Source: EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: http://crackedshop.org/9/q080U0ARYYL/ |
Source: EXCEL.EXE, 00000000.00000003.884335848.0000000012AB7000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892547749.0000000012AB7000.00000004.00000001.sdmp | String found in binary or memory: http://crackedshop.org/cgi-sys/suspendedpage.cgi |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.281578576.0000000012725000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glideso |
Source: EXCEL.EXE, 00000000.00000002.890344949.000000000EEB0000.00000004.00000001.sdmp | String found in binary or memory: http://purl.oclc.org/ooxml/drawingml/diagrama |
Source: EXCEL.EXE, 00000000.00000002.889287628.000000000D242000.00000004.00000001.sdmp | String found in binary or memory: http://purl.oclc.org/ooxml/drawingml/tablekH |
Source: EXCEL.EXE, 00000000.00000003.884135611.00000000152B9000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285255868.00000000152B9000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.893156950.00000000152B9000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.o |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: http://weather.service.msn.com/data.aspx |
Source: EXCEL.EXE, 00000000.00000002.891911589.0000000012821000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionloggingr |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://addinsinstallation.store.office.com/app/download |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled |
Source: EXCEL.EXE, 00000000.00000003.885584011.0000000012957000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892185265.0000000012957000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285031885.0000000012957000.00000004.00000001.sdmp | String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalledD |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://addinslicensing.store.o |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://addinslicensing.store.office.com/commerc |
Source: EXCEL.EXE, EXCEL.EXE, 00000000.00000003.885275014.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891911589.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://addinslicensing.store.office.com/commerce/query |
Source: EXCEL.EXE, EXCEL.EXE, 00000000.00000003.885275014.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891911589.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://addinslicensing.store.office.com/entitlement/query |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/removeV/I#H |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885712225.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884722531.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892258476.000000001299A000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887073698.0000000012999000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886458219.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886938116.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/queryBearer |
Source: EXCEL.EXE, 00000000.00000003.885275014.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891911589.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885712225.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884722531.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892258476.000000001299A000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887073698.0000000012999000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886458219.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886938116.0000000012988000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://analysis.windows.net/powerbi/api |
Source: EXCEL.EXE, EXCEL.EXE, 00000000.00000003.885275014.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891911589.0000000012821000.00000004.00000001.sdmp | String found in binary or memory: https://apc.learnin# |
Source: EXCEL.EXE, 00000000.00000003.885275014.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891911589.0000000012821000.00000004.00000001.sdmp | String found in binary or memory: https://apc.learnin#o |
Source: EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://api.aadrm.com |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://api.aadrm.com/ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://api.addins.omex.office.net/appinfo/query |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://api.addins.omex.office.net/appstate/query |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://api.addins.store.office.com/addinstemplate |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://api.addins.store.office.com/addinstemplate9 |
Source: EXCEL.EXE, EXCEL.EXE, 00000000.00000003.885275014.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891911589.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://api.addins.store.office.com/app/query |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://api.addins.store.office.com/app/queryAppStateQuery15http |
Source: EXCEL.EXE, 00000000.00000003.885712225.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884722531.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892258476.000000001299A000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887073698.0000000012999000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886458219.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886938116.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://api.addins.store.officef |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://api.cortana.ai |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://api.diagnostics.office.com |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://api.diagnostics.office.com_U |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://api.diagnosticssdf.office.com |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://api.diagnosticssdf.office.comxU |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://api.microsoftstream.com/api/ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://api.microsoftstream.com/api/Gh |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://api.office.net |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://api.office.netbV |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://api.office.netlV |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://api.onedrive.com |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://api.powerbi.com/beta/myorg/imports |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://api.powerbi.com/beta/myorg/imports~D |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets6 |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://apis.live.net/v5.0/ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://arc.msn.com/v4/api/selection |
Source: EXCEL.EXE, 00000000.00000002.892898226.0000000015187000.00000004.00000001.sdmp | String found in binary or memory: https://ascarya.dig |
Source: EXCEL.EXE, 00000000.00000002.892898226.0000000015187000.00000004.00000001.sdmp | String found in binary or memory: https://ascarya.digit |
Source: EXCEL.EXE, 00000000.00000002.892898226.0000000015187000.00000004.00000001.sdmp | String found in binary or memory: https://ascarya.digital |
Source: EXCEL.EXE, 00000000.00000003.884167113.00000000152DD000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.893221910.00000000152DD000.00000004.00000001.sdmp | String found in binary or memory: https://ascarya.digital/ |
Source: EXCEL.EXE, 00000000.00000002.892898226.0000000015187000.00000004.00000001.sdmp | String found in binary or memory: https://ascarya.digital/w |
Source: EXCEL.EXE, 00000000.00000002.892898226.0000000015187000.00000004.00000001.sdmp | String found in binary or memory: https://ascarya.digital/wp-c |
Source: EXCEL.EXE, 00000000.00000002.892898226.0000000015187000.00000004.00000001.sdmp | String found in binary or memory: https://ascarya.digital/wp-con |
Source: EXCEL.EXE, 00000000.00000002.892898226.0000000015187000.00000004.00000001.sdmp | String found in binary or memory: https://ascarya.digital/wp-conte |
Source: EXCEL.EXE, 00000000.00000002.892898226.0000000015187000.00000004.00000001.sdmp | String found in binary or memory: https://ascarya.digital/wp-content%https://ascarya.digital/wp-content/ZH&https://ascarya.digital/wp- |
Source: EXCEL.EXE, 00000000.00000002.892898226.0000000015187000.00000004.00000001.sdmp | String found in binary or memory: https://ascarya.digital/wp-content/ZH |
Source: EXCEL.EXE, 00000000.00000002.892835370.0000000015161000.00000004.00000001.sdmp | String found in binary or memory: https://ascarya.digital/wp-content/ZH4rirU/ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/ |
Source: EXCEL.EXE, 00000000.00000003.885275014.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891911589.0000000012821000.00000004.00000001.sdmp | String found in binary or memory: https://augloop.dod.online.of |
Source: EXCEL.EXE, 00000000.00000003.885275014.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891911589.0000000012821000.00000004.00000001.sdmp | String found in binary or memory: https://augloop.gov.onlin |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://augloop.office.com |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://augloop.office.com/v2 |
Source: EXCEL.EXE, 00000000.00000003.885584011.0000000012957000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892185265.0000000012957000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285031885.0000000012957000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://augloop.office.comxG |
Source: EXCEL.EXE | String found in binary or memory: https://autodiscover-s.o |
Source: EXCEL.EXE, EXCEL.EXE, 00000000.00000003.885275014.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891911589.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885884780.0000000012845000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.890478896.000000000EF42000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://autodiscover-s.outlook.com/ |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml |
Source: EXCEL.EXE, 00000000.00000003.885584011.0000000012957000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892185265.0000000012957000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285031885.0000000012957000.00000004.00000001.sdmp | String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlS |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://cdn.entity. |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png |
Source: EXCEL.EXE, 00000000.00000003.885584011.0000000012957000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892185265.0000000012957000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285031885.0000000012957000.00000004.00000001.sdmp | String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.pngb |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://client-office365-tas.msedge.net/ab |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://clients.config.office.net/ |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policiesPA |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://clients.config.office.net/user/v1.0/ios |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://clients.config.office.net/user/v1.0/ios$ |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://clients.config.office.net/user/v1.0/mac |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey |
Source: EXCEL.EXE, 00000000.00000003.885584011.0000000012957000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892185265.0000000012957000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285031885.0000000012957000.00000004.00000001.sdmp | String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkeyY |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://cloudfiles.onenot |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://cloudfiles.onenote.com/upload.aspx |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://cloudfiles.onenote.com/upload.aspxxcel |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://config.edge.skype.com |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://config.edge.skype.com/config/v1/Office |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://config.edge.skype.com/config/v2/Office |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://cortana.ai |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://cortana.ai/api |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://cortana.ai/api6R |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://cortana.ai/apimP |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://cortana.aietl |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://cr.office.com |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885712225.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884722531.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892258476.000000001299A000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887073698.0000000012999000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886458219.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886938116.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://dataservice.o365 |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885712225.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884722531.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892258476.000000001299A000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887073698.0000000012999000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886458219.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886938116.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://dataservice.o365filteri |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://dataservice.o365filterin |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://dataservice.o365filtering.com |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://dataservice.o365filtering.com/ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://dataservice.o365filtering.com/01w#r |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://dataservice.o365filtering.comZ6 |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://dataservice.o365filtering.coms |
Source: EXCEL.EXE, 00000000.00000002.890876333.000000000F04A000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.883987348.000000000F04A000.00000004.00000001.sdmp | String found in binary or memory: https://dataservice.o365filtering.comsF |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://dataservice.o365filtering.comv1 |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies |
Source: EXCEL.EXE, 00000000.00000003.886777614.0000000012920000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892135449.0000000012920000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285010208.0000000012920000.00000004.00000001.sdmp | String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesz |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://dev.cortana.ai |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://dev0-api.acompli.net/autodetect |
Source: EXCEL.EXE, 00000000.00000003.885275014.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891911589.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://devnull.onenote.com |
Source: EXCEL.EXE, 00000000.00000003.885712225.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884722531.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892258476.000000001299A000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887073698.0000000012999000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886458219.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886938116.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://devnull.onenote.comMBI_SSL_S |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://devnull.onenote.comMBI_SSL_SHORT |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://devnull.onenote.comt |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://directory.services. |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://ecs.office.com/config/v2/Office |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://enrichment.osi.office.net/ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://enrichment.osi.office.net/Jj |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1 |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1 |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1_ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1 |
Source: EXCEL.EXE, 00000000.00000003.885584011.0000000012957000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892185265.0000000012957000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285031885.0000000012957000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1 |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1 |
Source: EXCEL.EXE, 00000000.00000003.885584011.0000000012957000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892185265.0000000012957000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285031885.0000000012957000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml& |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://enrichment.osi.office.net/Ok |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://enrichment.osi.office.net/Tk |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://entitlement.diagnostics.office.com |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://entitlement.diagnostics.office.comr |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://entitlement.diagnosticssdf.office.com |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://entity.osi.office.net/t |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885712225.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884722531.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892258476.000000001299A000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887073698.0000000012999000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886458219.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886938116.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://eur.learningtools.onenote.com/learn |
Source: EXCEL.EXE, 00000000.00000003.885275014.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891911589.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech |
Source: EXCEL.EXE, EXCEL.EXE, 00000000.00000003.885275014.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891911589.0000000012821000.00000004.00000001.sdmp | String found in binary or memory: https://europe-api.- |
Source: EXCEL.EXE, 00000000.00000003.885275014.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891911589.0000000012821000.00000004.00000001.sdmp | String found in binary or memory: https://europe-api.-w |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885712225.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884722531.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892258476.000000001299A000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887073698.0000000012999000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886458219.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886938116.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://europe-api.fp.wd.mi |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://excel.2 |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android |
Source: EXCEL.EXE, 00000000.00000002.891599493.00000000126FA000.00000004.00000001.sdmp | String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-androidI |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://globaldisco.crm.dynamics.com |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://graph.ppe.windows.net |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://graph.ppe.windows.net/ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://graph.ppe.windows.net/yE |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://graph.windows.net |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://graph.windows.net/ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://graph.windows.net/erE |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://graph.windows.netKD |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://hubble.officeapps.live.com |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://hubble.officeapps.live.coma |
Source: EXCEL.EXE, 00000000.00000003.884372546.000000001272E000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891634618.000000001272F000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse? |
Source: EXCEL.EXE, 00000000.00000003.284941605.00000000128BF000.00000004.00000001.sdmp | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?MBI_SSL_SHORTssl. |
Source: EXCEL.EXE, 00000000.00000003.885584011.0000000012957000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892185265.0000000012957000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285031885.0000000012957000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d |
Source: EXCEL.EXE, 00000000.00000002.891872749.0000000012805000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885251853.0000000012805000.00000004.00000001.sdmp | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3dMBI_SSL_SHORTofficeapps.live.com |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1 |
Source: EXCEL.EXE, 00000000.00000002.891599493.00000000126FA000.00000004.00000001.sdmp | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=16da |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1 |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1A |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1 |
Source: EXCEL.EXE, 00000000.00000003.284941605.00000000128BF000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1 |
Source: EXCEL.EXE, 00000000.00000002.890687010.000000000EFB6000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon? |
Source: EXCEL.EXE, 00000000.00000003.284941605.00000000128BF000.00000004.00000001.sdmp | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?OfficeOnlineContentM365Iconshttps://hu |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://incidents.diagnostics.office.com |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://incidents.diagnostics.office.coma |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://incidents.diagnosticssdf.office.com |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://incidents.diagnosticssdf.office.comW |
Source: EXCEL.EXE, 00000000.00000003.885275014.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891911589.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://inclient.store.office.com/gyro/client |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://inclient.store.office.com/gyro/clientstore |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885712225.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884722531.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892258476.000000001299A000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887073698.0000000012999000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886458219.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886938116.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://inclient.store.office.com/gyro/clientstoreAddInsInClient |
Source: EXCEL.EXE, 00000000.00000002.891872749.0000000012805000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885251853.0000000012805000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891599493.00000000126FA000.00000004.00000001.sdmp | String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveApp |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive |
Source: EXCEL.EXE, 00000000.00000002.891599493.00000000126FA000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing |
Source: EXCEL.EXE, 00000000.00000003.886777614.0000000012920000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892135449.0000000012920000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285010208.0000000012920000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt |
Source: EXCEL.EXE, 00000000.00000003.284941605.00000000128BF000.00000004.00000001.sdmp | String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArtOfficeOnlineContentF |
Source: EXCEL.EXE, 00000000.00000003.886777614.0000000012920000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892135449.0000000012920000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285010208.0000000012920000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook |
Source: EXCEL.EXE, 00000000.00000002.891599493.00000000126FA000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr |
Source: EXCEL.EXE, 00000000.00000003.284941605.00000000128BF000.00000004.00000001.sdmp | String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrMBI_SSL_SHORTssl. |
Source: EXCEL.EXE, 00000000.00000003.886777614.0000000012920000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892135449.0000000012920000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285010208.0000000012920000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive |
Source: EXCEL.EXE, 00000000.00000003.284941605.00000000128BF000.00000004.00000001.sdmp | String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDriveMBI_SSL_SHORTssl. |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeechBearer |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://lifecycle.office.com |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://lifecycle.office.comMBI_SSL_SHORThttps://lifecycle.office.com |
Source: EXCEL.EXE, 00000000.00000002.893311531.000000001536A000.00000004.00000001.sdmp | String found in binary or memory: https://login.live.com |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://login.microsoftonline.com/ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.microsoftonline.com/RU |
Source: EXCEL.EXE, 00000000.00000003.884722531.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884962144.00000000129CE000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892295205.00000000129D1000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows-ppe.net/common/oauth2/auth |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorizeR |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorizeW |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://login.windows.local |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.localtes |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize |
Source: EXCEL.EXE, 00000000.00000003.885275014.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891911589.0000000012821000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oaut |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://login.windows.net/common/oauth2/authorize |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize# |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize( |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize) |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize- |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize. |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize0 |
Source: EXCEL.EXE, 00000000.00000002.891599493.00000000126FA000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize018 |
Source: EXCEL.EXE, 00000000.00000002.891599493.00000000126FA000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize018Xi$ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize2 |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize3 |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize4 |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize6 |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize8 |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize9 |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize; |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize= |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize? |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeA |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeD |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeF |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeI |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeJ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeK |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeN |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeO |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeP |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeQ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeT |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeU |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeW |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeY |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeZ |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize_ |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeb |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizec |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorized |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizef |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeg |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeh |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizei |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeize |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizej |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeo |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizep |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizes |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizet |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizete |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeu |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizev |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizew |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizex |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizey |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize~ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://loki.d |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1 |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1MBI_SSL_SHORT |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://management.azure.com |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://management.azure.com/ |
Source: EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://messaging.office.com/ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://metadata.templates.cdn.office.net/client/log |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy |
Source: EXCEL.EXE, 00000000.00000003.885584011.0000000012957000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892185265.0000000012957000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285031885.0000000012957000.00000004.00000001.sdmp | String found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy2 |
Source: EXCEL.EXE, 00000000.00000003.885712225.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884722531.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892258476.000000001299A000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887073698.0000000012999000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886458219.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886938116.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://nam.learn |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://nam.learningtools.o |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechT |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://ncus.contentsync. |
Source: EXCEL.EXE, 00000000.00000003.886777614.0000000012920000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892135449.0000000012920000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285010208.0000000012920000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://ncus.pagecontentsync. |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://nexus.officeapps.live.com |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://nexus.officeapps.live.com/ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885712225.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884722531.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892258476.000000001299A000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887073698.0000000012999000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886458219.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886938116.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://nexus.officeapps.live.com/nexus/W- |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://nexus.officeapps.live.com/nexus/rules. |
Source: EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.890478896.000000000EF42000.00000004.00000001.sdmp | String found in binary or memory: https://nexus.officeapps.live.com/nexus/rules?Application=excel.exe&Version=16.0.4954.1000&ClientId= |
Source: EXCEL.EXE, EXCEL.EXE, 00000000.00000003.885275014.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891911589.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://ocos-office365-s2s.msedge.net/ab |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://ocos-office365-s2s.msedge.net/abce |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/ |
Source: EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://officeapps.live.com |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.com$ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.com& |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.com.dllt |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.com0D |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.com2 |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.com8 |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.com: |
Source: EXCEL.EXE, 00000000.00000003.884722531.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884962144.00000000129CE000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892295205.00000000129D1000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.comAugmentationLoopServicePriorityhttps://augloop.office.com;https://augloop |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.comF |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.comH/ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.comJ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.comL |
Source: EXCEL.EXE, 00000000.00000003.883987348.000000000F04A000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.comN |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.comP |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.comR |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.comX |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.comZ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.comb |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.comd |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.comh |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.comr |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.coms.dll |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.comv |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.comx |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://officeci.azurewebsites.net/api/ |
Source: EXCEL.EXE, 00000000.00000002.890687010.000000000EFB6000.00000004.00000001.sdmp | String found in binary or memory: https://officeclient.micr |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://officesetup.getmicrosoftkey.com |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://officesetup.getmicrosoftkey.com:U |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities |
Source: EXCEL.EXE, 00000000.00000003.885584011.0000000012957000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892185265.0000000012957000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285031885.0000000012957000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated |
Source: EXCEL.EXE, 00000000.00000003.885584011.0000000012957000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892185265.0000000012957000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285031885.0000000012957000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated |
Source: EXCEL.EXE, 00000000.00000003.885584011.0000000012957000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892185265.0000000012957000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285031885.0000000012957000.00000004.00000001.sdmp | String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated~ |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://onedrive.live.com |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=falsetO |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://onedrive.live.com/embed? |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://onedrive.live.com/embed?iEurM6 |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886649798.00000000128D8000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.284984687.00000000128ED000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884623877.00000000128D8000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885402923.00000000128D8000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892081913.00000000128D8000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://osi.office.net |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://osi.office.net#R |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://osi.office.netR |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://osi.office.netst |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://otelrules.azureedge.net |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://outlook.office.com |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://outlook.office.com%F |
Source: EXCEL.EXE, EXCEL.EXE, 00000000.00000003.885275014.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891911589.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885884780.0000000012845000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.890478896.000000000EF42000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://outlook.office.com/ |
Source: EXCEL.EXE, 00000000.00000003.886777614.0000000012920000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892135449.0000000012920000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285010208.0000000012920000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid= |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://outlook.office.comSharepointFilesHostFormat |
Source: EXCEL.EXE, 00000000.00000003.885275014.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891911589.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://outlook.office365.com |
Source: EXCEL.EXE, EXCEL.EXE, 00000000.00000003.885275014.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891911589.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885884780.0000000012845000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.890478896.000000000EF42000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://outlook.office365.com/ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885712225.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884722531.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892258476.000000001299A000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887073698.0000000012999000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886458219.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886938116.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://outlook.office365.com/api/v1.0/me/ActivitiesMBI_SSL |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885712225.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884722531.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892258476.000000001299A000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887073698.0000000012999000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886458219.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886938116.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.jsonSubstrateOfficeIntelligenceServicehttps: |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.jsonv |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://outlook.office365.com/dllH |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885712225.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884722531.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892258476.000000001299A000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887073698.0000000012999000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886458219.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886938116.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=OutlookMBI_SSL_SHORT |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://pages.store.office.com/review/quer |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://pages.store.office.com/review/query |
Source: EXCEL.EXE, EXCEL.EXE, 00000000.00000003.885275014.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891911589.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions |
Source: EXCEL.EXE, 00000000.00000003.886777614.0000000012920000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892135449.0000000012920000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285010208.0000000012920000.00000004.00000001.sdmp | String found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions$B |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl |
Source: EXCEL.EXE, 00000000.00000003.885584011.0000000012957000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892185265.0000000012957000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285031885.0000000012957000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13 |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://powerlift-frontdesk.acompli.net |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://powerlift.acompli.net |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json |
Source: EXCEL.EXE, 00000000.00000003.885584011.0000000012957000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892185265.0000000012957000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285031885.0000000012957000.00000004.00000001.sdmp | String found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json8 |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptioneventse |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891872749.0000000012805000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885251853.0000000012805000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://roaming.edog. |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://settings.outlook.com |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://shell.suite.office.com:1443 |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://shell.suite.office.com:1443fU |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://skyapi.live.net/Activity/ |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work=3 |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://staging.cortana.ai |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://storage.live.com/clientlogs/uploadlocation |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://store.office.cn/addinstemplate |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://store.office.de/addinstemplate |
Source: EXCEL.EXE, 00000000.00000003.885712225.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884722531.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892258476.000000001299A000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887073698.0000000012999000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886458219.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886938116.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://store.office.de/addinstemplateDeepLinkingServiceChinahttps://store.offi. |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://store.office.de/addinstemplateDeepLinkingServiceChinahttps://store.office.cn/addinstemplateD |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://store.office.de/addinstemplateH1 |
Source: EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://substrate.office.com |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://substrate.office.com/Todo-Internal.ReadWriteJ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://substrate.office.com/search/api/v2/init |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://substrate.office.com7A |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://substrate.office.com;F |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://substrate.office.comP |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://substrate.office.comqG |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://tasks.office.com |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://tellmeservice.osi.office.netst |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/Y |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html |
Source: EXCEL.EXE, 00000000.00000003.886777614.0000000012920000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892135449.0000000012920000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285010208.0000000012920000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html |
Source: EXCEL.EXE, 00000000.00000003.885275014.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891911589.0000000012821000.00000004.00000001.sdmp | String found in binary or memory: https://unitedkingdom-api.fp.wd. |
Source: EXCEL.EXE, 00000000.00000003.885275014.0000000012821000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891911589.0000000012821000.00000004.00000001.sdmp | String found in binary or memory: https://unitedstates-api.fp.wd.microso |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices& |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devicesUserVoiceWordIOShttps://word.uservoice.com |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://web.microsoftstream.com/video/ |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/pA~ |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://webshell.suite.office.com |
Source: EXCEL.EXE, 00000000.00000003.885712225.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884722531.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892258476.000000001299A000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887073698.0000000012999000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886458219.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886938116.0000000012988000.00000004.00000001.sdmp | String found in binary or memory: https://word.uservoice.com/forums/304948-word# |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://wus2.contentsync. |
Source: EXCEL.EXE, 00000000.00000003.886777614.0000000012920000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892135449.0000000012920000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.285010208.0000000012920000.00000004.00000001.sdmp, 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://wus2.pagecontentsync. |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2 |
Source: EXCEL.EXE, 00000000.00000003.884392576.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885121120.000000001274F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.891675623.000000001274F000.00000004.00000001.sdmp | String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2k |
Source: 40484C98-D3A3-480D-91A7-412F4910F605.0.dr | String found in binary or memory: https://www.odwebp.svc.ms |
Source: EXCEL.EXE, 00000000.00000003.285059746.0000000012988000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884785145.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.884975520.00000000129DB000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.892309496.00000000129DB000.00000004.00000001.sdmp | String found in binary or memory: https://www.odwebp.svc.msmhC |