Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: http://158.69.133.78/823634401007.dat |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: http://158.69.133.78/823634401007.dat2 |
Source: EXCEL.EXE, 00000001.00000003.560465239.00000000158AF000.00000004.00000001.sdmp | String found in binary or memory: http://158.69.133.78/P |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: http://185.82.126.78/823634401007.dat |
Source: EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: http://185.82.126.78/823634401007.dat) |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: http://185.82.126.78/823634401007.dat2 |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: http://185.82.126.78/823634401007.datr |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: http://45.142.211.62/823634401007.dat2 |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: http://45.142.211.62/823634401007.dat2vdom |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: http://45.142.211.62/823634401007.datw |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: http://45.142.211.62/823634401007.datz |
Source: EXCEL.EXE, 00000001.00000002.751400177.0000000012EC0000.00000004.00000001.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides8 |
Source: EXCEL.EXE, 00000001.00000002.749371941.000000000D761000.00000004.00000001.sdmp | String found in binary or memory: http://purl.oclc.org/ooxml/drawingml/diagram |
Source: EXCEL.EXE, 00000001.00000002.749307677.000000000D741000.00000004.00000001.sdmp | String found in binary or memory: http://purl.oclc.org/ooxml/drawingml/table |
Source: EXCEL.EXE, 00000001.00000003.286450934.00000000159E1000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.287299285.00000000159E2000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285161612.00000000159E3000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.283687699.00000000159E2000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.283008146.00000000159E2000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.mico |
Source: EXCEL.EXE, 00000001.00000003.596899299.0000000015B4A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.597271004.0000000015B10000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.596937498.0000000015B7A000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.open |
Source: EXCEL.EXE, 00000001.00000003.596937498.0000000015B7A000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.openformatrg/package/2006/content-t |
Source: EXCEL.EXE, 00000001.00000003.596899299.0000000015B4A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.597271004.0000000015B10000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.openformatrg/package/2006/r |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: http://weather.service.msn.com/data.aspx |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: http://weather.service.msn.com/data.aspxedK |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionloggingu_ul |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://addinsinstallation.store.office.com/app/download |
Source: EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp | String found in binary or memory: https://addinsinstallation.store.office.com/app/downloadAppInfoQuery15https://api.addins.omex.office |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://addinsinstallation.store.office.com/app/downloadsnjn5 |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled |
Source: EXCEL.EXE, 00000001.00000003.281285341.00000000130A5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalledMBI_SSL_SHORT |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated |
Source: EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp | String found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticatedBearer |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://addinslicensing.store.office.com/commerce/query |
Source: EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp | String found in binary or memory: https://addinslicensing.store.office.com/commerce/queryDeepLinkingServicehttps://api.addins.store.of |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://addinslicensing.store.office.com/commerce/queryMOXl |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://addinslicensing.store.office.com/entitlement/query |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://addinslicensing.store.office.com/entitlement/queryem |
Source: EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove |
Source: EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp | String found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/removeBearer |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query |
Source: EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp | String found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/queryBearer |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/queryQ |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://analysis.windows.net/powerbi/api |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://analysis.windows.net/powerbi/apiQ |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech& |
Source: EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp | String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechBearer |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://api.aadrm.com |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281589453.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://api.aadrm.com/ |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://api.aadrm.com/3 |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://api.aadrm.comh |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://api.addins.omex.office.net/appinfo/query |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://api.addins.omex.office.net/appinfo/query=N(m |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://api.addins.omex.office.net/appstate/query |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://api.addins.store.office.com/addinstemplate |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://api.addins.store.office.com/app/query |
Source: EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp | String found in binary or memory: https://api.addins.store.office.com/app/queryAppStateQuery15https://api.addins.omex.office.net/appst |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate |
Source: 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://api.cortana.ai |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://api.cortana.aiBearer |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://api.cortana.aihttps://login.windows.net/common/oauth2/authorize |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://api.cortana.ait |
Source: 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://api.diagnostics.office.com |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://api.diagnostics.office.com; |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://api.diagnostics.office.comBearer |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://api.diagnostics.office.comN |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://api.diagnostics.office.comhttps://login.windows.net/common/oauth2/authorize |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://api.diagnosticssdf.office.com |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://api.microsoftstream.com/api/ |
Source: EXCEL.EXE, 00000001.00000003.281285341.00000000130A5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://api.microsoftstream.com/api/StreamVideoBasehttps://web.microsoftstream.com/video/PPTQuickSta |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://api.microsoftstream.com/api/ntA |
Source: 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://api.office.net |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://api.office.netv |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://api.onedrive.com |
Source: EXCEL.EXE, 00000001.00000003.281285341.00000000130A5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://api.onedrive.comMBI |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://api.onedrive.comceK |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://api.powerbi.com/beta/myorg/imports |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://api.powerbi.com/beta/myorg/imports; |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups% |
Source: EXCEL.EXE, 00000001.00000003.281285341.00000000130A5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groupsBearer |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://apis.live.net/v5.0/ |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://apis.live.net/v5.0/ne |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://arc.msn.com/v4/api/selection |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/ |
Source: EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp | String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/OneNoteBulletinshttps:// |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/S2b |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://augloop.office.com |
Source: 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://augloop.office.com/v2 |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://augloop.office.com/v278 |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://augloop.office.com/v2Bearer |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://augloop.office.com/v2https://login.windows.net/common/oauth2/authorize |
Source: EXCEL.EXE, 00000001.00000002.751782101.000000001304F000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.597933068.000000001304A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285417987.000000001305B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.733903292.000000001304A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560518124.000000001305B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734760923.000000001304B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281097204.000000001305B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://augloop.office.comLinkRequestApiPageTitleRetrievalhttps://uci. |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.733824840.0000000012FAE000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281291219.000000000F564000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://autodiscover-s.outlook.com/ |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml7 |
Source: 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://cdn.entity. |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell |
Source: EXCEL.EXE, 00000001.00000003.281285341.00000000130A5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsellSkyDriveSignUpUpsellImageht |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell |
Source: EXCEL.EXE, 00000001.00000003.281285341.00000000130A5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsellLiveProfileServicehttps |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://client-office365-tas.msedge.net/ab |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://client-office365-tas.msedge.net/abpYrnF |
Source: 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://clients.config.office.net/ |
Source: EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://clients.config.office.net/Bearer |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://clients.config.office.net/List |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://clients.config.office.net/c |
Source: EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://clients.config.office.net/https://login.windows.net/common/oauth2/authorize |
Source: 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies=/1l |
Source: EXCEL.EXE, 00000001.00000003.281285341.00000000130A5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policieshttps://login.windows.net/common/oauth2/ |
Source: 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://clients.config.office.net/user/v1.0/ios |
Source: EXCEL.EXE, 00000001.00000003.281285341.00000000130A5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://clients.config.office.net/user/v1.0/iosBearer |
Source: EXCEL.EXE, 00000001.00000003.281285341.00000000130A5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://clients.config.office.net/user/v1.0/ioshttps://login.windows.net/common/oauth2/authorize |
Source: 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://clients.config.office.net/user/v1.0/mac |
Source: EXCEL.EXE, 00000001.00000003.281285341.00000000130A5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://clients.config.office.net/user/v1.0/macBearer |
Source: EXCEL.EXE, 00000001.00000003.281285341.00000000130A5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://clients.config.office.net/user/v1.0/machttps://login.windows.net/common/oauth2/authorize |
Source: 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey |
Source: EXCEL.EXE, 00000001.00000003.281285341.00000000130A5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkeyBearer |
Source: EXCEL.EXE, 00000001.00000003.281285341.00000000130A5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkeyhttps://login.windows.net/common/oau |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://cloudfiles.onenote.com/upload.aspx |
Source: EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp | String found in binary or memory: https://cloudfiles.onenote.com/upload.aspxOneNoteCloudFilesConsumerEmbedhttps://onedrive.live.com/em |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://config.edge.skype.com |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://config.edge.skype.com/config/v1/Office |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://config.edge.skype.com/config/v2/Office |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://config.edge.skype.com/config/v2/Office3Y5nK |
Source: 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://cortana.ai |
Source: 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://cortana.ai/api |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://cortana.ai/apiBearer |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://cortana.ai/apihttps://login.windows.net/common/oauth2/authorize |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://cortana.aietl |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://cr.office.com |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://cr.office.comB |
Source: 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://dataservice.o365filtering.com |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://dataservice.o365filtering.com# |
Source: 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://dataservice.o365filtering.com/ |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFileBearer |
Source: EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp | String found in binary or memory: https://dataservice.o365filtering.com/https://login.windows.net/common/oauth2/authorize |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://dataservice.o365filtering.com= |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://dataservice.o365filtering.comW |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://dataservice.o365filtering.coma |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://dataservice.o365filtering.comy |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileBearer |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies |
Source: EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp | String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesBearer |
Source: EXCEL.EXE, 00000001.00000002.751400177.0000000012EC0000.00000004.00000001.sdmp | String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesP |
Source: 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://dev.cortana.ai |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://dev.cortana.aiBearer |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://dev.cortana.aiG |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://dev.cortana.aihttps://login.windows.net/common/oauth2/authorize |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/ |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://dev0-api.acompli.net/autodetect |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://devnull.onenote.com |
Source: EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp | String found in binary or memory: https://devnull.onenote.comBearer |
Source: EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp | String found in binary or memory: https://devnull.onenote.comMBI_SSL_SHORT |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://devnull.onenote.comt |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://directory.services. |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://ecs.office.com/config/v2/Office |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://enrichment.osi.office.net/ |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://enrichment.osi.office.net/4 |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1 |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1AuthorizationBearer |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1CR |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1 |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1 |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1nS |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1 |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1 |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v12R3m |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1EnrichmentWACUrlhttps://enrichment.osi. |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/ |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/EnrichmentMetadataUrlhttps://enrichm |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtmlEnrichmentDisambiguat |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml |
Source: EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://enrichment.osi.office.net/https://login.windows.net/common/oauth2/authorizeMBI_SSLhttps://os |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://entitlement.diagnostics.office.com |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://entitlement.diagnosticssdf.office.com |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://entitlement.diagnosticssdf.office.comoYAnG |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://entity.osi.office.net/t |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech7 |
Source: EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp | String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechBearer |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechr |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751400177.0000000012EC0000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android |
Source: EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp | String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-androidUserVoiceOf |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://globaldisco.crm.dynamics.com |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://graph.ppe.windows.net |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://graph.ppe.windows.net/ |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://graph.ppe.windows.net/a8Kag |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://graph.ppe.windows.net/https://graph.ppe.windows.net |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://graph.windows.net |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://graph.windows.net/ |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://graph.windows.net/_9Y |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://graph.windows.net/e |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://graph.windows.net/https://graph.windows.net |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://graph.windows.netv8 |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://hubble.officeapps.live.com |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://hubble.officeapps.live.com_ |
Source: EXCEL.EXE, 00000001.00000002.751475998.0000000012F21000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse? |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d |
Source: EXCEL.EXE, 00000001.00000003.281121315.0000000013080000.00000004.00000001.sdmp | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3dMBI_SSL_SHORTofficeapps.live.comb |
Source: 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1 |
Source: EXCEL.EXE, 00000001.00000002.751400177.0000000012EC0000.00000004.00000001.sdmp | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1 |
Source: 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1 |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1 |
Source: 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1 |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1 |
Source: EXCEL.EXE, 00000001.00000002.751475998.0000000012F21000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon? |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://incidents.diagnostics.office.com |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://incidents.diagnosticssdf.office.com |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://incidents.diagnosticssdf.office.comZYLnH |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://inclient.store.office.com/gyro/client |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://inclient.store.office.com/gyro/clientl |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://inclient.store.office.com/gyro/clientstore |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://inclient.store.office.com/gyro/clientstoret |
Source: EXCEL.EXE, 00000001.00000002.751400177.0000000012EC0000.00000004.00000001.sdmp | String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveApp |
Source: EXCEL.EXE, 00000001.00000003.281121315.0000000013080000.00000004.00000001.sdmp | String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveAppHomeR |
Source: 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing |
Source: EXCEL.EXE, 00000001.00000002.751400177.0000000012EC0000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt |
Source: 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook |
Source: EXCEL.EXE, 00000001.00000002.751400177.0000000012EC0000.00000004.00000001.sdmp | String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook9 |
Source: 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickrv |
Source: EXCEL.EXE, 00000001.00000002.751400177.0000000012EC0000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech3 |
Source: EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp | String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeechBearer |
Source: 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://lifecycle.office.com |
Source: EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp | String found in binary or memory: https://lifecycle.office.comMBI_SSL_SHORThttps://lifecycle.office.comt |
Source: EXCEL.EXE, 00000001.00000003.739543319.0000000013205000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.600803357.0000000013204000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.735160892.0000000013204000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.752120071.0000000013209000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.597602181.0000000013204000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.738731303.0000000013204000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.612834324.0000000013204000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.561469211.0000000013204000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.613268166.0000000013204000.00000004.00000001.sdmp | String found in binary or memory: https://login.live.comts |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://login.microsoftonline.com/ |
Source: 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize( |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://login.windows.local |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.localtes- |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize |
Source: EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common |
Source: 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://login.windows.net/common/oauth2/authorize |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize&A |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize( |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize) |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize)A4nA |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize5E0j |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize6 |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize7 |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize7C2hc |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize8 |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize8A |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize9 |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize9B$iQ |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize: |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize; |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize= |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeDE#j |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeF |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeFC%hb |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeH |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeHBWiP |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeICTha |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeKAVn? |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeL |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeLN |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeM |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeMBI_SSL_SHORT |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeWERj |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeXCGh |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeZ |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeZAIn |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize_ |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize_NJm |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizea |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizefEEj |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizehDwkp |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeiEtj |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeizeJ |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizej |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizejByiN |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizek |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizekCvh_ |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizel |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizem |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizemAxn= |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizenN |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeo |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeoOzl |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizep |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeqNlm |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizes |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizexEgj |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorizez |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize~ |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://login.windows.net/common/oauth2/authorize~Oml |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/ |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1 |
Source: EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp | String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1MBI_SSL_SHORT |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://management.azure.com |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://management.azure.com/ |
Source: EXCEL.EXE, 00000001.00000003.281285341.00000000130A5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://management.azure.com/BingGeospatialEndpointServiceUrlhttps://dev.virtualearth.net/REST/V1/Ge |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://management.azure.comw |
Source: EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://messaging.office.com/ |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://metadata.templates.cdn.office.net/client/log |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicyBearer |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech |
Source: EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp | String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechBearer |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechL |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://ncus.contentsync. |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.750289125.000000000F510000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://ncus.pagecontentsync. |
Source: EXCEL.EXE, 00000001.00000003.287212938.0000000012FF0000.00000004.00000001.sdmp | String found in binary or memory: https://nexus.officeapps.live.com/ |
Source: EXCEL.EXE, 00000001.00000002.749371941.000000000D761000.00000004.00000001.sdmp | String found in binary or memory: https://nexus.officeapps.live.com/config16/ |
Source: EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://nexus.officeapps.live.com/nexus/ |
Source: EXCEL.EXE, 00000001.00000002.749371941.000000000D761000.00000004.00000001.sdmp | String found in binary or memory: https://nexus.officeapps.live.com/nexus/rules |
Source: EXCEL.EXE, 00000001.00000003.287212938.0000000012FF0000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.561820513.0000000012FF4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751400177.0000000012EC0000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.563282189.000000000F59F000.00000004.00000001.sdmp | String found in binary or memory: https://nexus.officeapps.live.com/nexus/rules?Application=excel.exe&Version=16.0.4954.1000&ClientId= |
Source: EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://nexus.officeapps.live.comCF8 |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord |
Source: EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp | String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecordhttps://login.windows.net/co |
Source: EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp | String found in binary or memory: https://o365auditrealtimeingestion.manage.office.comBearer |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://o365auditrealtimeingestion.manage.office.comGD |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://ocos-office365-s2s.msedge.net/ab |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://ocos-office365-s2s.msedge.net/abDY&nJ |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/ |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://officeapps.live.com |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.com% |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.com- |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.com1 |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.com3 |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.com7 |
Source: EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.com82i |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.comC |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.comD |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.comG |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.comM |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.comS |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.comY |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.come |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.comk |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.como |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.comq |
Source: EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.comrr |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://officeapps.live.comu |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://officeci.azurewebsites.net/api/ |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://officeci.azurewebsites.net/api/$ |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://officesetup.getmicrosoftkey.com |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/ |
Source: EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://omex.cdn.o |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities |
Source: EXCEL.EXE, 00000001.00000003.281589453.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesOfficeAddInClassifierOfficeEntitiesUpdated |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdatede |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities2 |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated |
Source: 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://onedrive.live.com |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=falseY |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://onedrive.live.com/embed? |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://onedrive.live.com/embed?/ |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://onedrive.live.comed |
Source: EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://osi.office.net |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://osi.office.net# |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://osi.office.netb |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://osi.office.netst |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://otelrules.azureedge.net |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://outlook.office.com |
Source: EXCEL.EXE, 00000001.00000002.751578231.0000000012FAF000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.733824840.0000000012FAE000.00000004.00000001.sdmp | String found in binary or memory: https://outlook.office.com$k |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.733824840.0000000012FAE000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281291219.000000000F564000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://outlook.office.com/ |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751400177.0000000012EC0000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid= |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://outlook.office.com2; |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://outlook.office.comon |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://outlook.office.comonD:.c |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.733824840.0000000012FAE000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://outlook.office365.com |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.733824840.0000000012FAE000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281291219.000000000F564000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://outlook.office365.com/ |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://outlook.office365.com/= |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://outlook.office365.com/api/v1.0/me/ActivitiesMBI_SSL |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.jsonSubstrateOfficeIntelligenceServicehttps: |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.jsonpokiD |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/ |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=OutlookB |
Source: EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp | String found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=OutlookMBI_SSL_SHORT |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://pages.store.office.com/review/query |
Source: EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp | String found in binary or memory: https://pages.store.office.com/review/queryTemplateStarthttps:// |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://pages.store.office.com/review/queryt |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx |
Source: EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp | String found in binary or memory: https://pages.store.office.com/webapplandingpage.aspxAwsCgQueryhttps:// |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751400177.0000000012EC0000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json |
Source: EXCEL.EXE, 00000001.00000003.281285341.00000000130A5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonMBI_SSLpeople.directory. |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json |
Source: EXCEL.EXE, 00000001.00000003.281285341.00000000130A5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.jsonMBI_SSL_SHORTssl. |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.562031127.000000000F53B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598428723.000000000F531000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.739106606.000000000F536000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734406099.000000000F532000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.563181967.000000000F53B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281291219.000000000F564000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.750364994.000000000F53C000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13 |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13IdentityServicehttps://identity. |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://powerlift-frontdesk.acompli.net |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://powerlift-frontdesk.acompli.netPowerLiftGymBaseUrlhttps://powerlift.acompli.netSubstrateOffi |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://powerlift.acompli.net |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://powerlift.acompli.net-; |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptioneventsJ |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptioneventsMBI_SSLhttps://rpsticket.partnerservices.getmicr |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281565278.0000000013083000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281121315.0000000013080000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://roaming.edog. |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp | String found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.comX |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://settings.outlook.com |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://settings.outlook.com& |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://shell.suite.office.com:1443 |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://skyapi.live.net/Activity/ |
Source: EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://sr.outlook.office.net/ws/speech/re |
Source: EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://sr.outlook.office.net/ws/speech/recog |
Source: 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/workPowerBIGetDatasetsApihttps://api.pow |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/workhttps://login.windows.net/common/oau |
Source: 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://staging.cortana.ai |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://staging.cortana.aiBearer |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://staging.cortana.aihttps://login.windows.net/common/oauth2/authorize |
Source: EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://storage.live.com/clientlogs/uploadlocation |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://store.office.cn/addinstemplate |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://store.office.de/addinstemplate |
Source: EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://substrate.office.com |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://substrate.office.com$; |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://substrate.office.com/Todo-Internal.ReadWrite |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistoryMBI_SSL |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://substrate.office.com/search/api/v2/init |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://substrate.office.com/search/api/v2/initMBI_SSL |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://substrate.office.com;;5b |
Source: EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://substrate.office.comP |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://substrate.office.comR: |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://substrate.office.comc |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://substrate.office.coml |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://substrate.office.comy |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileBearer |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://tasks.office.com |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://tellmeservice.osi.office.netst |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/ |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.htmlInsightsImmersivehttps |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751400177.0000000012EC0000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://web.microsoftstream.com/video/ |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/ |
Source: EXCEL.EXE, 00000001.00000003.281278632.00000000130AB000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/ExchangeAutoDiscoverhttps:/ |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://webshell.suite.office.com |
Source: EXCEL.EXE, 00000001.00000003.281285341.00000000130A5000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://webshell.suite.office.comOCSettingsCloudPolicyServiceAndroidUrlhttps://clients.config.office |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://webshell.suite.office.comu |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://wus2.contentsync. |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.750289125.000000000F510000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://wus2.pagecontentsync. |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751491365.0000000012F2A000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2 |
Source: EXCEL.EXE, 00000001.00000003.281133390.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281266817.00000000130B7000.00000004.00000001.sdmp | String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2Azur |
Source: EXCEL.EXE, 00000001.00000003.281017203.0000000012F8B000.00000004.00000001.sdmp, 1C879995-8362-47D0-A5BB-F2EF376F1B92.1.dr | String found in binary or memory: https://www.odwebp.svc.ms |
Source: EXCEL.EXE, 00000001.00000003.734048144.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.598123614.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.734991130.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.281163989.00000000130E8000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.285622692.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000003.560788161.00000000130A4000.00000004.00000001.sdmp, EXCEL.EXE, 00000001.00000002.751938211.00000000130A4000.00000004.00000001.sdmp | String found in binary or memory: https://www.odwebp.svc.ms0 |