.nexus.live.com.akadns.net, client-office365-tas.msedge.net, ocos-office365-s2s.msedge.net, config.edge.skype.com.trafficmanager.net, e-0009.e-msedge.net, config-edge-skype.l-0014.l-msedge.net, l-0014.config.skype.com, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, nexus.officeapps.live.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, config.edge.skype.com, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, prod.configsvc1.live.com.akadns.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, settings-win.data.microsoft.com, a767.dscg3.akamai.net, login.msa.msidentity.com, skypedataprdcoleus16.cloudapp.net, ocos-office365-s2s-msedge-net.e-0009.e-msedge.net, skypedataprdcoleus17.cloudapp.net, config.officeapps.live.com, l-0014.l-msedge.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, ams2.current.a.prd.aadg.trafficmanager.net
                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                  • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                                                                                  Simulations

                                                                                                                                                  Behavior and APIs

                                                                                                                                                  No simulations

                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                  IPs

                                                                                                                                                  No context

                                                                                                                                                  Domains

                                                                                                                                                  No context

                                                                                                                                                  ASN

                                                                                                                                                  No context

                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                  No context

                                                                                                                                                  Dropped Files

                                                                                                                                                  No context

                                                                                                                                                  Created / dropped Files

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\30DA7D9D-F2FB-48C1-B37D-CC74CE9E73CD
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                  File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):132935
                                                                                                                                                  Entropy (8bit):5.376872171380054
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:TcQceNquBXA3gBwJpQ9DQW+zA9H34ZldpKWXboOilXNErLdREh:bcQ9DQW+zUXiY
                                                                                                                                                  MD5:0034D303EF90192987DF24F8CAF725BB
                                                                                                                                                  SHA1:37A9B066F59326F9A83A0D7EF598B97EBDA9142D
                                                                                                                                                  SHA-256:56E36C6D2F6CCEA96DF17E68EC16C3F83889B934EFD037ED39A64BF4933B240A
                                                                                                                                                  SHA-512:D16594D13BBA9D2D7764E31C153EAEE1EDEDB8A7F39B838551C8C599C187321F32E43C879DF5DF7DCA121DAFB99CB012801F9BC4C92B440EC2AAD7B156EEA2A0
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:low
                                                                                                                                                  Preview: <?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2021-03-11T22:12:20">.. Build: 16.0.13910.30528-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:
                                                                                                                                                  C:\Users\user\Desktop\~$Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):165
                                                                                                                                                  Entropy (8bit):1.6081032063576088
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:RFXI6dtt:RJ1
                                                                                                                                                  MD5:7AB76C81182111AC93ACF915CA8331D5
                                                                                                                                                  SHA1:68B94B5D4C83A6FB415C8026AF61F3F8745E2559
                                                                                                                                                  SHA-256:6A499C020C6F82C54CD991CA52F84558C518CBD310B10623D847D878983A40EF
                                                                                                                                                  SHA-512:A09AB74DE8A70886C22FB628BDB6A2D773D31402D4E721F9EE2F8CCEE23A569342FEECF1B85C1A25183DD370D1DFFFF75317F628F9B3AA363BBB60694F5362C7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:high, very likely benign file
                                                                                                                                                  Preview: .pratesh ..p.r.a.t.e.s.h. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                  Static File Info

                                                                                                                                                  General

                                                                                                                                                  File type:Microsoft Excel 2007+
                                                                                                                                                  Entropy (8bit):7.610913327812838
                                                                                                                                                  TrID:
                                                                                                                                                  • Excel Microsoft Office Open XML Format document (40004/1) 83.33%
                                                                                                                                                  • ZIP compressed archive (8000/1) 16.67%
                                                                                                                                                  File name:Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx
                                                                                                                                                  File size:39748
                                                                                                                                                  MD5:8ea35bdf2130db8f534db290aaceb9d0
                                                                                                                                                  SHA1:ef23db1561ad4a51f3a3ba45e591a0ece7eff702
                                                                                                                                                  SHA256:f0ffa6cda325df3c792de8f50f1fba7611c53731588d107bc40a8351d12d7da8
                                                                                                                                                  SHA512:3d4a5cc53e70f13ec766424057d38f242576fabcfa98083f60a131d3396403d4ca0f35ff1a86dc2b18464e0232e06f6ca257a22f0cc7149e9165f70cdbd85e54
                                                                                                                                                  SSDEEP:768:vU4jvnTUafBbF0OMYDBPfF5hYU7XDYehxPuGsyEj35Jv0as3FP:vU4zTR5PfF5N7XMsxPuGs5v8asl
                                                                                                                                                  File Content Preview:PK..........!..B|{............[Content_Types].xml ...(.........................................................................................................................................................................................................

                                                                                                                                                  File Icon

                                                                                                                                                  Icon Hash:74ecd0d2d6d6d0dc

                                                                                                                                                  Network Behavior

                                                                                                                                                  Network Port Distribution

                                                                                                                                                  UDP Packets

                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                  Mar 11, 2021 23:12:09.128202915 CET4919953192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:12:09.177298069 CET53491998.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:12:10.068433046 CET5062053192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:12:10.117180109 CET53506208.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:12:10.932661057 CET6493853192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:12:10.984632969 CET53649388.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:12:11.774971008 CET6015253192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:12:11.838653088 CET53601528.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:12:12.579713106 CET5754453192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:12:12.631532907 CET53575448.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:12:13.852642059 CET5598453192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:12:13.901542902 CET53559848.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:12:17.325625896 CET6418553192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:12:17.383234024 CET53641858.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:12:19.636039019 CET6511053192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:12:19.686779022 CET53651108.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:12:20.554193974 CET5836153192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:12:20.615655899 CET53583618.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:12:21.064934015 CET6349253192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:12:21.125776052 CET53634928.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:12:21.165080070 CET6083153192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:12:21.216703892 CET53608318.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:12:22.069482088 CET6349253192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:12:22.130136013 CET53634928.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:12:22.799809933 CET6010053192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:12:22.848675966 CET53601008.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:12:23.084667921 CET6349253192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:12:23.142832994 CET53634928.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:12:23.581928968 CET5319553192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:12:23.633292913 CET53531958.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:12:24.533979893 CET5014153192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:12:24.596015930 CET53501418.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:12:25.084990978 CET6349253192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:12:25.144859076 CET53634928.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:12:25.678518057 CET5302353192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:12:25.730268955 CET53530238.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:12:26.496941090 CET4956353192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:12:26.546093941 CET53495638.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:12:27.435349941 CET5135253192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:12:27.487066031 CET53513528.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:12:28.380613089 CET5934953192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:12:28.432461023 CET53593498.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:12:29.085520029 CET6349253192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:12:29.142644882 CET53634928.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:12:29.565123081 CET5708453192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:12:29.613910913 CET53570848.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:12:38.613106012 CET5872253192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:12:38.613306046 CET5659653192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:12:38.613593102 CET6410153192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:12:38.662883043 CET53565968.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:12:38.662931919 CET53587228.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:12:38.663022041 CET53641018.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:12:41.699800014 CET5882353192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:12:41.748889923 CET53588238.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:12:47.999824047 CET5756853192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:12:48.074980021 CET53575688.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:13:00.075611115 CET5054053192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:13:00.147691965 CET53505408.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:13:03.727189064 CET5436653192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:13:03.788531065 CET53543668.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:13:16.540268898 CET5303453192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:13:16.589169979 CET53530348.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:13:20.437691927 CET5776253192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:13:20.496027946 CET53577628.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:13:51.038331032 CET5543553192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:13:51.088687897 CET53554358.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:13:53.266627073 CET5071353192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:13:53.325334072 CET53507138.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:15:04.056749105 CET5613253192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:15:04.117050886 CET53561328.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:15:04.662067890 CET5898753192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:15:04.716082096 CET53589878.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:15:05.212896109 CET5657953192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:15:05.264775038 CET53565798.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:15:05.733150005 CET6063353192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:15:05.794796944 CET53606338.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:15:07.141902924 CET6129253192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:15:07.199548960 CET53612928.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:15:09.054490089 CET6361953192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:15:09.111910105 CET53636198.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:15:09.535917044 CET6493853192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:15:09.596043110 CET53649388.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:15:10.297432899 CET6194653192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:15:10.349575043 CET53619468.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:15:11.195591927 CET6491053192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:15:11.247353077 CET53649108.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:15:11.721596956 CET5212353192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:15:11.778733969 CET53521238.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:17:03.938091040 CET5613053192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:17:03.987173080 CET53561308.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:17:04.588794947 CET5633853192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:17:04.659966946 CET53563388.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:17:08.171833038 CET5942053192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:17:08.239432096 CET53594208.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:17:11.290580034 CET5878453192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:17:11.339584112 CET53587848.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:17:11.668322086 CET6397853192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:17:11.734949112 CET53639788.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:19:23.236373901 CET6293853192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:19:23.288224936 CET53629388.8.8.8192.168.2.3
                                                                                                                                                  Mar 11, 2021 23:19:57.424484968 CET5570853192.168.2.38.8.8.8
                                                                                                                                                  Mar 11, 2021 23:19:57.491698027 CET53557088.8.8.8192.168.2.3

                                                                                                                                                  DNS Answers

                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                  Mar 11, 2021 23:17:03.987173080 CET8.8.8.8192.168.2.30x12d2No error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)

                                                                                                                                                  Code Manipulations

                                                                                                                                                  Statistics

                                                                                                                                                  System Behavior

                                                                                                                                                  General

                                                                                                                                                  Start time:23:12:18
                                                                                                                                                  Start date:11/03/2021
                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
                                                                                                                                                  Imagebase:0xf0000
                                                                                                                                                  File size:27110184 bytes
                                                                                                                                                  MD5 hash:5D6638F2C8F8571C593999C58866007E
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Disassembly

                                                                                                                                                  Reset < >