Loading ...

Play interactive tourEdit tour

Windows Analysis Report 00620 - 2011 Dept Expense Detail.xls

Overview

General Information

Sample Name:00620 - 2011 Dept Expense Detail.xls
Analysis ID:467210
MD5:57bcdf4ddd4c73eb7b1579edf9e10d62
SHA1:fb7ee5e7a2ef599bcbf982ff6823387792a90335
SHA256:5c0e2dc5c3e763417c7fb8f02f8d12a64e9aad4f7fa4cf0e7a09e31bfe20e4fd
Infos:

Most interesting Screenshot:

Detection

Hidden Macro 4.0
Score:20
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Yara detected hidden Macro 4.0 in Excel
Document contains embedded VBA macros

Classification

Process Tree

  • System is w10x64
  • EXCEL.EXE (PID: 3012 cmdline: 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding MD5: 5D6638F2C8F8571C593999C58866007E)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
00620 - 2011 Dept Expense Detail.xlsJoeSecurity_HiddenMacroYara detected hidden Macro 4.0 in ExcelJoe Security

    Sigma Overview

    No Sigma rule has matched

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dll
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://api.aadrm.com/
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://api.cortana.ai
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://api.diagnostics.office.com
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://api.microsoftstream.com/api/
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://api.office.net
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://api.onedrive.com
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://apis.live.net/v5.0/
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://augloop.office.com
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://augloop.office.com/v2
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://cdn.entity.
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://clients.config.office.net/
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://config.edge.skype.com
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://cortana.ai
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://cortana.ai/api
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://cr.office.com
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://dataservice.o365filtering.com
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://dataservice.o365filtering.com/
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://dev.cortana.ai
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://devnull.onenote.com
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://directory.services.
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://enrichment.osi.office.net/
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://graph.ppe.windows.net
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://graph.ppe.windows.net/
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://graph.windows.net
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://graph.windows.net/
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://incidents.diagnostics.office.com
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://lifecycle.office.com
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://login.microsoftonline.com/
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://login.windows.local
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://management.azure.com
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://management.azure.com/
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://messaging.office.com/
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://ncus.contentsync.
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://ncus.pagecontentsync.
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://officeapps.live.com
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://onedrive.live.com
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://onedrive.live.com/embed?
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://osi.office.net
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://outlook.office.com/
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://outlook.office365.com/
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://pages.store.office.com/review/query
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
    Source: 00620 - 2011 Dept Expense Detail.xlsString found in binary or memory: https://peoplesoft.dealercentral.net/psp/SCMPRD_newwin/EMPLOYEE/ERP/c/REPORT_BOOKS.IC_RUN_DRILLDOWN.
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://powerlift.acompli.net
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://roaming.edog.
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://settings.outlook.com
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://shell.suite.office.com:1443
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://skyapi.live.net/Activity/
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://staging.cortana.ai
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://store.office.cn/addinstemplate
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://store.office.com/addinstemplate
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://store.office.de/addinstemplate
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://store.officeppe.com/addinstemplate
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://tasks.office.com
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://web.microsoftstream.com/video/
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://webshell.suite.office.com
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://wus2.contentsync.
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://wus2.pagecontentsync.
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
    Source: E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drString found in binary or memory: https://www.odwebp.svc.ms
    Source: 00620 - 2011 Dept Expense Detail.xlsOLE indicator, VBA macros: true
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{578E808D-CAA9-44BB-BD0F-9AAF239F8B84} - OProcSessId.datJump to behavior
    Source: 00620 - 2011 Dept Expense Detail.xlsOLE indicator, Workbook stream: true
    Source: classification engineClassification label: sus20.expl.winXLS@1/2@0/0
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCacheJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dll
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX

    HIPS / PFW / Operating System Protection Evasion:

    barindex
    Yara detected hidden Macro 4.0 in ExcelShow sources
    Source: Yara matchFile source: 00620 - 2011 Dept Expense Detail.xls, type: SAMPLE

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsScripting1Path InterceptionPath InterceptionMasquerading1OS Credential DumpingFile and Directory Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsScripting1LSASS MemorySystem Information Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    00620 - 2011 Dept Expense Detail.xls2%VirustotalBrowse
    00620 - 2011 Dept Expense Detail.xls2%ReversingLabsDocument.Trojan.CutwailOLE

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://roaming.edog.0%URL Reputationsafe
    https://cdn.entity.0%URL Reputationsafe
    https://powerlift.acompli.net0%URL Reputationsafe
    https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
    https://cortana.ai0%URL Reputationsafe
    https://api.aadrm.com/0%URL Reputationsafe
    https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
    https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
    https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
    https://officeci.azurewebsites.net/api/0%URL Reputationsafe
    https://store.office.cn/addinstemplate0%URL Reputationsafe
    https://store.officeppe.com/addinstemplate0%URL Reputationsafe
    https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
    https://www.odwebp.svc.ms0%URL Reputationsafe
    https://dataservice.o365filtering.com/0%URL Reputationsafe
    https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
    https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
    https://ncus.contentsync.0%URL Reputationsafe
    https://apis.live.net/v5.0/0%URL Reputationsafe
    https://wus2.contentsync.0%URL Reputationsafe
    https://asgsmsproxyapi.azurewebsites.net/0%URL Reputationsafe
    https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
    https://ncus.pagecontentsync.0%URL Reputationsafe
    https://skyapi.live.net/Activity/0%URL Reputationsafe
    https://dataservice.o365filtering.com0%URL Reputationsafe
    https://api.cortana.ai0%URL Reputationsafe
    https://ovisualuiapp.azurewebsites.net/pbiagave/0%URL Reputationsafe
    https://directory.services.0%URL Reputationsafe
    https://staging.cortana.ai0%URL Reputationsafe

    Domains and IPs

    Contacted Domains

    No contacted domains info

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://api.diagnosticssdf.office.comE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
      high
      https://login.microsoftonline.com/E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
        high
        https://shell.suite.office.com:1443E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
          high
          https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorizeE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
            high
            https://autodiscover-s.outlook.com/E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
              high
              https://roaming.edog.E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
              • URL Reputation: safe
              unknown
              https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                high
                https://cdn.entity.E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                • URL Reputation: safe
                unknown
                https://api.addins.omex.office.net/appinfo/queryE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                  high
                  https://clients.config.office.net/user/v1.0/tenantassociationkeyE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                    high
                    https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                      high
                      https://powerlift.acompli.netE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                      • URL Reputation: safe
                      unknown
                      https://rpsticket.partnerservices.getmicrosoftkey.comE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                      • URL Reputation: safe
                      unknown
                      https://lookup.onenote.com/lookup/geolocation/v1E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                        high
                        https://cortana.aiE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                        • URL Reputation: safe
                        unknown
                        https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                          high
                          https://cloudfiles.onenote.com/upload.aspxE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                            high
                            https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                              high
                              https://entitlement.diagnosticssdf.office.comE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                high
                                https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicyE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                  high
                                  https://api.aadrm.com/E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                  • URL Reputation: safe
                                  unknown
                                  https://ofcrecsvcapi-int.azurewebsites.net/E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                  • URL Reputation: safe
                                  unknown
                                  https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                    high
                                    https://api.microsoftstream.com/api/E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                      high
                                      https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                        high
                                        https://cr.office.comE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                          high
                                          https://portal.office.com/account/?ref=ClientMeControlE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                            high
                                            https://graph.ppe.windows.netE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                              high
                                              https://res.getmicrosoftkey.com/api/redemptioneventsE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                              • URL Reputation: safe
                                              unknown
                                              https://powerlift-frontdesk.acompli.netE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                              • URL Reputation: safe
                                              unknown
                                              https://tasks.office.comE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                high
                                                https://officeci.azurewebsites.net/api/E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                • URL Reputation: safe
                                                unknown
                                                https://sr.outlook.office.net/ws/speech/recognize/assistant/workE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                  high
                                                  https://store.office.cn/addinstemplateE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                  • URL Reputation: safe
                                                  unknown
                                                  https://outlook.office.com/autosuggest/api/v1/init?cvid=E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                    high
                                                    https://globaldisco.crm.dynamics.comE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                      high
                                                      https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                        high
                                                        https://store.officeppe.com/addinstemplateE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                        • URL Reputation: safe
                                                        unknown
                                                        https://dev0-api.acompli.net/autodetectE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                        • URL Reputation: safe
                                                        unknown
                                                        https://www.odwebp.svc.msE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                        • URL Reputation: safe
                                                        unknown
                                                        https://api.powerbi.com/v1.0/myorg/groupsE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                          high
                                                          https://web.microsoftstream.com/video/E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                            high
                                                            https://graph.windows.netE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                              high
                                                              https://dataservice.o365filtering.com/E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                              • URL Reputation: safe
                                                              unknown
                                                              https://officesetup.getmicrosoftkey.comE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                              • URL Reputation: safe
                                                              unknown
                                                              https://analysis.windows.net/powerbi/apiE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                high
                                                                https://prod-global-autodetect.acompli.net/autodetectE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                • URL Reputation: safe
                                                                unknown
                                                                https://outlook.office365.com/autodiscover/autodiscover.jsonE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                  high
                                                                  https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-iosE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                    high
                                                                    https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                      high
                                                                      https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                        high
                                                                        https://ncus.contentsync.E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        https://onedrive.live.com/about/download/?windows10SyncClientInstalled=falseE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                          high
                                                                          https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                            high
                                                                            http://weather.service.msn.com/data.aspxE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                              high
                                                                              https://apis.live.net/v5.0/E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                              • URL Reputation: safe
                                                                              unknown
                                                                              https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asksE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                high
                                                                                https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                  high
                                                                                  https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                    high
                                                                                    https://management.azure.comE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                      high
                                                                                      https://wus2.contentsync.E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                      • URL Reputation: safe
                                                                                      unknown
                                                                                      https://incidents.diagnostics.office.comE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                        high
                                                                                        https://clients.config.office.net/user/v1.0/iosE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                          high
                                                                                          https://insertmedia.bing.office.net/odc/insertmediaE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                            high
                                                                                            https://o365auditrealtimeingestion.manage.office.comE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                              high
                                                                                              https://outlook.office365.com/api/v1.0/me/ActivitiesE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                high
                                                                                                https://api.office.netE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                  high
                                                                                                  https://incidents.diagnosticssdf.office.comE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                    high
                                                                                                    https://asgsmsproxyapi.azurewebsites.net/E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                    • URL Reputation: safe
                                                                                                    unknown
                                                                                                    https://clients.config.office.net/user/v1.0/android/policiesE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                      high
                                                                                                      https://entitlement.diagnostics.office.comE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                        high
                                                                                                        https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.jsonE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                          high
                                                                                                          https://substrate.office.com/search/api/v2/initE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                            high
                                                                                                            https://outlook.office.com/E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                              high
                                                                                                              https://storage.live.com/clientlogs/uploadlocationE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                                high
                                                                                                                https://outlook.office365.com/E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                                  high
                                                                                                                  https://webshell.suite.office.comE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                                    high
                                                                                                                    https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDriveE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                                      high
                                                                                                                      https://management.azure.com/E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                                        high
                                                                                                                        https://login.windows.net/common/oauth2/authorizeE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                                          high
                                                                                                                          https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFileE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          unknown
                                                                                                                          https://graph.windows.net/E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                                            high
                                                                                                                            https://api.powerbi.com/beta/myorg/importsE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                                              high
                                                                                                                              https://devnull.onenote.comE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                                                high
                                                                                                                                https://ncus.pagecontentsync.E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                unknown
                                                                                                                                https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.jsonE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                                                  high
                                                                                                                                  https://messaging.office.com/E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                                                    high
                                                                                                                                    https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                                                      high
                                                                                                                                      https://augloop.office.com/v2E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                                                        high
                                                                                                                                        https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=BingE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                                                          high
                                                                                                                                          https://skyapi.live.net/Activity/E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          unknown
                                                                                                                                          https://clients.config.office.net/user/v1.0/macE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                                                            high
                                                                                                                                            https://dataservice.o365filtering.comE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            unknown
                                                                                                                                            https://api.cortana.aiE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            unknown
                                                                                                                                            https://onedrive.live.comE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                                                              high
                                                                                                                                              https://ovisualuiapp.azurewebsites.net/pbiagave/E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              unknown
                                                                                                                                              https://visio.uservoice.com/forums/368202-visio-on-devicesE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                                                                high
                                                                                                                                                https://directory.services.E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                unknown
                                                                                                                                                https://login.windows-ppe.net/common/oauth2/authorizeE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                                                                  high
                                                                                                                                                  https://staging.cortana.aiE4D0FAF0-0FEA-4027-925F-F5D7A4D0E437.0.drfalse
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  unknown

                                                                                                                                                  Contacted IPs

                                                                                                                                                  No contacted IP infos

                                                                                                                                                  General Information

                                                                                                                                                  Joe Sandbox Version:33.0.0 White Diamond
                                                                                                                                                  Analysis ID:467210
                                                                                                                                                  Start date:18.08.2021
                                                                                                                                                  Start time:00:43:28
                                                                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                                                                  Overall analysis duration:0h 3m 53s
                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                  Report type:light
                                                                                                                                                  Sample file name:00620 - 2011 Dept Expense Detail.xls
                                                                                                                                                  Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                  Run name:Potential for more IOCs and behavior
                                                                                                                                                  Number of analysed new started processes analysed:27
                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                  Technologies:
                                                                                                                                                  • HCA enabled
                                                                                                                                                  • EGA enabled
                                                                                                                                                  • HDC enabled
                                                                                                                                                  • GSI enabled (VBA)
                                                                                                                                                  • AMSI enabled
                                                                                                                                                  Analysis Mode:default
                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                  Detection:SUS
                                                                                                                                                  Classification:sus20.expl.winXLS@1/2@0/0
                                                                                                                                                  Cookbook Comments:
                                                                                                                                                  • Adjust boot time
                                                                                                                                                  • Enable AMSI
                                                                                                                                                  • Found application associated with file extension: .xls
                                                                                                                                                  • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                  • Attach to Office via COM
                                                                                                                                                  • Scroll down
                                                                                                                                                  • Close Viewer
                                                                                                                                                  Warnings:
                                                                                                                                                  Show All
                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe
                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 23.211.6.115, 52.109.88.177, 52.109.12.24, 52.109.8.22, 23.211.4.86, 20.50.102.62, 40.112.88.60, 20.82.210.154, 80.67.82.235, 80.67.82.211
                                                                                                                                                  • Excluded domains from analysis (whitelisted): prod-w.nexus.live.com.akadns.net, fs.microsoft.com, prod.configsvc1.live.com.akadns.net, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, store-images.s-microsoft.com-c.edgekey.net, e1723.g.akamaiedge.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, a1449.dscg2.akamai.net, arc.msn.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, store-images.s-microsoft.com, config.officeapps.live.com, nexus.officeapps.live.com, arc.trafficmanager.net, officeclient.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, europe.configsvc1.live.com.akadns.net
                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                  Simulations

                                                                                                                                                  Behavior and APIs

                                                                                                                                                  No simulations

                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                  IPs

                                                                                                                                                  No context

                                                                                                                                                  Domains

                                                                                                                                                  No context

                                                                                                                                                  ASN

                                                                                                                                                  No context

                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                  No context

                                                                                                                                                  Dropped Files

                                                                                                                                                  No context

                                                                                                                                                  Created / dropped Files

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\E4D0FAF0-0FEA-4027-925F-F5D7A4D0E437
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                  File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):135913
                                                                                                                                                  Entropy (8bit):5.362405603650326
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:xcQIKNveBTA3gBwlnQ9DQW+z2Y34ZliKWXboOidXqE6LWME9:8yQ9DQW+zaX31
                                                                                                                                                  MD5:9C6B48F93C1756AF2B30287EC513272A
                                                                                                                                                  SHA1:A94DC405C1450DA20EE8247BF587191C014A5687
                                                                                                                                                  SHA-256:1CEA86FF082655C802CF13D622552B9FAF02FA58D678D40C3BA9D40617CAF468
                                                                                                                                                  SHA-512:58850E4AD0EA5A0611AB53384545A243CA6B0555F33D9EEE9F65F326208F2452E97711F25B685551C62203D6D0F5822D92A08B871DE9AC96F56B19F57BB7363B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:low
                                                                                                                                                  Preview: <?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2021-08-17T22:44:26">.. Build: 16.0.14408.30525-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):170164
                                                                                                                                                  Entropy (8bit):4.363133121156603
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:fOjoILzolWWpFpKKHAeedydju4HTbTuo+o5aQxJudUl9yhQL3oKmmy:fhIg8WpFpKKHHedydFeo+oQLUlPoK0
                                                                                                                                                  MD5:BFF8FB2EC5E2C6EFDAEE929AA95CA688
                                                                                                                                                  SHA1:DD9731D3323018D348BBCC5E1D7635A1F12E7C90
                                                                                                                                                  SHA-256:FDCB036679E83977235BDAFF4CA034D9739BCEDB6B0DE19E44D48E809B3E0534
                                                                                                                                                  SHA-512:B30A8002FA21D54F632DB6A25C5477F0F57EB01061E1A41EDC0D40CCDA63A7C39A8CC8BD8FF0188F9BC90939149BE2F4E4C448DA2AEAE0ED066D405AE535594F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:low
                                                                                                                                                  Preview: MSFT................Q................................$......$....... ...................d.......,...........X....... ...........L...........x.......@...........l.......4...........`.......(...........T...................H...........t.......<...........h.......0...........\.......$...........P...........|.......D...........p.......8...........d.......,...........X....... ...........L...........x.......@........ ..l ... ..4!...!...!..`"..."..(#...#...#..T$...$...%...%...%..H&...&...'..t'...'..<(...(...)..h)...)..0*...*...*..\+...+..$,...,...,..P-...-......|.......D/.../...0..p0...0..81...1...2..d2...2..,3...3...3..X4...4.. 5...5...5..L6...6...7..x7...7..@8...8...9..l9...9..4:...:...:..`;...;..(<...<...<..T=...=...>...>...>..H?...?...@..t@...@..<A...A...B..hB.......l...B..........................$................................................ ...............................x...I..............T........................................... ...................................................

                                                                                                                                                  Static File Info

                                                                                                                                                  General

                                                                                                                                                  File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.2, Code page: 1252, Author: AutoNation USA, Last Saved By: DupreeP, Name of Creating Application: Microsoft Excel, Create Time/Date: Thu Feb 4 16:48:36 1999, Last Saved Time/Date: Tue Sep 20 15:04:38 2011, Security: 0
                                                                                                                                                  Entropy (8bit):4.043229382190713
                                                                                                                                                  TrID:
                                                                                                                                                  • Microsoft Excel sheet (30009/1) 47.99%
                                                                                                                                                  • Microsoft Excel sheet (alternate) (24509/1) 39.20%
                                                                                                                                                  • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
                                                                                                                                                  File name:00620 - 2011 Dept Expense Detail.xls
                                                                                                                                                  File size:53760
                                                                                                                                                  MD5:57bcdf4ddd4c73eb7b1579edf9e10d62
                                                                                                                                                  SHA1:fb7ee5e7a2ef599bcbf982ff6823387792a90335
                                                                                                                                                  SHA256:5c0e2dc5c3e763417c7fb8f02f8d12a64e9aad4f7fa4cf0e7a09e31bfe20e4fd
                                                                                                                                                  SHA512:f0f613246b8fd11cca39102e1aaeea11b3c2228cbee6778245bb34bc96c59bd4ac069e80020ba0bdfb0d90a4b8ccccc6387922b1ec72915fd15c8666bc90643b
                                                                                                                                                  SSDEEP:768:g9RUbndMNmu2jm1xW5aUgAVZx5mXMr2q3rLrLn+zghx0QQDI:iKndMwfjSW5SAVZdygP8
                                                                                                                                                  File Content Preview:........................>...................................M..................................................................................................................................................................................................

                                                                                                                                                  File Icon

                                                                                                                                                  Icon Hash:74ecd4c6c3c6c4d8

                                                                                                                                                  Static OLE Info

                                                                                                                                                  General

                                                                                                                                                  Document Type:OLE
                                                                                                                                                  Number of OLE Files:1

                                                                                                                                                  OLE File "00620 - 2011 Dept Expense Detail.xls"

                                                                                                                                                  Indicators

                                                                                                                                                  Has Summary Info:True
                                                                                                                                                  Application Name:Microsoft Excel
                                                                                                                                                  Encrypted Document:False
                                                                                                                                                  Contains Word Document Stream:False
                                                                                                                                                  Contains Workbook/Book Stream:True
                                                                                                                                                  Contains PowerPoint Document Stream:False
                                                                                                                                                  Contains Visio Document Stream:False
                                                                                                                                                  Contains ObjectPool Stream:
                                                                                                                                                  Flash Objects Count:
                                                                                                                                                  Contains VBA Macros:True

                                                                                                                                                  Summary

                                                                                                                                                  Code Page:1252
                                                                                                                                                  Author:AutoNation USA
                                                                                                                                                  Last Saved By:DupreeP
                                                                                                                                                  Create Time:1999-02-04 16:48:36
                                                                                                                                                  Last Saved Time:2011-09-20 14:04:38
                                                                                                                                                  Creating Application:Microsoft Excel
                                                                                                                                                  Security:0

                                                                                                                                                  Document Summary

                                                                                                                                                  Document Code Page:1252
                                                                                                                                                  Thumbnail Scaling Desired:False
                                                                                                                                                  Contains Dirty Links:False
                                                                                                                                                  Shared Document:False
                                                                                                                                                  Changed Hyperlinks:False
                                                                                                                                                  Application Version:730895

                                                                                                                                                  Streams with VBA

                                                                                                                                                  VBA File Name: Module1.bas, Stream Size: 3440
                                                                                                                                                  General
                                                                                                                                                  Stream Path:_VBA_PROJECT_CUR/VBA/Module1
                                                                                                                                                  VBA File Name:Module1.bas
                                                                                                                                                  Stream Size:3440
                                                                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . & . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                  Data Raw:01 16 01 00 06 f0 00 00 00 84 03 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff b2 03 00 00 26 0a 00 00 01 00 00 00 01 00 00 00 e9 9b 00 00 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 04 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

                                                                                                                                                  VBA Code Keywords

                                                                                                                                                  Keyword
                                                                                                                                                  Time:
                                                                                                                                                  DateTime
                                                                                                                                                  (last
                                                                                                                                                  data/layout
                                                                                                                                                  insert
                                                                                                                                                  "B").Value
                                                                                                                                                  report
                                                                                                                                                  Hideflag
                                                                                                                                                  entire
                                                                                                                                                  column)
                                                                                                                                                  EndColumn
                                                                                                                                                  Range("BeginColumn")
                                                                                                                                                  found
                                                                                                                                                  'places
                                                                                                                                                  searching
                                                                                                                                                  cursor
                                                                                                                                                  BeginRow
                                                                                                                                                  'this
                                                                                                                                                  Cnum).Select
                                                                                                                                                  Worksheets("Actuals").Activate
                                                                                                                                                  EndRow
                                                                                                                                                  column
                                                                                                                                                  ActiveSheet.Cells(Rnum,
                                                                                                                                                  Range("End")
                                                                                                                                                  Integer,
                                                                                                                                                  HideRows.VB_ProcData.VB_Invoke_Func
                                                                                                                                                  Integer
                                                                                                                                                  Attribute
                                                                                                                                                  hasn't
                                                                                                                                                  value
                                                                                                                                                  .Column
                                                                                                                                                  zeroes.
                                                                                                                                                  VB_Name
                                                                                                                                                  HideRows()
                                                                                                                                                  Range("EndColumn")
                                                                                                                                                  other
                                                                                                                                                  ActiveCell.Value
                                                                                                                                                  Range("BeginRow")
                                                                                                                                                  Selection.EntireRow.Hidden
                                                                                                                                                  BeginColumn
                                                                                                                                                  first
                                                                                                                                                  VBA Code
                                                                                                                                                  VBA File Name: ThisWorkbook.cls, Stream Size: 985
                                                                                                                                                  General
                                                                                                                                                  Stream Path:_VBA_PROJECT_CUR/VBA/ThisWorkbook
                                                                                                                                                  VBA File Name:ThisWorkbook.cls
                                                                                                                                                  Stream Size:985
                                                                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                  Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 e9 9b 89 96 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

                                                                                                                                                  VBA Code Keywords

                                                                                                                                                  Keyword
                                                                                                                                                  False
                                                                                                                                                  VB_Exposed
                                                                                                                                                  Attribute
                                                                                                                                                  VB_Name
                                                                                                                                                  VB_Creatable
                                                                                                                                                  "ThisWorkbook"
                                                                                                                                                  VB_PredeclaredId
                                                                                                                                                  VB_GlobalNameSpace
                                                                                                                                                  VB_Base
                                                                                                                                                  VB_Customizable
                                                                                                                                                  VB_TemplateDerived
                                                                                                                                                  VBA Code

                                                                                                                                                  Streams

                                                                                                                                                  Stream Path: \x1CompObj, File Type: data, Stream Size: 109
                                                                                                                                                  General
                                                                                                                                                  Stream Path:\x1CompObj
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:109
                                                                                                                                                  Entropy:4.12087539431
                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . . 9 . q . . . . . . . . . . . .
                                                                                                                                                  Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                  Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 376
                                                                                                                                                  General
                                                                                                                                                  Stream Path:\x5DocumentSummaryInformation
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:376
                                                                                                                                                  Entropy:3.8484246152
                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . H . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . ' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A c t u a l s . . . . . M a c r o 1 . . . . . B e g i n C o l u m n . . . . . E n d C o l u m n . . . . . A c t u a l s ! P r i n t _ A r e a . . . . .
                                                                                                                                                  Data Raw:fe ff 00 00 05 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 48 01 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 e5 00 00 00 02 00 00 00 e4 04 00 00
                                                                                                                                                  Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 216
                                                                                                                                                  General
                                                                                                                                                  Stream Path:\x5SummaryInformation
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:216
                                                                                                                                                  Entropy:3.75113746536
                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . ` . . . . . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A u t o N a t i o n U S A . . . . . . . . . . D u p r e e P . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . . . 5 ^ P . . @ . . . . _ . ; . w . . . . . . . . . .
                                                                                                                                                  Data Raw:fe ff 00 00 05 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 a8 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 60 00 00 00 12 00 00 00 70 00 00 00 0c 00 00 00 88 00 00 00 0d 00 00 00 94 00 00 00 13 00 00 00 a0 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 10 00 00 00
                                                                                                                                                  Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 37717
                                                                                                                                                  General
                                                                                                                                                  Stream Path:Workbook
                                                                                                                                                  File Type:Applesoft BASIC program data, first line number 16
                                                                                                                                                  Stream Size:37717
                                                                                                                                                  Entropy:3.85189249275
                                                                                                                                                  Base64 Encoded:True
                                                                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . D u p r e e P B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . . . . . . . T h i s W o r k b o o k . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . . F . 8 . . . . . .
                                                                                                                                                  Data Raw:09 08 10 00 00 06 05 00 88 20 cd 07 c9 c0 00 00 06 03 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 07 00 00 44 75 70 72 65 65 50 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                  Stream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 405
                                                                                                                                                  General
                                                                                                                                                  Stream Path:_VBA_PROJECT_CUR/PROJECT
                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                  Stream Size:405
                                                                                                                                                  Entropy:5.34110993151
                                                                                                                                                  Base64 Encoded:True
                                                                                                                                                  Data ASCII:I D = " { 6 0 B 0 5 3 F 8 - 9 E 9 D - 1 1 D 2 - 8 F B 6 - 0 0 C 0 4 F 7 7 2 2 2 6 } " . . M o d u l e = M o d u l e 1 . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . N a m e = " F T C O R P . X N V " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 0 7 0 5 B D 4 6 4 F C 6 4 C C A 4 C C A 4 C C A 4 C C A " . . D P B = " 0 0 0 2 B A B D B B B D B B B D " . . G C = " F 9 F B 4 3 B 4 4 4 B 4 4 4 4 B " . . . . [ H o s t
                                                                                                                                                  Data Raw:49 44 3d 22 7b 36 30 42 30 35 33 46 38 2d 39 45 39 44 2d 31 31 44 32 2d 38 46 42 36 2d 30 30 43 30 34 46 37 37 32 32 32 36 7d 22 0d 0a 4d 6f 64 75 6c 65 3d 4d 6f 64 75 6c 65 31 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4e 61 6d 65 3d 22 46 54 43 4f 52 50 2e 58 4e 56 22 0d 0a 48 65 6c 70 43 6f 6e 74 65 78 74 49 44 3d
                                                                                                                                                  Stream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 65
                                                                                                                                                  General
                                                                                                                                                  Stream Path:_VBA_PROJECT_CUR/PROJECTwm
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:65
                                                                                                                                                  Entropy:3.15495300444
                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                  Data ASCII:M o d u l e 1 . M . o . d . u . l . e . 1 . . . T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . . .
                                                                                                                                                  Data Raw:4d 6f 64 75 6c 65 31 00 4d 00 6f 00 64 00 75 00 6c 00 65 00 31 00 00 00 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 00 00
                                                                                                                                                  Stream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 2821
                                                                                                                                                  General
                                                                                                                                                  Stream Path:_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:2821
                                                                                                                                                  Entropy:4.25301737665
                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                  Data ASCII:. a y . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . U . : . \\ . P . R . O . G . R . A . ~ . 1 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F .
                                                                                                                                                  Data Raw:cc 61 79 00 00 01 00 ff 09 04 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00
                                                                                                                                                  Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_0, File Type: data, Stream Size: 1169
                                                                                                                                                  General
                                                                                                                                                  Stream Path:_VBA_PROJECT_CUR/VBA/__SRP_0
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:1169
                                                                                                                                                  Entropy:3.99317680234
                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                  Data ASCII:. K * y . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . r U . . . . . . . . . . . . . . . . . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . f H { 4 . . . K . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a . . . . . . . . . Q . . . . . . . . . . . . . . . . . . . . . . . . . 1 . . . . . . . . . . . . . . . . . . .
                                                                                                                                                  Data Raw:93 4b 2a 79 01 00 10 00 00 00 ff ff 00 00 00 00 01 00 02 00 ff ff 00 00 00 00 01 00 00 00 00 00 00 00 00 00 01 00 02 00 00 00 00 00 00 00 01 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 00 00 72 55 00 01 00 00 80 00 00 00 80 00 00 00 80 00 00 00 04 00 00 7e 01 00 00 7e 01 00 00 7e 01 00 00 7e 01 00 00 7e 01 00 00 7e 02 00 00 7e 6d 00 00 7f 00 00 00 00
                                                                                                                                                  Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_1, File Type: data, Stream Size: 82
                                                                                                                                                  General
                                                                                                                                                  Stream Path:_VBA_PROJECT_CUR/VBA/__SRP_1
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:82
                                                                                                                                                  Entropy:2.2010509371
                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                  Data ASCII:r U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 4 q . . . . . . .
                                                                                                                                                  Data Raw:72 55 80 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 00 00 00 00 0a 00 00 00 09 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 09 00 00 00 00 00 03 00 ff ff ff ff 02 00 00 08 04 00 00 00 20 0a 31 34 71 00 00 7f 00 00 00 00
                                                                                                                                                  Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_2, File Type: data, Stream Size: 136
                                                                                                                                                  General
                                                                                                                                                  Stream Path:_VBA_PROJECT_CUR/VBA/__SRP_2
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:136
                                                                                                                                                  Entropy:1.6161992012
                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                  Data ASCII:r U . . . . . . . . . . . . . . . . . . . ~ | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . k . . . . . . .
                                                                                                                                                  Data Raw:72 55 80 00 00 00 80 00 00 00 80 00 00 00 80 00 00 00 02 00 00 7e 7c 00 00 7f 00 00 00 00 0e 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 00 00 03 00 08 00 00 00 00 00 02 00 01 00 01 00 00 00 00 00 30 00 00 00 0c 00 00 00 fc c6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 04 00 00 12 00 00
                                                                                                                                                  Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_3, File Type: data, Stream Size: 107
                                                                                                                                                  General
                                                                                                                                                  Stream Path:_VBA_PROJECT_CUR/VBA/__SRP_3
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:107
                                                                                                                                                  Entropy:1.90767783468
                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                  Data ASCII:r U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $ . . . . . . . . . . . . ` . . . . . . . . . . a . . . . . . . . . . . . . . . . . . . . . . n . . . . . . .
                                                                                                                                                  Data Raw:72 55 80 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 00 00 00 00 10 00 00 00 09 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff 00 00 00 00 08 00 00 00 04 00 24 00 81 00 00 00 00 00 02 00 00 00 00 60 00 00 fd ff ff ff ff ff ff ff 61 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6e 00 00 7f 00 00 00 00
                                                                                                                                                  Stream Path: _VBA_PROJECT_CUR/VBA/dir, File Type: data, Stream Size: 641
                                                                                                                                                  General
                                                                                                                                                  Stream Path:_VBA_PROJECT_CUR/VBA/dir
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:641
                                                                                                                                                  Entropy:6.36296368332
                                                                                                                                                  Base64 Encoded:True
                                                                                                                                                  Data ASCII:. } . . . . . . . . . . 0 * . . . . . p . . H . . . . . d . . . . . . . . F T C O R P . X . N V . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . . . . 6 . . . . . J < . . . . . r . s t d o l e > . . . s . t . d . o . . l . e . . . h . % . ^ . . * \\ G { 0 0 . 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # U : \\ W I N D . O W S \\ s y s t e m 3 2 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . . . . . . . M S F o r m s > . . . . . . S . F . F . r . m . s . 3 . . . . . . E
                                                                                                                                                  Data Raw:01 7d b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 46 54 43 4f 52 50 2e 58 88 4e 56 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 2e fa 87 36 04 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

                                                                                                                                                  Network Behavior

                                                                                                                                                  Network Port Distribution

                                                                                                                                                  UDP Packets

                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                  Aug 18, 2021 00:44:13.877485991 CEST4919953192.168.2.38.8.8.8
                                                                                                                                                  Aug 18, 2021 00:44:13.922563076 CEST53491998.8.8.8192.168.2.3
                                                                                                                                                  Aug 18, 2021 00:44:25.860996962 CEST5062053192.168.2.38.8.8.8
                                                                                                                                                  Aug 18, 2021 00:44:25.920460939 CEST53506208.8.8.8192.168.2.3
                                                                                                                                                  Aug 18, 2021 00:44:26.168576956 CEST6493853192.168.2.38.8.8.8
                                                                                                                                                  Aug 18, 2021 00:44:26.205507994 CEST53649388.8.8.8192.168.2.3
                                                                                                                                                  Aug 18, 2021 00:44:27.184490919 CEST6493853192.168.2.38.8.8.8
                                                                                                                                                  Aug 18, 2021 00:44:27.219809055 CEST53649388.8.8.8192.168.2.3
                                                                                                                                                  Aug 18, 2021 00:44:28.189385891 CEST6493853192.168.2.38.8.8.8
                                                                                                                                                  Aug 18, 2021 00:44:28.240271091 CEST53649388.8.8.8192.168.2.3
                                                                                                                                                  Aug 18, 2021 00:44:30.231499910 CEST6493853192.168.2.38.8.8.8
                                                                                                                                                  Aug 18, 2021 00:44:30.266890049 CEST53649388.8.8.8192.168.2.3
                                                                                                                                                  Aug 18, 2021 00:44:34.232410908 CEST6493853192.168.2.38.8.8.8
                                                                                                                                                  Aug 18, 2021 00:44:34.260024071 CEST53649388.8.8.8192.168.2.3
                                                                                                                                                  Aug 18, 2021 00:44:45.468206882 CEST6015253192.168.2.38.8.8.8
                                                                                                                                                  Aug 18, 2021 00:44:45.524527073 CEST53601528.8.8.8192.168.2.3
                                                                                                                                                  Aug 18, 2021 00:44:47.722798109 CEST5754453192.168.2.38.8.8.8
                                                                                                                                                  Aug 18, 2021 00:44:47.766700029 CEST53575448.8.8.8192.168.2.3
                                                                                                                                                  Aug 18, 2021 00:45:02.213336945 CEST5598453192.168.2.38.8.8.8
                                                                                                                                                  Aug 18, 2021 00:45:02.256911039 CEST53559848.8.8.8192.168.2.3
                                                                                                                                                  Aug 18, 2021 00:45:22.100359917 CEST6418553192.168.2.38.8.8.8
                                                                                                                                                  Aug 18, 2021 00:45:22.155323029 CEST53641858.8.8.8192.168.2.3
                                                                                                                                                  Aug 18, 2021 00:45:25.639828920 CEST6511053192.168.2.38.8.8.8
                                                                                                                                                  Aug 18, 2021 00:45:25.679152966 CEST53651108.8.8.8192.168.2.3
                                                                                                                                                  Aug 18, 2021 00:45:57.182024002 CEST5836153192.168.2.38.8.8.8
                                                                                                                                                  Aug 18, 2021 00:45:57.234715939 CEST53583618.8.8.8192.168.2.3
                                                                                                                                                  Aug 18, 2021 00:45:58.554582119 CEST6349253192.168.2.38.8.8.8
                                                                                                                                                  Aug 18, 2021 00:45:58.601299047 CEST53634928.8.8.8192.168.2.3

                                                                                                                                                  Code Manipulations

                                                                                                                                                  Statistics

                                                                                                                                                  System Behavior

                                                                                                                                                  General

                                                                                                                                                  Start time:00:44:24
                                                                                                                                                  Start date:18/08/2021
                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
                                                                                                                                                  Imagebase:0xb80000
                                                                                                                                                  File size:27110184 bytes
                                                                                                                                                  MD5 hash:5D6638F2C8F8571C593999C58866007E
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Disassembly

                                                                                                                                                  Reset < >