Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Coronavirus pandemic.docx

Overview

General Information

Sample Name:Coronavirus pandemic.docx
Analysis ID:383148
MD5:8f525ec48db9a3caea17354f5113beb8
SHA1:8b1792b84b70053532ab34b8d62659d1d531affc
SHA256:42566c5d227dff870976653176f6497eef50bbc0397b8c0507c2801e38ac210a
Tags:docx
Infos:

Most interesting Screenshot:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

Startup

  • System is w10x64
  • WINWORD.EXE (PID: 1008 cmdline: 'C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE' /Automation -Embedding MD5: 0B9AB9B9C4DE429473D6450D4297A123)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://api.aadrm.com/
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://api.cortana.ai
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://api.office.net
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://api.onedrive.com
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://augloop.office.com
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://augloop.office.com/v2
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://cdn.entity.
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://clients.config.office.net/
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://config.edge.skype.com
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://cortana.ai
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://cortana.ai/api
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://cr.office.com
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://dev.cortana.ai
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://devnull.onenote.com
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://directory.services.
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://graph.windows.net
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://graph.windows.net/
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://lifecycle.office.com
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://login.windows.local
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://management.azure.com
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://management.azure.com/
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://messaging.office.com/
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://ncus.contentsync.
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://officeapps.live.com
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://onedrive.live.com
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://outlook.office.com/
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://outlook.office365.com/
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://powerlift.acompli.net
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://settings.outlook.com
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://staging.cortana.ai
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://store.office.com/?productgroup=Outlook
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://store.office.com/addinstemplate
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://store.officeppe.com/addinstemplate
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://tasks.office.com
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://templatelogging.office.com/client/log
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://webshell.suite.office.com
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://wus2.contentsync.
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: classification engineClassification label: clean0.winDOCX@1/8@0/0
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.WordJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\{ADDA6F1E-4918-4337-B3F3-AD620D490686} - OProcSessId.datJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguagesJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionMasquerading1OS Credential DumpingFile and Directory Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemorySystem Information Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Coronavirus pandemic.docx0%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://cdn.entity.0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://ofcrecsvcapi-int.azurewebsites.net/0%VirustotalBrowse
https://ofcrecsvcapi-int.azurewebsites.net/0%Avira URL Cloudsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%VirustotalBrowse
https://officeci.azurewebsites.net/api/0%Avira URL Cloudsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://store.officeppe.com/addinstemplate0%URL Reputationsafe
https://store.officeppe.com/addinstemplate0%URL Reputationsafe
https://store.officeppe.com/addinstemplate0%URL Reputationsafe
https://store.officeppe.com/addinstemplate0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://asgsmsproxyapi.azurewebsites.net/0%VirustotalBrowse
https://asgsmsproxyapi.azurewebsites.net/0%Avira URL Cloudsafe
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://ncus.pagecontentsync.0%URL Reputationsafe
https://ncus.pagecontentsync.0%URL Reputationsafe
https://ncus.pagecontentsync.0%URL Reputationsafe
https://ncus.pagecontentsync.0%URL Reputationsafe
https://skyapi.live.net/Activity/0%URL Reputationsafe
https://skyapi.live.net/Activity/0%URL Reputationsafe
https://skyapi.live.net/Activity/0%URL Reputationsafe
https://skyapi.live.net/Activity/0%URL Reputationsafe
https://dataservice.o365filtering.com0%URL Reputationsafe
https://dataservice.o365filtering.com0%URL Reputationsafe
https://dataservice.o365filtering.com0%URL Reputationsafe
https://dataservice.o365filtering.com0%URL Reputationsafe
https://api.cortana.ai0%URL Reputationsafe
https://api.cortana.ai0%URL Reputationsafe
https://api.cortana.ai0%URL Reputationsafe
https://api.cortana.ai0%URL Reputationsafe
https://ovisualuiapp.azurewebsites.net/pbiagave/0%Avira URL Cloudsafe
https://directory.services.0%URL Reputationsafe
https://directory.services.0%URL Reputationsafe
https://directory.services.0%URL Reputationsafe
https://staging.cortana.ai0%URL Reputationsafe
https://staging.cortana.ai0%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://api.diagnosticssdf.office.comA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
    		high
    https://login.microsoftonline.com/A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
      		high
      https://shell.suite.office.com:1443A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
        		high
        https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorizeA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
          		high
          https://autodiscover-s.outlook.com/A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
            		high
            https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
              		high
              https://cdn.entity.A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown
              https://api.addins.omex.office.net/appinfo/queryA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                		high
                https://clients.config.office.net/user/v1.0/tenantassociationkeyA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                  		high
                  https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                    		high
                    https://powerlift.acompli.netA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    https://rpsticket.partnerservices.getmicrosoftkey.comA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    https://lookup.onenote.com/lookup/geolocation/v1A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                      		high
                      https://cortana.aiA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                        		high
                        https://cloudfiles.onenote.com/upload.aspxA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                          		high
                          https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                            		high
                            https://entitlement.diagnosticssdf.office.comA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                              		high
                              https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicyA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                		high
                                https://api.aadrm.com/A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                https://ofcrecsvcapi-int.azurewebsites.net/A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                  		high
                                  https://api.microsoftstream.com/api/A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                    		high
                                    https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                      		high
                                      https://cr.office.comA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                        		high
                                        https://portal.office.com/account/?ref=ClientMeControlA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                          		high
                                          https://ecs.office.com/config/v2/OfficeA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                            		high
                                            https://graph.ppe.windows.netA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                              		high
                                              https://res.getmicrosoftkey.com/api/redemptioneventsA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              https://powerlift-frontdesk.acompli.netA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              https://tasks.office.comA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                		high
                                                https://officeci.azurewebsites.net/api/A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                • 0%, Virustotal, Browse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://sr.outlook.office.net/ws/speech/recognize/assistant/workA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                  		high
                                                  https://store.office.cn/addinstemplateA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://outlook.office.com/autosuggest/api/v1/init?cvid=A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                    		high
                                                    https://globaldisco.crm.dynamics.comA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                      		high
                                                      https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                        		high
                                                        https://store.officeppe.com/addinstemplateA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://dev0-api.acompli.net/autodetectA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://www.odwebp.svc.msA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://api.powerbi.com/v1.0/myorg/groupsA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                          		high
                                                          https://web.microsoftstream.com/video/A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                            		high
                                                            https://graph.windows.netA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                              		high
                                                              https://dataservice.o365filtering.com/A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://officesetup.getmicrosoftkey.comA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://analysis.windows.net/powerbi/apiA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                		high
                                                                https://prod-global-autodetect.acompli.net/autodetectA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://outlook.office365.com/autodiscover/autodiscover.jsonA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                  		high
                                                                  https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-iosA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                    		high
                                                                    https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                      		high
                                                                      https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                        		high
                                                                        https://ncus.contentsync.A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://onedrive.live.com/about/download/?windows10SyncClientInstalled=falseA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                          		high
                                                                          https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                            		high
                                                                            http://weather.service.msn.com/data.aspxA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                              		high
                                                                              https://apis.live.net/v5.0/A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asksA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                		high
                                                                                https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                  		high
                                                                                  https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                    		high
                                                                                    https://management.azure.comA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                      		high
                                                                                      https://wus2.contentsync.A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                      • URL Reputation: safe
                                                                                      • URL Reputation: safe
                                                                                      • URL Reputation: safe
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://incidents.diagnostics.office.comA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                        		high
                                                                                        https://clients.config.office.net/user/v1.0/iosA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                          		high
                                                                                          https://insertmedia.bing.office.net/odc/insertmediaA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                            		high
                                                                                            https://o365auditrealtimeingestion.manage.office.comA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                              		high
                                                                                              https://outlook.office365.com/api/v1.0/me/ActivitiesA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                		high
                                                                                                https://api.office.netA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                  		high
                                                                                                  https://incidents.diagnosticssdf.office.comA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                    		high
                                                                                                    https://asgsmsproxyapi.azurewebsites.net/A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                    • 0%, Virustotal, Browse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://clients.config.office.net/user/v1.0/android/policiesA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                      		high
                                                                                                      https://entitlement.diagnostics.office.comA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                        		high
                                                                                                        https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.jsonA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                          		high
                                                                                                          https://outlook.office.com/A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                            		high
                                                                                                            https://storage.live.com/clientlogs/uploadlocationA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                              		high
                                                                                                              https://templatelogging.office.com/client/logA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                                		high
                                                                                                                https://outlook.office365.com/A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                                  		high
                                                                                                                  https://webshell.suite.office.comA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                                    		high
                                                                                                                    https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDriveA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                                      		high
                                                                                                                      https://management.azure.com/A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                                        		high
                                                                                                                        https://login.windows.net/common/oauth2/authorizeA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                                          		high
                                                                                                                          https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFileA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          • URL Reputation: safe
                                                                                                                          • URL Reputation: safe
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://graph.windows.net/A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                                            		high
                                                                                                                            https://api.powerbi.com/beta/myorg/importsA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                                              		high
                                                                                                                              https://devnull.onenote.comA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                                                		high
                                                                                                                                https://ncus.pagecontentsync.A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.jsonA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                                                  		high
                                                                                                                                  https://messaging.office.com/A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                                                    		high
                                                                                                                                    https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                                                      		high
                                                                                                                                      https://augloop.office.com/v2A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                                                        		high
                                                                                                                                        https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=BingA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                                                          		high
                                                                                                                                          https://skyapi.live.net/Activity/A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          		unknown
                                                                                                                                          https://clients.config.office.net/user/v1.0/macA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                                                            		high
                                                                                                                                            https://dataservice.o365filtering.comA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            https://api.cortana.aiA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            https://onedrive.live.comA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                                                              		high
                                                                                                                                              https://ovisualuiapp.azurewebsites.net/pbiagave/A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              https://visio.uservoice.com/forums/368202-visio-on-devicesA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                                                                		high
                                                                                                                                                https://directory.services.A354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                		unknown
                                                                                                                                                https://login.windows-ppe.net/common/oauth2/authorizeA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://staging.cortana.aiA354DBD0-A08D-422F-90A3-E85F18D7B7BE.0.drfalse
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  		unknown

                                                                                                                                                  Contacted IPs

                                                                                                                                                  No contacted IP infos

                                                                                                                                                  General Information

                                                                                                                                                  Joe Sandbox Version:31.0.0 Emerald
                                                                                                                                                  Analysis ID:383148
                                                                                                                                                  Start date:07.04.2021
                                                                                                                                                  Start time:10:43:47
                                                                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                                                                  Overall analysis duration:0h 3m 59s
                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                  Report type:full
                                                                                                                                                  Sample file name:Coronavirus pandemic.docx
                                                                                                                                                  Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                  Run name:Potential for more IOCs and behavior
                                                                                                                                                  Number of analysed new started processes analysed:18
                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                  Technologies:
                                                                                                                                                  • HCA enabled
                                                                                                                                                  • EGA enabled
                                                                                                                                                  • HDC enabled
                                                                                                                                                  • AMSI enabled
                                                                                                                                                  Analysis Mode:default
                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                  Detection:CLEAN
                                                                                                                                                  Classification:clean0.winDOCX@1/8@0/0
                                                                                                                                                  Cookbook Comments:
                                                                                                                                                  • Adjust boot time
                                                                                                                                                  • Enable AMSI
                                                                                                                                                  • Found application associated with file extension: .docx
                                                                                                                                                  • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                  • Attach to Office via COM
                                                                                                                                                  • Scroll down
                                                                                                                                                  • Close Viewer
                                                                                                                                                  Warnings:
                                                                                                                                                  Show All
                                                                                                                                                  • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 23.54.113.53, 204.79.197.200, 13.107.21.200, 40.88.32.150, 104.42.151.234, 52.109.88.177, 52.109.12.23, 52.109.8.25, 13.88.21.125, 104.43.193.48, 20.82.210.154, 95.100.54.203, 93.184.221.240, 51.103.5.159, 52.255.188.83, 104.43.139.144, 23.10.249.26, 23.10.249.43, 20.54.26.129, 20.50.102.62
                                                                                                                                                  • Excluded domains from analysis (whitelisted): prod-w.nexus.live.com.akadns.net, arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, wu.azureedge.net, e12564.dspb.akamaiedge.net, skypedataprdcoleus15.cloudapp.net, wns.notify.trafficmanager.net, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, nexus.officeapps.live.com, arc.trafficmanager.net, officeclient.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, wu.wpc.apr-52dd2.edgecastdns.net, au-bg-shim.trafficmanager.net, www.bing.com, client.wns.windows.com, fs.microsoft.com, dual-a-0001.a-msedge.net, prod.configsvc1.live.com.akadns.net, wu.ec.azureedge.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus16.cloudapp.net, skypedataprdcolwus15.cloudapp.net, europe.configsvc1.live.com.akadns.net

                                                                                                                                                  Simulations

                                                                                                                                                  Behavior and APIs

                                                                                                                                                  No simulations

                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                  IPs

                                                                                                                                                  No context

                                                                                                                                                  Domains

                                                                                                                                                  No context

                                                                                                                                                  ASN

                                                                                                                                                  No context

                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                  No context

                                                                                                                                                  Dropped Files

                                                                                                                                                  No context

                                                                                                                                                  Created / dropped Files

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\A354DBD0-A08D-422F-90A3-E85F18D7B7BE
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):133170
                                                                                                                                                  Entropy (8bit):5.3710169286179985
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:TcQIeNquBXA3gBwqpQ9DQW+zAM34ZldpKWXboOilXNErLdME9:vVQ9DQW+zTXiJ
                                                                                                                                                  MD5:514F7BF0F0A3FF8E9593EC5C557CB5FC
                                                                                                                                                  SHA1:B49C00B20EFA49DE351C827036EDE3EC3AB8533F
                                                                                                                                                  SHA-256:18F1C4509CAC7A843DED8EBBEBA87AD889EFB61C84285CB9EF5935C74FEC8E38
                                                                                                                                                  SHA-512:60FD0595D09D5C3A19AB38D5B11327C43CA3909F62276C56760A0DB9D3EDD3E24310A94A5186B69E54DEC0AF092CD80CDCD2DB634CFDCA45E5A360CADE9995C4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:low
                                                                                                                                                  Preview: <?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2021-04-07T08:44:32">.. Build: 16.0.13925.30526-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{099D4456-906F-4297-A267-395210B4A021}.tmp
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):8704
                                                                                                                                                  Entropy (8bit):3.643235732815873
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:B/8txwIHlREaH5vWPW7wwn9VU0xrhSOn7q7xZjE/yCb3MiI15Gobr/eEBGP/YGc:5lIHlREaZe+7wwHRrUDHjE/yYA16c
                                                                                                                                                  MD5:CD99CDBE1544840CCF72278CC477D9F0
                                                                                                                                                  SHA1:E3BBB1829872159368BF3995BD6D208920084EDA
                                                                                                                                                  SHA-256:641F11A0953210C7AAB002FD67255D7919FEA327A972DF417471DD78B4BC80B1
                                                                                                                                                  SHA-512:2255DCF66CDEABB9FD17EC40837F500AFD97FFD8A7747B85E72B1396569317B5298C97051C20979AB38FF4BCB4E15D8A17240F2EBFE1D7908B8CBAF1184207CF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:low
                                                                                                                                                  Preview: ..U.N. .E.m.b.r.a.c.e. .R.e.l.i.e.f. .F.u.n.d.........C.o.n.g.r.a.t.u.l.a.t.i.o.n.s. .t.o. .y.o.u.,. .o.u.r. .l.u.c.k.y. .w.i.n.n.e.r.....A.s. .t.h.e. .w.o.r.l.d. .f.a.c.e.s. .a. .s.t.r.e.s.s.f.u.l. .t.i.m.e. .w.i.t.h. .t.h.e. .C.o.r.o.n.a.v.i.r.u.s. .p.a.n.d.e.m.i.c.,. .t.h.e. .m.e.s.s.a.g.e. .f.o.r. .a.l.l. .o.f. .u.s. .i.s. .c.l.e.a.r.. w.e.a.r. .y.o.u.r. .f.a.c.e.m.a.s.k. .t.o. .a.v.o.i.d. .t.h.e. .s.p.r.e.a.d. .o.f. .t.h.e. .v.i.r.u.s... .B.u.t. .h.e.r.e. .i.n. .t.h.e. .U...S...,...s.o.c.i.a.l. ...............2...6.......f... ...X...f...H...~...h...<...~...D.............................................................................................................................................................................................................................................................................................................................................................................................gd{]b......$..d........9D..a$.gd{]b......dh.......
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{B6869D89-96E9-49F0-B15B-63F168951986}.tmp
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1024
                                                                                                                                                  Entropy (8bit):0.05390218305374581
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:ol3lYdn:4Wn
                                                                                                                                                  MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                                                                                                                  SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                                                                                                                  SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                                                                                                                  SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:high, very likely benign file
                                                                                                                                                  Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\mso6491.tmp
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:GIF image data, version 89a, 15 x 15
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):663
                                                                                                                                                  Entropy (8bit):5.949125862393289
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:PlrojAxh4bxdtT/CS3wkxWHMGBJg8E8gKVYQezuYEecp:trPsTTaWKbBCgVqSF
                                                                                                                                                  MD5:ED3C1C40B68BA4F40DB15529D5443DEC
                                                                                                                                                  SHA1:831AF99BB64A04617E0A42EA898756F9E0E0BCCA
                                                                                                                                                  SHA-256:039FE79B74E6D3D561E32D4AF570E6CA70DB6BB3718395BE2BF278B9E601279A
                                                                                                                                                  SHA-512:C7B765B9AFBB9810B6674DBC5C5064ED96A2682E78D5DFFAB384D81EDBC77D01E0004F230D4207F2B7D89CEE9008D79D5FBADC5CB486DA4BC43293B7AA878041
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:high, very likely benign file
                                                                                                                                                  Preview: GIF89a....w..!..MSOFFICE9.0.....sRGB......!..MSOFFICE9.0.....msOPMSOFFICE9.0Dn&P3.!..MSOFFICE9.0.....cmPPJCmp0712.........!.......,....................'..;..b...RQ.xx..................,+................................yy..;..b.........................qp.bb..........uv.ZZ.LL.......xw.jj.NN.A@....zz.mm.^_.........yw........yx.xw.RR.,*.++............................................................................................................................................................................................................8....>.......................4567...=..../0123.....<9:.()*+,-.B.@...."#$%&'....... !............C.?....A;<...HT(..;
                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Coronavirus pandemic.docx.LNK
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 30 14:03:41 2020, mtime=Wed Apr 7 16:44:32 2021, atime=Wed Apr 7 16:44:30 2021, length=15421, window=hide
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2220
                                                                                                                                                  Entropy (8bit):4.728089787574786
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:8NvfRNPjwRHnLaB6pNvfRNPjwRHnLaB6:8pvwFnLaKpvwFnLa
                                                                                                                                                  MD5:04C80E81AA3FCE7AAFBF73DCE4A5C149
                                                                                                                                                  SHA1:0A7FE0B08BD09B13246FA82EDBBF904463073CC3
                                                                                                                                                  SHA-256:289FC694520CE57851F80F0537ACCDA417A86C20E32F4C40CF19FC4944A1FDA4
                                                                                                                                                  SHA-512:8D1D4A17CFE327AB659A743D32AB05A48C8F152ABCC276D699C27EFD578987B9C46DCF6B4D26633B867A41F6ACE75ADC6C1E8B5F428572878BF81307BF36B9D2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:low
                                                                                                                                                  Preview: L..................F.... .....j.:....p...+...p]..+..=<...........................P.O. .:i.....+00.../C:\...................x.1......N....Users.d......L...R......................:.....q|..U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....P.1.....>Qvx..user.<.......Ny..R.......S....................Y.N.h.a.r.d.z.....~.1.....>Qwx..Desktop.h.......Ny..R.......Y..............>.......6.D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.......2.=<...R.. .CORONA~1.DOC..d......>Qux.R......h.....................=.-.C.o.r.o.n.a.v.i.r.u.s. .p.a.n.d.e.m.i.c...d.o.c.x......._...............-.......^...........>.S......C:\Users\user\Desktop\Coronavirus pandemic.docx..0.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.C.o.r.o.n.a.v.i.r.u.s. .p.a.n.d.e.m.i.c...d.o.c.x.........:..,.LB.)...As...`.......X.......035347...........!a..%.H.VZAj...}..-.........-..!a..%.H.VZAj...}..-.........-.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.8.5.3.3.2.1.9.3.5.-.2.1.2.5.5.6.3.2
                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):115
                                                                                                                                                  Entropy (8bit):4.570921251306772
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:HtDiBVS+LviBVSmxWtDiBVSv:Ht2V7qVg2Vc
                                                                                                                                                  MD5:3ED8DDC4884897984D431AAACAB9E082
                                                                                                                                                  SHA1:B3D049D3771F3F8E5CF3D4F62DE40BCB30A04FC1
                                                                                                                                                  SHA-256:D41A55313423DA59273B0A0E25E3C8EF34F6470EAC164BB3C6B95484C5A995D8
                                                                                                                                                  SHA-512:CCA1CF36A8DE4488AAA86EB298AE7D5857C7274D44FD7BE2C4CE1577C762F34CDC1C99AB6398D4506FFFF078027BAF8081445FEB7BFD00CCC1C81643D994D47B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:low
                                                                                                                                                  Preview: [misc]..Coronavirus pandemic.docx.LNK=0..Coronavirus pandemic.docx.LNK=0..[misc]..Coronavirus pandemic.docx.LNK=0..
                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):162
                                                                                                                                                  Entropy (8bit):3.2806617440194796
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:Rl/Zd+LE7VlXtlSL19ilxV3AmLU+gn:RtZaEhW6h7gn
                                                                                                                                                  MD5:8F992AA56A789704E97825360E6ACC04
                                                                                                                                                  SHA1:72F49894D4FCA8CB6500A72DEB0D88443B9B1011
                                                                                                                                                  SHA-256:A0DF478FF7FD9C95C8CA6EC4E5C2188F69F799DF1ED39F7C392123A81F9370E4
                                                                                                                                                  SHA-512:130B4CC8BD3EE1764C54DD70F311F0D5CA03C50ADE7C66B7AC0A873B76FF001FCC612423AB94235B255E1DAFBAE9B1D3E7E6023F149CE49ECED330D1CAED035E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:low
                                                                                                                                                  Preview: .pratesh................................................p.r.a.t.e.s.h..................................................^.j@..jT..j`..jDB.jZR.j........8.9.8.9.8.9.
                                                                                                                                                  C:\Users\user\Desktop\~$ronavirus pandemic.docx
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):162
                                                                                                                                                  Entropy (8bit):3.2806617440194796
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:Rl/Zd+LE7VlXtlSL19ilxV3AmLU+gn:RtZaEhW6h7gn
                                                                                                                                                  MD5:8F992AA56A789704E97825360E6ACC04
                                                                                                                                                  SHA1:72F49894D4FCA8CB6500A72DEB0D88443B9B1011
                                                                                                                                                  SHA-256:A0DF478FF7FD9C95C8CA6EC4E5C2188F69F799DF1ED39F7C392123A81F9370E4
                                                                                                                                                  SHA-512:130B4CC8BD3EE1764C54DD70F311F0D5CA03C50ADE7C66B7AC0A873B76FF001FCC612423AB94235B255E1DAFBAE9B1D3E7E6023F149CE49ECED330D1CAED035E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:low
                                                                                                                                                  Preview: .pratesh................................................p.r.a.t.e.s.h..................................................^.j@..jT..j`..jDB.jZR.j........8.9.8.9.8.9.

                                                                                                                                                  Static File Info

                                                                                                                                                  General

                                                                                                                                                  File type:Microsoft Word 2007+
                                                                                                                                                  Entropy (8bit):7.360605033888312
                                                                                                                                                  TrID:
                                                                                                                                                  • Word Microsoft Office Open XML Format document (49504/1) 49.01%
                                                                                                                                                  • Word Microsoft Office Open XML Format document (43504/1) 43.07%
                                                                                                                                                  • ZIP compressed archive (8000/1) 7.92%
                                                                                                                                                  File name:Coronavirus pandemic.docx
                                                                                                                                                  File size:15421
                                                                                                                                                  MD5:8f525ec48db9a3caea17354f5113beb8
                                                                                                                                                  SHA1:8b1792b84b70053532ab34b8d62659d1d531affc
                                                                                                                                                  SHA256:42566c5d227dff870976653176f6497eef50bbc0397b8c0507c2801e38ac210a
                                                                                                                                                  SHA512:446a73cd4e72488f1e22831350b6e5ffa43865d36d26e37727a112356b156e9255d6f95cacf3b96b120cff9d227a6ae2a85435063ed822e06fd65535a6d69c74
                                                                                                                                                  SSDEEP:384:dzqi+t8BXgzhCtjn0i13LupzomoI3ntH3Qr+:oigIgQDv13KV/oI1P
                                                                                                                                                  File Content Preview:PK..........!.2.oWf...........[Content_Types].xml ...(.........................................................................................................................................................................................................

                                                                                                                                                  File Icon

                                                                                                                                                  Icon Hash:74fcd0d2d6d6d0cc

                                                                                                                                                  Network Behavior

                                                                                                                                                  Network Port Distribution

                                                                                                                                                  UDP Packets

                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                  Apr 7, 2021 10:44:23.899863005 CEST4919953192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:44:23.926371098 CEST53491998.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:44:23.978290081 CEST5062053192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:44:23.997157097 CEST53506208.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:44:27.797558069 CEST6493853192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:44:28.806674957 CEST6493853192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:44:28.822088957 CEST53649388.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:44:29.808037043 CEST6015253192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:44:29.822516918 CEST53601528.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:44:30.838164091 CEST5754453192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:44:30.854443073 CEST53575448.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:44:32.094667912 CEST5598453192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:44:32.156312943 CEST53559848.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:44:32.522908926 CEST6418553192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:44:32.556086063 CEST53641858.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:44:33.525691032 CEST6418553192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:44:33.567181110 CEST53641858.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:44:33.833544016 CEST6511053192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:44:33.846781015 CEST53651108.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:44:34.525604010 CEST6418553192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:44:34.541420937 CEST53641858.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:44:35.044347048 CEST5836153192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:44:35.057980061 CEST53583618.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:44:36.541465044 CEST6418553192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:44:36.562011957 CEST53641858.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:44:38.557693005 CEST6349253192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:44:38.571228027 CEST53634928.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:44:39.836117029 CEST6083153192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:44:39.850241899 CEST53608318.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:44:40.557315111 CEST6418553192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:44:40.571409941 CEST53641858.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:44:41.052516937 CEST6010053192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:44:41.067276001 CEST53601008.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:44:51.641535997 CEST5319553192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:44:51.662220001 CEST53531958.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:44:57.752062082 CEST5014153192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:44:57.767802954 CEST53501418.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:44:58.871625900 CEST5302353192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:44:58.883958101 CEST53530238.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:44:59.629125118 CEST4956353192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:44:59.651604891 CEST53495638.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:45:22.588392973 CEST5135253192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:45:22.589734077 CEST5934953192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:45:22.608077049 CEST53593498.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:45:22.611449003 CEST53513528.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:45:22.656389952 CEST5708453192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:45:22.669035912 CEST53570848.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:45:23.208421946 CEST5882353192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:45:23.220789909 CEST53588238.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:45:34.513078928 CEST5756853192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:45:34.525424957 CEST53575688.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:45:35.224879026 CEST5054053192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:45:35.239613056 CEST53505408.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:45:36.232712984 CEST5436653192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:45:36.245291948 CEST53543668.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:45:38.936172009 CEST5303453192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:45:38.949873924 CEST53530348.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:45:45.586119890 CEST5776253192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:45:45.599395990 CEST53577628.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:45:46.897816896 CEST5543553192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:45:46.910204887 CEST53554358.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:45:50.237365007 CEST5071353192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:45:50.250327110 CEST53507138.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:45:52.273396015 CEST5613253192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:45:52.291496992 CEST53561328.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:45:58.088119984 CEST5898753192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:45:58.114355087 CEST53589878.8.8.8192.168.2.3
                                                                                                                                                  Apr 7, 2021 10:46:22.954149008 CEST5657953192.168.2.38.8.8.8
                                                                                                                                                  Apr 7, 2021 10:46:22.968173981 CEST53565798.8.8.8192.168.2.3

                                                                                                                                                  Code Manipulations

                                                                                                                                                  Statistics

                                                                                                                                                  CPU Usage

                                                                                                                                                  Click to jump to process

                                                                                                                                                  Memory Usage

                                                                                                                                                  Click to jump to process

                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                  System Behavior

                                                                                                                                                  Analysis Process: WINWORD.EXE PID: 1008 Parent PID: 792

                                                                                                                                                  General

                                                                                                                                                  Start time:10:44:30
                                                                                                                                                  Start date:07/04/2021
                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:'C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE' /Automation -Embedding
                                                                                                                                                  Imagebase:0x90000
                                                                                                                                                  File size:1937688 bytes
                                                                                                                                                  MD5 hash:0B9AB9B9C4DE429473D6450D4297A123
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Disassembly

                                                                                                                                                  Reset < >