IOCReport

loading gif

Files

File Path
Type
Category
Malicious
Contract_132508562.xlsm
Microsoft Excel 2007+
initial sample
 malicious
C:\Users\user\Desktop\~$Contract_132508562.xlsm
data
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\78389088.gif
GIF image data, version 89a, 1600 x 1600
dropped
 clean
C:\Users\user\AppData\Local\Temp\31CE0000
data
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Contract_132508562.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:11 2020, mtime=Tue Apr 6 20:09:34 2021, atime=Tue Apr 6 20:09:34 2021, length=178366, window=hide
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Tue Apr 6 20:09:34 2021, atime=Tue Apr 6 20:09:34 2021, length=8192, window=hide
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\Desktop\E1CE0000
data
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\8774CB2F-B9EB-437C-9D99-9955AED5AE53
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1212CD17.gif
GIF image data, version 89a, 1600 x 1600
dropped
 clean
C:\Users\user\AppData\Local\Temp\D5A40000
data
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
Little-endian UTF-16 Unicode text, with CR line terminators
dropped
 clean
C:\Users\user\Desktop\76A40000
data
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\46F474E4.gif
GIF image data, version 89a, 1600 x 1600
dropped
 clean
C:\Users\user\AppData\Local\Temp\A4DE0000
data
dropped
 clean
C:\Users\user\Desktop\55DE0000
data
dropped
 clean
There are 6 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
 malicious
C:\Windows\System32\rundll32.exe
rundll32 ..\Hodas.vyur,PluginInit
 malicious
C:\Windows\System32\rundll32.exe
rundll32 ..\Hodas.vyur1,PluginInit
 malicious
C:\Windows\System32\rundll32.exe
rundll32 ..\Hodas.vyur2,PluginInit
 malicious
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
 malicious
C:\Windows\SysWOW64\rundll32.exe
rundll32 ..\Hodas.vyur,PluginInit
 malicious
C:\Windows\SysWOW64\rundll32.exe
rundll32 ..\Hodas.vyur1,PluginInit
 malicious
C:\Windows\SysWOW64\rundll32.exe
rundll32 ..\Hodas.vyur2,PluginInit
 malicious

URLs

Name
IP
Malicious
http://185.212.131.194/44285,5327891204.dat
185.212.131.194
 malicious
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
unknown
 clean
http://www.windows.com/pctv.
unknown
 clean
http://investor.msn.com
unknown
 clean
http://www.msnbc.com/news/ticker.txt
unknown
 clean
http://www.icra.org/vocabulary/.
unknown
 clean
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
unknown
 clean
http://www.hotmail.com/oe
unknown
 clean
http://investor.msn.com/
unknown
 clean
https://api.diagnosticssdf.office.com
unknown
 clean
https://login.microsoftonline.com/
unknown
 clean
https://shell.suite.office.com:1443
unknown
 clean
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
unknown
 clean
https://autodiscover-s.outlook.com/
unknown
 clean
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
unknown
 clean
https://cdn.entity.
unknown
 clean
https://api.addins.omex.office.net/appinfo/query
unknown
 clean
https://clients.config.office.net/user/v1.0/tenantassociationkey
unknown
 clean
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
unknown
 clean
https://powerlift.acompli.net
unknown
 clean
https://rpsticket.partnerservices.getmicrosoftkey.com
unknown
 clean
https://lookup.onenote.com/lookup/geolocation/v1
unknown
 clean
https://cortana.ai
unknown
 clean
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
 clean
https://cloudfiles.onenote.com/upload.aspx
unknown
 clean
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
unknown
 clean
https://entitlement.diagnosticssdf.office.com
unknown
 clean
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
unknown
 clean
https://api.aadrm.com/
unknown
 clean
https://ofcrecsvcapi-int.azurewebsites.net/
unknown
 clean
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
unknown
 clean
https://api.microsoftstream.com/api/
unknown
 clean
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
unknown
 clean
https://cr.office.com
unknown
 clean
https://portal.office.com/account/?ref=ClientMeControl
unknown
 clean
https://ecs.office.com/config/v2/Office
unknown
 clean
https://graph.ppe.windows.net
unknown
 clean
https://res.getmicrosoftkey.com/api/redemptionevents
unknown
 clean
https://powerlift-frontdesk.acompli.net
unknown
 clean
https://tasks.office.com
unknown
 clean
https://officeci.azurewebsites.net/api/
unknown
 clean
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
unknown
 clean
https://store.office.cn/addinstemplate
unknown
 clean
https://outlook.office.com/autosuggest/api/v1/init?cvid=
unknown
 clean
https://globaldisco.crm.dynamics.com
unknown
 clean
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
 clean
https://store.officeppe.com/addinstemplate
unknown
 clean
https://dev0-api.acompli.net/autodetect
unknown
 clean
https://www.odwebp.svc.ms
unknown
 clean
https://api.powerbi.com/v1.0/myorg/groups
unknown
 clean
https://web.microsoftstream.com/video/
unknown
 clean
https://graph.windows.net
unknown
 clean
https://dataservice.o365filtering.com/
unknown
 clean
https://officesetup.getmicrosoftkey.com
unknown
 clean
https://analysis.windows.net/powerbi/api
unknown
 clean
https://prod-global-autodetect.acompli.net/autodetect
unknown
 clean
https://outlook.office365.com/autodiscover/autodiscover.json
unknown
 clean
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
unknown
 clean
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
 clean
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
unknown
 clean
https://ncus.contentsync.
unknown
 clean
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
unknown
 clean
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
unknown
 clean
http://weather.service.msn.com/data.aspx
unknown
 clean
https://apis.live.net/v5.0/
unknown
 clean
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
unknown
 clean
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
unknown
 clean
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
unknown
 clean
https://management.azure.com
unknown
 clean
https://wus2.contentsync.
unknown
 clean
https://incidents.diagnostics.office.com
unknown
 clean
https://clients.config.office.net/user/v1.0/ios
unknown
 clean
https://insertmedia.bing.office.net/odc/insertmedia
unknown
 clean
https://o365auditrealtimeingestion.manage.office.com
unknown
 clean
https://outlook.office365.com/api/v1.0/me/Activities
unknown
 clean
https://api.office.net
unknown
 clean
https://incidents.diagnosticssdf.office.com
unknown
 clean
https://asgsmsproxyapi.azurewebsites.net/
unknown
 clean
https://clients.config.office.net/user/v1.0/android/policies
unknown
 clean
https://entitlement.diagnostics.office.com
unknown
 clean
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
unknown
 clean
https://outlook.office.com/
unknown
 clean
https://storage.live.com/clientlogs/uploadlocation
unknown
 clean
https://templatelogging.office.com/client/log
unknown
 clean
https://outlook.office365.com/
unknown
 clean
https://webshell.suite.office.com
unknown
 clean
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
unknown
 clean
https://management.azure.com/
unknown
 clean
https://login.windows.net/common/oauth2/authorize
unknown
 clean
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
unknown
 clean
https://graph.windows.net/
unknown
 clean
https://api.powerbi.com/beta/myorg/imports
unknown
 clean
https://devnull.onenote.com
unknown
 clean
https://ncus.pagecontentsync.
unknown
 clean
https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
unknown
 clean
https://messaging.office.com/
unknown
 clean
https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
unknown
 clean
https://augloop.office.com/v2
unknown
 clean
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
unknown
 clean
https://skyapi.live.net/Activity/
unknown
 clean
https://clients.config.office.net/user/v1.0/mac
unknown
 clean
https://dataservice.o365filtering.com
unknown
 clean
https://api.cortana.ai
unknown
 clean
https://onedrive.live.com
unknown
 clean
https://ovisualuiapp.azurewebsites.net/pbiagave/
unknown
 clean
https://visio.uservoice.com/forums/368202-visio-on-devices
unknown
 clean
https://directory.services.
unknown
 clean
https://login.windows-ppe.net/common/oauth2/authorize
unknown
 clean
There are 98 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
83.136.232.110
unknown
Russian Federation
clean
190.14.37.247
unknown
Panama
clean
185.212.131.194
unknown
Germany
clean

Registry

Path
Value
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
=5
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
MTTT
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
VBAFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ReviewToken
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EBCCA
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
DefaultSheetR2L
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
UseSystemSeparators
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ThousandsSeparator
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
DecimalSeparator
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 1
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 2
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 3
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 4
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 5
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 6
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 7
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 8
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 9
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 10
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 11
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 12
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 13
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 14
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 15
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 16
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 17
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 18
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 19
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 20
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EBFB7
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EC053
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EC0FE
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 1
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 2
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 3
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 4
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 5
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 6
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 7
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 8
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 9
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 10
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 11
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 12
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 13
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 14
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 15
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 16
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 17
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 18
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 19
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 20
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EC1AA
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EC236
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
#f5
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
LastPurgeTime
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
1086FB
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 1
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 2
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 3
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 4
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 5
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 6
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 7
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 8
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 9
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 10
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 11
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 12
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 13
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 14
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 15
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 16
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 17
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 18
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 19
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 20
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
1088B0
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EXCELFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SavedLegacySettings
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
`z?
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
az?
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
RemoteClearDate
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
Last
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
FilePath
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
StartDate
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
EndDate
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
Properties
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
Url
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
LastClean
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
DisableWinHttpCertAuth
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
DisableIsOwnerRegex
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
DisableSessionAwareHttpClose
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
DisableADALForExtendedApps
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
DisableADALSetSilentAuth
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
msoridDisableGuestCredProvider
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
msoridDisableOstringReplace
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
LastBootTime
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
VBAFiles
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
MSForms
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
MSComctlLib
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
ReviewToken
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
49D37
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
1
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
UpdateComplete
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
DefaultSheetR2L
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
UseSystemSeparators
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
ThousandsSeparator
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
DecimalSeparator
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
4A2A6
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
4A44C
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
4A555
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
4A611
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
4A6BD
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
h+?
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
6234B
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
62500
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
FileFormatBallotBoxAppIDBootedOnce
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
ProductFiles
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
en-US
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
en-US
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
EXCELFiles
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
RoamingConfigurableSettings
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
RoamingLastSyncTime
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
RoamingLastWriteTime
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
CacheReady
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
LastRequest
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
CacheReady
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
LastUpdate
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
NextUpdate
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
ProductFiles
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
ProductFiles
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
ProductFiles
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
ProductFiles
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
LastBootTime
 clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
LastPurgeTime
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
rh8
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ECFDD
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ED2F8
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ED3B4
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ED45F
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ED52A
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ED5A7
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
#r8
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
109B27
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
109CFB
 clean
There are 171 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
19E000
heap default
page read and write
 clean
28F2000
unkown
page readonly
 clean
27E5000
unkown
page readonly
 clean
590000
unkown
page readonly
 clean
1DA7000
unkown
page readonly
 clean
2915000
unkown
page readonly
 clean
2826000
unkown
page readonly
 clean
2876000
unkown
page readonly
 clean
28A6000
unkown
page readonly
 clean
2835000
unkown
page readonly
 clean
28A9000
unkown
page readonly
 clean
2009000
heap private
page read and write
 clean
2752000
unkown
page readonly
 clean
2100000
heap private
page read and write
 clean
2A32000
unkown
page readonly
 clean
2815000
unkown
page readonly
 clean
2120000
heap private
page read and write
 clean
2875000
unkown
page readonly
 clean
21C0000
unkown
page readonly
 clean
254000
heap private
page read and write
 clean
1EA0000
unkown
page write copy
 clean
2C55000
heap private
page read and write
 clean
2816000
unkown
page readonly
 clean
250000
heap private
page read and write
 clean
2722000
unkown
page readonly
 clean
2882000
unkown
page readonly
 clean
2822000
unkown
page readonly
 clean
2AD0000
unkown
page readonly
 clean
2852000
unkown
page readonly
 clean
304000
heap private
page read and write
 clean
2DE000
heap default
page read and write
 clean
2A90000
unkown
page readonly
 clean
2865000
unkown
page readonly
 clean
2704000
unkown
page readonly
 clean
310000
heap default
page read and write
 clean
3F6000
unkown
page read and write
 clean
2782000
unkown
page readonly
 clean
2129000
heap private
page read and write
 clean
4A0000
unkown
page readonly
 clean
2842000
unkown
page readonly
 clean
27B5000
unkown
page readonly
 clean
1E6000
unkown
page read and write
 clean
2A50000
unkown
page readonly
 clean
28C5000
unkown
page readonly
 clean
F0000
unkown
page readonly
 clean
25C2000
unkown
page readonly
 clean
E0000
unkown
page read and write
 clean
2822000
unkown
page readonly
 clean
27F6000
unkown
page readonly
 clean
2125000
heap private
page read and write
 clean
2782000
unkown
page readonly
 clean
2704000
unkown
page readonly
 clean
2722000
unkown
page readonly
 clean
2DA0000
unkown
page readonly
 clean
2829000
unkown
page readonly
 clean
28C2000
unkown
page readonly
 clean
6EE000
unkown
page read and write
 clean
410000
unkown
page readonly
 clean
2060000
unkown
page readonly
 clean
2724000
unkown
page readonly
 clean
27D2000
unkown
page readonly
 clean
280D000
unkown
page readonly
 clean
2882000
unkown
page readonly
 clean
2BE5000
heap private
page read and write
 clean
2000000
heap private
page read and write
 clean
150000
unkown
page read and write
 clean
28A5000
unkown
page readonly
 clean
60000
unkown
page read and write
 clean
2005000
heap private
page read and write
 clean
354000
heap private
page read and write
 clean
20000
unkown
page readonly
 clean
2742000
unkown
page readonly
 clean
A7F000
unkown
page read and write
 clean
21A0000
unkown
page readonly
 clean
3C0000
unkown
page read and write
 clean
2889000
unkown
page readonly
 clean
21A0000
unkown
page readonly
 clean
28A2000
unkown
page readonly
 clean
2B50000
unkown
page read and write
 clean
2829000
unkown
page readonly
 clean
21A5000
heap private
page read and write
 clean
2922000
unkown
page readonly
 clean
2895000
unkown
page readonly
 clean
1B30000
unkown
page readonly
 clean
2AB0000
unkown
page readonly
 clean
20000
unkown
page readonly
 clean
27C4000
unkown
page readonly
 clean
2872000
unkown
page readonly
 clean
27D6000
unkown
page readonly
 clean
730000
unkown
page readonly
 clean
60000
unkown
page readonly
 clean
2772000
unkown
page readonly
 clean
2B30000
unkown
page readonly
 clean
2744000
unkown
page readonly
 clean
234000
heap private
page read and write
 clean
2A90000
unkown
page readonly
 clean
27C2000
unkown
page readonly
 clean
308000
heap default
page read and write
 clean
B0F000
unkown
page read and write
 clean
2A0000
heap default
page read and write
 clean
28C9000
unkown
page readonly
 clean
2776000
unkown
page readonly
 clean
2A7000
heap default
page read and write
 clean
2CD0000
unkown
page readonly
 clean
2642000
unkown
page readonly
 clean
27A2000
unkown
page readonly
 clean
2702000
unkown
page readonly
 clean
2FD000
heap default
page read and write
 clean
2852000
unkown
page readonly
 clean
27C5000
unkown
page readonly
 clean
26E4000
unkown
page readonly
 clean
2865000
unkown
page readonly
 clean
282D000
unkown
page readonly
 clean
2220000
unkown
page readonly
 clean
2765000
unkown
page readonly
 clean
2C1B000
heap private
page read and write
 clean
2542000
unkown
page readonly
 clean
20000
unkown
page readonly
 clean
3DE000
heap default
page read and write
 clean
1FA0000
unkown
page write copy
 clean
1F10000
unkown
page write copy
 clean
16D000
unkown
page read and write
 clean
306000
heap default
page read and write
 clean
2AB2000
unkown
page readonly
 clean
D0000
unkown
page read and write
 clean
2F30000
unkown
page read and write
 clean
1B0000
unkown
page read and write
 clean
2BE0000
heap private
page read and write
 clean
28F9000
unkown
page readonly
 clean
2945000
unkown
page readonly
 clean
2A70000
unkown
page readonly
 clean
2C8B000
heap private
page read and write
 clean
2724000
unkown
page readonly
 clean
27A2000
unkown
page readonly
 clean
27F2000
unkown
page readonly
 clean
28E5000
unkown
page readonly
 clean
1AC000
unkown
page read and write
 clean
2A12000
unkown
page readonly
 clean
2702000
unkown
page readonly
 clean
2180000
unkown
page readonly
 clean
26E2000
unkown
page readonly
 clean
346000
unkown
page read and write
 clean
27F5000
unkown
page readonly
 clean
2C50000
heap private
page read and write
 clean
310000
unkown
page read and write
 clean
2806000
unkown
page readonly
 clean
60000
unkown
page readonly
 clean
1BC0000
unkown
page readonly
 clean
25C8000
unkown
page readonly
 clean
186000
unkown
page read and write
 clean
2805000
unkown
page readonly
 clean
2784000
unkown
page readonly
 clean
2A70000
unkown
page readonly
 clean
3A7000
heap default
page read and write
 clean
2929000
unkown
page readonly
 clean
2879000
unkown
page readonly
 clean
CC000
unkown
page read and write
 clean
2AF0000
unkown
page readonly
 clean
28A9000
unkown
page readonly
 clean
620000
unkown
page readonly
 clean
2C7000
heap default
page read and write
 clean
2846000
unkown
page readonly
 clean
27A4000
unkown
page readonly
 clean
2D5B000
heap private
page read and write
 clean
167000
heap default
page read and write
 clean
20E000
unkown
page read and write
 clean
2785000
unkown
page readonly
 clean
21A9000
heap private
page read and write
 clean
2548000
unkown
page readonly
 clean
350000
heap private
page read and write
 clean
2895000
unkown
page readonly
 clean
260000
unkown
page read and write
 clean
1AC0000
unkown
page readonly
 clean
2D20000
heap private
page read and write
 clean
26C2000
unkown
page readonly
 clean
EB000
unkown
page read and write
 clean
E0000
unkown
page readonly
 clean
2859000
unkown
page readonly
 clean
270000
unkown
page read and write
 clean
27C6000
unkown
page readonly
 clean
27A6000
unkown
page readonly
 clean
2B10000
unkown
page readonly
 clean
2795000
unkown
page readonly
 clean
3A0000
heap default
page read and write
 clean
2240000
unkown
page readonly
 clean
2FA0000
unkown
page read and write
 clean
300000
heap private
page read and write
 clean
2845000
unkown
page readonly
 clean
27B2000
unkown
page readonly
 clean
1FE0000
heap private
page read and write
 clean
160000
heap default
page read and write
 clean
2849000
unkown
page readonly
 clean
2060000
heap private
page read and write
 clean
28AD000
unkown
page readonly
 clean
2C0000
heap default
page read and write
 clean
2809000
unkown
page readonly
 clean
27E2000
unkown
page readonly
 clean
21A0000
heap private
page read and write
 clean
230000
heap private
page read and write
 clean
520000
unkown
page readonly
 clean
3A0000
unkown
page readonly
 clean
2802000
unkown
page readonly
 clean
2796000
unkown
page readonly
 clean
2622000
unkown
page readonly
 clean
2528000
unkown
page readonly
 clean
2C60000
unkown
page readonly
 clean
260000
unkown
page read and write
 clean
1CA7000
unkown
page readonly
 clean
1D17000
unkown
page readonly
 clean
2AB0000
unkown
page readonly
 clean
2D25000
heap private
page read and write
 clean
2522000
unkown
page readonly
 clean
There are 202 hidden memdumps, click here to show them.