Loading ...

Play interactive tourEdit tour

Analysis Report Bio-Solid Feed Stock Evaluation_.docx

Overview

General Information

Sample Name:Bio-Solid Feed Stock Evaluation_.docx
Analysis ID:404291
MD5:a829fa8a85650dde608ada79d3ba4f11
SHA1:22964385dc00646b24d1203b8d7c4520c8e7704c
SHA256:08bcf8510cbfb3a81777399682e35f05046d285e7c401b97874f9149113ddc88
Infos:

Most interesting Screenshot:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

Startup

  • System is w10x64
  • WINWORD.EXE (PID: 5992 cmdline: 'C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE' /Automation -Embedding MD5: 0B9AB9B9C4DE429473D6450D4297A123)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dll
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://api.aadrm.com/
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://api.cortana.ai
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://api.diagnostics.office.com
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://api.office.net
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://api.onedrive.com
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://apis.live.net/v5.0/
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://augloop.office.com
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://augloop.office.com/v2
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://cdn.entity.
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://clients.config.office.net/
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://config.edge.skype.com
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://cortana.ai
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://cortana.ai/api
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://cr.office.com
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://dataservice.o365filtering.com
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://dev.cortana.ai
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://devnull.onenote.com
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://directory.services.
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://graph.ppe.windows.net
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://graph.ppe.windows.net/
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://graph.windows.net
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://graph.windows.net/
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://lifecycle.office.com
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://login.microsoftonline.com/
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://login.windows.local
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://management.azure.com
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://management.azure.com/
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://messaging.office.com/
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://ncus.contentsync.
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://ncus.pagecontentsync.
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://officeapps.live.com
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://onedrive.live.com
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://onedrive.live.com/embed?
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://outlook.office.com/
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://outlook.office365.com/
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://powerlift.acompli.net
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://settings.outlook.com
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://shell.suite.office.com:1443
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://staging.cortana.ai
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://store.office.com/?productgroup=Outlook
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://store.office.com/addinstemplate
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://store.office.de/addinstemplate
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://store.officeppe.com/addinstemplate
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://tasks.office.com
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://templatelogging.office.com/client/log
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://webshell.suite.office.com
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://wus2.contentsync.
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://wus2.pagecontentsync.
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drString found in binary or memory: https://www.odwebp.svc.ms
Source: classification engineClassification label: clean0.winDOCX@1/11@0/0
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.WordJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\{288E702F-1A0C-4652-9D0E-4402FD88C9B0} - OProcSessId.datJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dll
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionMasquerading1OS Credential DumpingFile and Directory Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemorySystem Information Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://cdn.entity.0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://ofcrecsvcapi-int.azurewebsites.net/0%VirustotalBrowse
https://ofcrecsvcapi-int.azurewebsites.net/0%Avira URL Cloudsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%VirustotalBrowse
https://officeci.azurewebsites.net/api/0%Avira URL Cloudsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://store.officeppe.com/addinstemplate0%URL Reputationsafe
https://store.officeppe.com/addinstemplate0%URL Reputationsafe
https://store.officeppe.com/addinstemplate0%URL Reputationsafe
https://store.officeppe.com/addinstemplate0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://asgsmsproxyapi.azurewebsites.net/0%VirustotalBrowse
https://asgsmsproxyapi.azurewebsites.net/0%Avira URL Cloudsafe
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://ncus.pagecontentsync.0%URL Reputationsafe
https://ncus.pagecontentsync.0%URL Reputationsafe
https://ncus.pagecontentsync.0%URL Reputationsafe
https://ncus.pagecontentsync.0%URL Reputationsafe
https://skyapi.live.net/Activity/0%URL Reputationsafe
https://skyapi.live.net/Activity/0%URL Reputationsafe
https://skyapi.live.net/Activity/0%URL Reputationsafe
https://skyapi.live.net/Activity/0%URL Reputationsafe
https://dataservice.o365filtering.com0%URL Reputationsafe
https://dataservice.o365filtering.com0%URL Reputationsafe
https://dataservice.o365filtering.com0%URL Reputationsafe
https://dataservice.o365filtering.com0%URL Reputationsafe
https://api.cortana.ai0%URL Reputationsafe
https://api.cortana.ai0%URL Reputationsafe
https://api.cortana.ai0%URL Reputationsafe
https://api.cortana.ai0%URL Reputationsafe
https://ovisualuiapp.azurewebsites.net/pbiagave/0%VirustotalBrowse
https://ovisualuiapp.azurewebsites.net/pbiagave/0%Avira URL Cloudsafe
https://directory.services.0%URL Reputationsafe
https://directory.services.0%URL Reputationsafe
https://directory.services.0%URL Reputationsafe
https://directory.services.0%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://api.diagnosticssdf.office.comDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
    high
    https://login.microsoftonline.com/DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
      high
      https://shell.suite.office.com:1443DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
        high
        https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorizeDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
          high
          https://autodiscover-s.outlook.com/DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
            high
            https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
              high
              https://cdn.entity.DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              unknown
              https://api.addins.omex.office.net/appinfo/queryDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                high
                https://clients.config.office.net/user/v1.0/tenantassociationkeyDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                  high
                  https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                    high
                    https://powerlift.acompli.netDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    unknown
                    https://rpsticket.partnerservices.getmicrosoftkey.comDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    unknown
                    https://lookup.onenote.com/lookup/geolocation/v1DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                      high
                      https://cortana.aiDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      unknown
                      https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                        high
                        https://cloudfiles.onenote.com/upload.aspxDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                          high
                          https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                            high
                            https://entitlement.diagnosticssdf.office.comDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                              high
                              https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicyDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                high
                                https://api.aadrm.com/DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                unknown
                                https://ofcrecsvcapi-int.azurewebsites.net/DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                unknown
                                https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                  high
                                  https://api.microsoftstream.com/api/DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                    high
                                    https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                      high
                                      https://cr.office.comDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                        high
                                        https://portal.office.com/account/?ref=ClientMeControlDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                          high
                                          https://ecs.office.com/config/v2/OfficeDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                            high
                                            https://graph.ppe.windows.netDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                              high
                                              https://res.getmicrosoftkey.com/api/redemptioneventsDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              unknown
                                              https://powerlift-frontdesk.acompli.netDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              unknown
                                              https://tasks.office.comDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                high
                                                https://officeci.azurewebsites.net/api/DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                • 0%, Virustotal, Browse
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://sr.outlook.office.net/ws/speech/recognize/assistant/workDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                  high
                                                  https://store.office.cn/addinstemplateDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  unknown
                                                  https://outlook.office.com/autosuggest/api/v1/init?cvid=DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                    high
                                                    https://globaldisco.crm.dynamics.comDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                      high
                                                      https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                        high
                                                        https://store.officeppe.com/addinstemplateDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        unknown
                                                        https://dev0-api.acompli.net/autodetectDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        unknown
                                                        https://www.odwebp.svc.msDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        unknown
                                                        https://api.powerbi.com/v1.0/myorg/groupsDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                          high
                                                          https://web.microsoftstream.com/video/DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                            high
                                                            https://graph.windows.netDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                              high
                                                              https://dataservice.o365filtering.com/DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              unknown
                                                              https://officesetup.getmicrosoftkey.comDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              unknown
                                                              https://analysis.windows.net/powerbi/apiDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                high
                                                                https://prod-global-autodetect.acompli.net/autodetectDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                unknown
                                                                https://outlook.office365.com/autodiscover/autodiscover.jsonDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                  high
                                                                  https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-iosDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                    high
                                                                    https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                      high
                                                                      https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                        high
                                                                        https://ncus.contentsync.DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        https://onedrive.live.com/about/download/?windows10SyncClientInstalled=falseDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                          high
                                                                          https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                            high
                                                                            http://weather.service.msn.com/data.aspxDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                              high
                                                                              https://apis.live.net/v5.0/DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              unknown
                                                                              https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asksDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                high
                                                                                https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                  high
                                                                                  https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                    high
                                                                                    https://management.azure.comDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                      high
                                                                                      https://wus2.contentsync.DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                      • URL Reputation: safe
                                                                                      • URL Reputation: safe
                                                                                      • URL Reputation: safe
                                                                                      • URL Reputation: safe
                                                                                      unknown
                                                                                      https://incidents.diagnostics.office.comDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                        high
                                                                                        https://clients.config.office.net/user/v1.0/iosDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                          high
                                                                                          https://insertmedia.bing.office.net/odc/insertmediaDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                            high
                                                                                            https://o365auditrealtimeingestion.manage.office.comDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                              high
                                                                                              https://outlook.office365.com/api/v1.0/me/ActivitiesDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                high
                                                                                                https://api.office.netDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                  high
                                                                                                  https://incidents.diagnosticssdf.office.comDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                    high
                                                                                                    https://asgsmsproxyapi.azurewebsites.net/DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                    • 0%, Virustotal, Browse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    unknown
                                                                                                    https://clients.config.office.net/user/v1.0/android/policiesDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                      high
                                                                                                      https://entitlement.diagnostics.office.comDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                        high
                                                                                                        https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.jsonDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                          high
                                                                                                          https://outlook.office.com/DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                            high
                                                                                                            https://storage.live.com/clientlogs/uploadlocationDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                              high
                                                                                                              https://templatelogging.office.com/client/logDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                                high
                                                                                                                https://outlook.office365.com/DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                                  high
                                                                                                                  https://webshell.suite.office.comDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                                    high
                                                                                                                    https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDriveDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                                      high
                                                                                                                      https://management.azure.com/DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                                        high
                                                                                                                        https://login.windows.net/common/oauth2/authorizeDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                                          high
                                                                                                                          https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFileDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          • URL Reputation: safe
                                                                                                                          • URL Reputation: safe
                                                                                                                          • URL Reputation: safe
                                                                                                                          unknown
                                                                                                                          https://graph.windows.net/DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                                            high
                                                                                                                            https://api.powerbi.com/beta/myorg/importsDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                                              high
                                                                                                                              https://devnull.onenote.comDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                                                high
                                                                                                                                https://ncus.pagecontentsync.DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                unknown
                                                                                                                                https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.jsonDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                                                  high
                                                                                                                                  https://messaging.office.com/DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                                                    high
                                                                                                                                    https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                                                      high
                                                                                                                                      https://augloop.office.com/v2DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                                                        high
                                                                                                                                        https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=BingDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                                                          high
                                                                                                                                          https://skyapi.live.net/Activity/DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          unknown
                                                                                                                                          https://clients.config.office.net/user/v1.0/macDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                                                            high
                                                                                                                                            https://dataservice.o365filtering.comDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            unknown
                                                                                                                                            https://api.cortana.aiDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            unknown
                                                                                                                                            https://onedrive.live.comDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                                                              high
                                                                                                                                              https://ovisualuiapp.azurewebsites.net/pbiagave/DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                                                              • 0%, Virustotal, Browse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              unknown
                                                                                                                                              https://visio.uservoice.com/forums/368202-visio-on-devicesDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                                                                high
                                                                                                                                                https://directory.services.DF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                unknown
                                                                                                                                                https://login.windows-ppe.net/common/oauth2/authorizeDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                                                                  high
                                                                                                                                                  https://staging.cortana.aiDF1C0634-A091-48ED-8FF2-AF628B96BF81.1.drfalse
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  unknown

                                                                                                                                                  Contacted IPs

                                                                                                                                                  No contacted IP infos

                                                                                                                                                  General Information

                                                                                                                                                  Joe Sandbox Version:32.0.0 Black Diamond
                                                                                                                                                  Analysis ID:404291
                                                                                                                                                  Start date:04.05.2021
                                                                                                                                                  Start time:21:51:24
                                                                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                                                                  Overall analysis duration:0h 4m 22s
                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                  Report type:light
                                                                                                                                                  Sample file name:Bio-Solid Feed Stock Evaluation_.docx
                                                                                                                                                  Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                  Run name:Potential for more IOCs and behavior
                                                                                                                                                  Number of analysed new started processes analysed:26
                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                  Technologies:
                                                                                                                                                  • HCA enabled
                                                                                                                                                  • EGA enabled
                                                                                                                                                  • HDC enabled
                                                                                                                                                  • AMSI enabled
                                                                                                                                                  Analysis Mode:default
                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                  Detection:CLEAN
                                                                                                                                                  Classification:clean0.winDOCX@1/11@0/0
                                                                                                                                                  Cookbook Comments:
                                                                                                                                                  • Adjust boot time
                                                                                                                                                  • Enable AMSI
                                                                                                                                                  • Found application associated with file extension: .docx
                                                                                                                                                  • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                  • Attach to Office via COM
                                                                                                                                                  • Scroll down
                                                                                                                                                  • Close Viewer

                                                                                                                                                  Simulations

                                                                                                                                                  Behavior and APIs

                                                                                                                                                  No simulations

                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                  IPs

                                                                                                                                                  No context

                                                                                                                                                  Domains

                                                                                                                                                  No context

                                                                                                                                                  ASN

                                                                                                                                                  No context

                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                  No context

                                                                                                                                                  Dropped Files

                                                                                                                                                  No context

                                                                                                                                                  Created / dropped Files

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\DF1C0634-A091-48ED-8FF2-AF628B96BF81
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):134558
                                                                                                                                                  Entropy (8bit):5.368391659266551
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:UcQIKNEHBXA3gBwlpQ9DQW+zhh34ZldpKWXboOilX5ErLWME9:TEQ9DQW+zPXO8
                                                                                                                                                  MD5:16D01D9D8F2B0DCEC42940B25E6B2106
                                                                                                                                                  SHA1:D954FAE7A2B3464F22FCB670C3BBCB8DC3ACF43A
                                                                                                                                                  SHA-256:B37DAE2CA61EDF4821D46ABF6A919750B34E3AB1B2AE9E81D89AF022B95917E6
                                                                                                                                                  SHA-512:2120F4CF40C9710BADDF6F1631009A5C70C0FD4977E0C4F56FA06A2811B4F05E8CB436FAB3186A5FE8755EE6DE17108A902138D0B14A026C5427687019D31465
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:low
                                                                                                                                                  Preview: <?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2021-05-04T19:52:17">.. Build: 16.0.14102.30525-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\88D6A842.png
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:PNG image data, 228 x 81, 8-bit/color RGBA, non-interlaced
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):12912
                                                                                                                                                  Entropy (8bit):7.980657944433155
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:t/mdfXGmMfhQ7E0FyUm177+dZIivT4moRWzLGwk9o4fGXjER/U7:Uh22FyidZIMURWzHYGTz7
                                                                                                                                                  MD5:91251E9C2886771106FA67FA469EC2D2
                                                                                                                                                  SHA1:F10256D1480FB009A2AC58F80A6BDDD6269A2FBE
                                                                                                                                                  SHA-256:67A26E18A62AA8C2E7919BDA7B1DA3089DD262993AD7C88B0ACBAB9F8A265C3A
                                                                                                                                                  SHA-512:2D34B014640350DEA9B913661744149E053C0901F465DFD4F236010BD521C55E842923463CEA51A6009411A65D4AD37CB1C767C25FA6C9C547F831E4E1025781
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:low
                                                                                                                                                  Preview: .PNG........IHDR.......Q......P.K....sRGB.........pHYs..........+......tEXtSoftware.Microsoft Office..5q..1.IDATx^.}.|SU.....t....e...ED\.D`*.X.bE.......od.!n.[...D*v......a.Ed.D....Ji.6{......$]..M.;..4...s..{.....-.w..AD._.+.J..].D0.......[Ex.6"a.A\.......2...n..xA........%r....,>...@..=..V.j..D.5G.fnw....4....<.`..y\..#......z..,.(.G..._...."..F..\.F.s.v.}0..6.6=\...pzx.~+.S.rXw...s""......D,........e...v.....".4.....p..u........N..W3...,R..1 .9.]r.B...(..~.-..3...PA.#..s....!...e.........3..&..y..8..a....l.;.HD.....&........y..Tx...^.,.!....;.`....[7.XL\.w....D...1..=m.e.m.Z.j......R`F.......n.qV.....'.K...k:y..T.N.....9..)...Q._.Z..........T8P.:...[..?a).....8.E...i4...;.-"...B....H4.0..]........JW..oHK.t#.!..V..\C M;fH..!...o.V.. ..b..A.v......:".s....q...B ...%.c..6.....A.v,.../T0Pf...<I.~..m8......{..2b......p...J...""f'..:A`9.."h+n..;ep..U......F.C...JIJ.A......o......q.fH.;..&b.Y.{g...z.6!.32.K... .O"..c..ID..K...z"D.[.....I..uE[.H...IZ....fy
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\mso8672.tmp
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:PNG image data, 1024 x 768, 8-bit/color RGBA, non-interlaced
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):9084
                                                                                                                                                  Entropy (8bit):6.066243465397226
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:ESBBav8ThoL9Jd+saEmB9IS9W/bvtWzd/JEdtgYTwetWyLrfvqk+U25qD3MsuTqy:ESdKvVmB9Ls8JqdtWCebkcU+
                                                                                                                                                  MD5:84EA1CD08BE8E4BB6D8FA8BA0530FB13
                                                                                                                                                  SHA1:B5FF79D7B5EE6C4F47F754A11B34302AD99C84DB
                                                                                                                                                  SHA-256:5CDB826CC6DDF754FF543B77A3D12276B7B21DA81B7E197D5653B3B1574CC1AC
                                                                                                                                                  SHA-512:013419EEA891A25976CCA53293BD8883AFBDAFA557E279E8D918CF12D0B169FD905CA93E412E50A61BA90E9E803E6895E121AEFFF2ED3B3CFBC60552770F3A44
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                  Preview: .PNG........IHDR.....................pHYs.................tEXtSoftware.Adobe ImageReadyq.e<..#.IDATx....q.G...9....H..E*..........@T..".0.*.....M.@e E..>..tw.W......B....y?h..^....?..C.u'.......V.1....Z..Q....zJ......?............H....9........c.(D.... ..<^.>....{.._..za$...)_D.SJ?.....@..C.l.... .........E..1.....M)......P#@./.... .).Kc..s..J.p< ..Q.L)....8.......`)..|aT...y.x@...ww.t....nw$...D..........O...w... ...:._P........r.x@........'...+...0..[#.. .I~....0..../.3Y7F..@..zl5....5...rf|.....;T..F....+'......A...zc..v......`..#c.. @9.z].X.....;..z..~.......Qc=...}....Jm......08..`...F..|..%..A..1..9...0..;... *.....g...."_n.... .).+c.......W.ny.......d[.P........;... ....1..o.~.@Q.b...SY..`n..u=...}............Q...'......#.. H.".vJ.'...c...`..1....<............... ...`...0..........R.4.@..Gy........fJ.7.`..v..........0z....|.Z...,.w....|..nw$...D..GV.,.w...~..n......_...*.Ex...4....8....(.'.c..*.....0..ko...AN.k0.@..'.\u.... ./SJ"...!....../g......
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{B75B9AA0-2C2A-42AF-99FA-1A1373CEF798}.tmp
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1024
                                                                                                                                                  Entropy (8bit):0.05390218305374581
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:ol3lYdn:4Wn
                                                                                                                                                  MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                                                                                                                  SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                                                                                                                  SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                                                                                                                  SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:high, very likely benign file
                                                                                                                                                  Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{DE6EC9FB-3337-48EC-BC41-5E8E77CEDBD8}.tmp
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):5558
                                                                                                                                                  Entropy (8bit):3.2100491303624255
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:chjmS4+HTIw8suFs53hgMNXhc+QUAu777+FKb6:cdHT3ys5fRhHiV
                                                                                                                                                  MD5:A60DB88EF4FFB9F449F3E51D43168EE7
                                                                                                                                                  SHA1:6A2E3B8C49C438B68AE9601C8C4EA371321C848D
                                                                                                                                                  SHA-256:0B81F0B817CAD98516763E79B4E774E8EC2972AC3C957408173D3D1D96D21197
                                                                                                                                                  SHA-512:BFDAD2ADBA0796F6BDB831F493C841FE7F0F5B5641F9D8A331B06C63990CE32236417591CBAE90E64AF91B86D71B5759D756BB2843A47A041392A7E4515FBACA
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:low
                                                                                                                                                  Preview: ../.....R.e.q.u.e.s.t. .f.o.r. .P.r.o.p.o.s.a.l.s...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................4...........................<...J...L................................................................................................................................................................................................................................................................................................................................................................................................................$.a$.gd.u......&..F......gd..#.....
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\mso8538.tmp
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:GIF image data, version 89a, 15 x 15
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):663
                                                                                                                                                  Entropy (8bit):5.949125862393289
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:PlrojAxh4bxdtT/CS3wkxWHMGBJg8E8gKVYQezuYEecp:trPsTTaWKbBCgVqSF
                                                                                                                                                  MD5:ED3C1C40B68BA4F40DB15529D5443DEC
                                                                                                                                                  SHA1:831AF99BB64A04617E0A42EA898756F9E0E0BCCA
                                                                                                                                                  SHA-256:039FE79B74E6D3D561E32D4AF570E6CA70DB6BB3718395BE2BF278B9E601279A
                                                                                                                                                  SHA-512:C7B765B9AFBB9810B6674DBC5C5064ED96A2682E78D5DFFAB384D81EDBC77D01E0004F230D4207F2B7D89CEE9008D79D5FBADC5CB486DA4BC43293B7AA878041
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:high, very likely benign file
                                                                                                                                                  Preview: GIF89a....w..!..MSOFFICE9.0.....sRGB......!..MSOFFICE9.0.....msOPMSOFFICE9.0Dn&P3.!..MSOFFICE9.0.....cmPPJCmp0712.........!.......,....................'..;..b...RQ.xx..................,+................................yy..;..b.........................qp.bb..........uv.ZZ.LL.......xw.jj.NN.A@....zz.mm.^_.........yw........yx.xw.RR.,*.++............................................................................................................................................................................................................8....>.......................4567...=..../0123.....<9:.()*+,-.B.@...."#$%&'....... !............C.?....A;<...HT(..;
                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Bio-Solid Feed Stock Evaluation_.docx.LNK
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 30 14:03:46 2020, mtime=Wed May 5 03:52:18 2021, atime=Wed May 5 03:52:15 2021, length=28469, window=hide
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2350
                                                                                                                                                  Entropy (8bit):4.707968364236359
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:8opNK/E4AIZRx4AyNo2QvZRxCDhRh7aB6myopNK/E4AIZRx4AyNo2QvZRxCDhRh2:8opnWXfG6BXIMB6popnWXfG6BXIMB6
                                                                                                                                                  MD5:3636098DDB5C361119C3D9900C1969CC
                                                                                                                                                  SHA1:94B3D7C57C9DA2151E287F241C66F6D45F8ACB00
                                                                                                                                                  SHA-256:F72633FFDB9B8AC500E38A760B7BDA3FF702F5E140770C804EE35E7C0344A4B0
                                                                                                                                                  SHA-512:1561C3412E702A52584ED0C56DF397E731A2A330DC65C380C273DA687FD7422DDBEC85E8226984E693640FD70B4C97AFBA202C2AA49C41B216968AEF57950D35
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:low
                                                                                                                                                  Preview: L..................F.... ...k...:....=.mjA...S.kjA..5o...........................P.O. .:i.....+00.../C:\...................x.1......N....Users.d......L...R.&....................:.....q|..U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....P.1.....>Qyx..user.<.......Ny..R.&.....S........................h.a.r.d.z.....~.1.....>Q{x..Desktop.h.......Ny..R.&.....Y..............>.....d...D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.......2.5o...R.& .BIO-SO~1.DOC..~......>Qxx.R.&....h......................l..B.i.o.-.S.o.l.i.d. . .F.e.e.d. .S.t.o.c.k. .E.v.a.l.u.a.t.i.o.n._...d.o.c.x.......l...............-.......k...........>.S......C:\Users\user\Desktop\Bio-Solid Feed Stock Evaluation_.docx..=.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.B.i.o.-.S.o.l.i.d. . .F.e.e.d. .S.t.o.c.k. .E.v.a.l.u.a.t.i.o.n._...d.o.c.x.........:..,.LB.)...As...`.......X.......830021...........!a..%.H.VZAj......-.........-..!a..%.H.VZAj......-.........-.............1SPS.XF.L8C....&.m.q......
                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):154
                                                                                                                                                  Entropy (8bit):4.748557805188019
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:HsMT21MREg0Q4MQWS/n1MREg0Q4MQWSmxWsMT21MREg0Q4MQWSv:HtT21zVQ4MnWn1zVQ4MnaT21zVQ4Mnc
                                                                                                                                                  MD5:52D7C16EB6DB8326A3D103C4F06CD57D
                                                                                                                                                  SHA1:789704C304038A34D60E42FC5769838AF33376A2
                                                                                                                                                  SHA-256:81197DCB14624A313257D0272276987AD2C6195C0FE476A2399F92061849319F
                                                                                                                                                  SHA-512:D7EDA7E5E9D57113D4EE10D360F54B83E3CE4F2D41EB26C3CA4969DD3291B00C38A3FD18E0B522B4651D2C7F3DBC2FACD45BA5738B86898C4DD24767E6099E2D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:low
                                                                                                                                                  Preview: [misc]..Bio-Solid Feed Stock Evaluation_.docx.LNK=0..Bio-Solid Feed Stock Evaluation_.docx.LNK=0..[misc]..Bio-Solid Feed Stock Evaluation_.docx.LNK=0..
                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):162
                                                                                                                                                  Entropy (8bit):1.8270399412171197
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:Rl/ZdzcCVl//tlclkXlolRhlXln:RtZxWk14P
                                                                                                                                                  MD5:066EAF455BB4CBC23C499AF83D7C92EB
                                                                                                                                                  SHA1:75AC762773A704B3E890CD02B7B8F89EE068DDC2
                                                                                                                                                  SHA-256:47EE684F6BD787F6FDDCDDBBCC12DBD2E3568F9EE6A2AC9796B54AD0DF95AA62
                                                                                                                                                  SHA-512:A081711E5DAC8E77014023C042C84616F84F2AA8DC93F94A7995812CE2D5A3B067077C483E703CF7C4AD317B1FF4B12C3060FC33C727252CE5B7672EABBA4DF2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: .pratesh................................................p.r.a.t.e.s.h..........4.Y.=...................................................*\.........................
                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:Little-endian UTF-16 Unicode text, with no line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2
                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:Qn:Qn
                                                                                                                                                  MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                                                                  SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                                                                  SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                                                                  SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: ..
                                                                                                                                                  C:\Users\user\Desktop\~$o-Solid Feed Stock Evaluation_.docx
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):162
                                                                                                                                                  Entropy (8bit):1.8270399412171197
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:Rl/ZdzcCVl//tlclkXlolRhlXln:RtZxWk14P
                                                                                                                                                  MD5:066EAF455BB4CBC23C499AF83D7C92EB
                                                                                                                                                  SHA1:75AC762773A704B3E890CD02B7B8F89EE068DDC2
                                                                                                                                                  SHA-256:47EE684F6BD787F6FDDCDDBBCC12DBD2E3568F9EE6A2AC9796B54AD0DF95AA62
                                                                                                                                                  SHA-512:A081711E5DAC8E77014023C042C84616F84F2AA8DC93F94A7995812CE2D5A3B067077C483E703CF7C4AD317B1FF4B12C3060FC33C727252CE5B7672EABBA4DF2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: .pratesh................................................p.r.a.t.e.s.h..........4.Y.=...................................................*\.........................

                                                                                                                                                  Static File Info

                                                                                                                                                  General

                                                                                                                                                  File type:Microsoft Word 2007+
                                                                                                                                                  Entropy (8bit):7.711910442031405
                                                                                                                                                  TrID:
                                                                                                                                                  • Word Microsoft Office Open XML Format document (49504/1) 49.01%
                                                                                                                                                  • Word Microsoft Office Open XML Format document (43504/1) 43.07%
                                                                                                                                                  • ZIP compressed archive (8000/1) 7.92%
                                                                                                                                                  File name:Bio-Solid Feed Stock Evaluation_.docx
                                                                                                                                                  File size:28469
                                                                                                                                                  MD5:a829fa8a85650dde608ada79d3ba4f11
                                                                                                                                                  SHA1:22964385dc00646b24d1203b8d7c4520c8e7704c
                                                                                                                                                  SHA256:08bcf8510cbfb3a81777399682e35f05046d285e7c401b97874f9149113ddc88
                                                                                                                                                  SHA512:c2388a4b6a087f10a35bbba71958b8b3e3342ca818bfdb2f6a3f4d04f1b42e696b4c294cab07cf55b75d1ff4d66852bed35e08f89255a3798a259f1db4bf4a70
                                                                                                                                                  SSDEEP:384:r+B8tLLwWWAh22FyidZIMURWzHYGTzvNxt/ZtNN4CRc4/NodMyXTzf:rBLLws82FrIPRKTpxllN4GNbe
                                                                                                                                                  File Content Preview:PK..........!..!.]p...........[Content_Types].xml ...(.........................................................................................................................................................................................................

                                                                                                                                                  File Icon

                                                                                                                                                  Icon Hash:74fcd0d2d6d6d0cc

                                                                                                                                                  Network Behavior

                                                                                                                                                  Network Port Distribution

                                                                                                                                                  UDP Packets

                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                  May 4, 2021 21:52:08.624069929 CEST6015253192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:52:08.696279049 CEST53601528.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:52:09.015103102 CEST5754453192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:52:09.065540075 CEST53575448.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:52:10.219959974 CEST5598453192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:52:10.271389961 CEST53559848.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:52:10.427999973 CEST6418553192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:52:10.498090982 CEST53641858.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:52:11.457957983 CEST6511053192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:52:11.506858110 CEST53651108.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:52:12.525136948 CEST5836153192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:52:12.573875904 CEST53583618.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:52:14.179151058 CEST6349253192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:52:14.227716923 CEST53634928.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:52:16.153858900 CEST6083153192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:52:16.203943968 CEST53608318.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:52:17.550607920 CEST6010053192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:52:17.610881090 CEST53601008.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:52:18.137170076 CEST5319553192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:52:18.208787918 CEST53531958.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:52:19.166042089 CEST5319553192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:52:19.222877979 CEST53531958.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:52:19.927901030 CEST5014153192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:52:19.980820894 CEST53501418.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:52:20.176446915 CEST5319553192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:52:20.233649969 CEST53531958.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:52:21.487370968 CEST5302353192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:52:21.537960052 CEST53530238.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:52:22.194715023 CEST5319553192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:52:22.253542900 CEST53531958.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:52:23.024149895 CEST4956353192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:52:23.086242914 CEST53495638.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:52:24.025109053 CEST5135253192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:52:24.086288929 CEST53513528.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:52:26.208239079 CEST5319553192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:52:26.267613888 CEST53531958.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:52:28.377373934 CEST5934953192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:52:28.426177025 CEST53593498.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:52:29.336983919 CEST5708453192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:52:29.385871887 CEST53570848.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:52:30.848551035 CEST5882353192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:52:30.897841930 CEST53588238.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:52:33.650832891 CEST5756853192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:52:33.699486971 CEST53575688.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:52:34.779993057 CEST5054053192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:52:34.836891890 CEST53505408.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:52:35.957417965 CEST5436653192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:52:36.006494045 CEST53543668.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:52:37.128276110 CEST5303453192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:52:37.180418015 CEST53530348.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:52:38.255739927 CEST5776253192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:52:38.308357000 CEST53577628.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:52:43.173784018 CEST5543553192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:52:43.235239029 CEST53554358.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:52:46.948877096 CEST5071353192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:52:46.998903990 CEST53507138.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:53:04.843822002 CEST5613253192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:53:04.903740883 CEST53561328.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:53:21.584486008 CEST5898753192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:53:21.658561945 CEST53589878.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:53:27.835124016 CEST5657953192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:53:27.835844040 CEST6063353192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:53:27.884354115 CEST53606338.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:53:27.893630981 CEST53565798.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:53:29.448121071 CEST6129253192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:53:29.500988960 CEST53612928.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:53:34.958740950 CEST6361953192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:53:35.017502069 CEST53636198.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:54:05.237024069 CEST6493853192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:54:05.299891949 CEST53649388.8.8.8192.168.2.3
                                                                                                                                                  May 4, 2021 21:54:07.219696045 CEST6194653192.168.2.38.8.8.8
                                                                                                                                                  May 4, 2021 21:54:07.286463976 CEST53619468.8.8.8192.168.2.3

                                                                                                                                                  Code Manipulations

                                                                                                                                                  Statistics

                                                                                                                                                  System Behavior

                                                                                                                                                  General

                                                                                                                                                  Start time:21:52:15
                                                                                                                                                  Start date:04/05/2021
                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:'C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE' /Automation -Embedding
                                                                                                                                                  Imagebase:0xfc0000
                                                                                                                                                  File size:1937688 bytes
                                                                                                                                                  MD5 hash:0B9AB9B9C4DE429473D6450D4297A123
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Disassembly

                                                                                                                                                  Reset < >