35.0.0 Citrine
IR
653502
CloudBasic
10:43:18
28/06/2022
purchase order.xlsx
defaultwindowsofficecookbook.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
a8930c1fcd80e9965ae26446afb717f6
0cbf04bf7fc8522ab983f0246357fa70a85ee56b
c02ff7b4d28a259d37a659a6951dba4ee574562ef5fc3b3a0135640c0370dee2
Generic OLE2 / Multistream Compound File (8008/1) 100.00%
true
false
false
false
68
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\34C7A8FE-4DF9-41DA-97CE-FBD957286E8B
false
6FF92A7CC58B007B5CF50798752F5FF6
B1500193F727C0943683A97216E28A9CEB39E45F
3BA0725357DE15FE94FA3B623E1C08191CEFF322EB8EC431404F306F15D8B7F4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\5A2016E7.png
false
86212DE909C5057FF80D28C6BCDA1B97
7B4846994D2A926D32AE44464802C8862D0D89AD
B796FFD015039600D93F191B42361B22A940F84BAADA5E4E7A9BD62829458BD0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\7092770.emf
false
00022229E61960C6F67FEA5ABD7CC7BF
95550373818BBB679D2388324C94A949CFFF90D5
CA521CE8E4A2C824905F74E45089E94D008E3E346439ECB9146AAD551C609A0F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\DB1DA0B1.emf
false
B6B2AE798B3758B49D802640BD39AF32
656AC44B76A94412C192609FBE730B73B238C3A9
6E281E82686640834CECC8BAECB83C1AEB68114A45299115D5B590E7C51E9332
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\document[1].htm
false
CDF5BDD4111E8CD5F0349DAFA4FD69D6
93FBE5D73A10E5C80593BB765203B05642C38574
59AA679DE09E68BC33D33371FEEF67837410E0056C10A9D66D87F01F667DD006
C:\Users\user\AppData\Local\Temp\1fyof3jw\1fyof3jw.dll
false
9AECF9FCAD18AD5C87157D7A648B6BD4
C30F06A3A49A0F52ECC64FF544159AB46E09B084
884C79B3C442E367C47C28CE379460E8EC0849D4C4D6381657794F40B2A7CB67
C:\Users\user\AppData\Local\Temp\1fyof3jw\CSCCF40F4DDD1534C9CB221F9FD50B8FC59.TMP
false
85E307F916985ED8227C37FD6EAAD243
72F137CA124C6E97E4546458E2F076B75A2927DE
23C6B12E792794E645586D3E40359BDE672C6618968B96A525030C4D3F36F414
C:\Users\user\AppData\Local\Temp\RES13B6.tmp
false
8FEBD54D47AB795291C00E5A653BE4F6
F1223492FCCFFDF42690645083E72AEE47618D18
0B69D1611DEA610CBDE2B25572D75CC2749E05EB36ECAD7E5D33A3BB5772896A
C:\Users\user\AppData\Local\Temp\RESF139.tmp
false
8F7E3DC0BAFE313F5CD4C9AF8D658E10
4B3A6AEE81EE79CED7D9B6A13A52407D67AC4C9D
4F3476B8E205E0B0908EBD5F50CBFA9776823AECC322FBE2F33366252BCC429A
C:\Users\user\AppData\Local\Temp\byhngmvt\CSC32F0A3FBBAE2450F8C7268C7C3F4F6C.TMP
false
E4A1CF9558A786A84B1619C8E5EDAD75
D45ABADD224059F87E1FDF4E2EE2CF16A9DDAA1D
EFDC4288424F961795D5E2C02F93CDD08C0581BA9F6F5A82474732471A4FA216
C:\Users\user\AppData\Local\Temp\byhngmvt\byhngmvt.dll
false
CA38C4E07EE62DF319C8D61BFDB96BCA
8840EFA9C96F5793650FDB7EB7396A4910082235
B557E8D652DBB7E83CBE18AF2557802FCD2B435EE30CD052E60D44C77844074E
C:\Users\user\AppData\Local\Temp\~DF2B6201859A4F0F2C.TMP
false
A8930C1FCD80E9965AE26446AFB717F6
0CBF04BF7FC8522AB983F0246357FA70A85EE56B
C02FF7B4D28A259D37A659A6951DBA4EE574562EF5FC3B3A0135640C0370DEE2
C:\Users\user\AppData\Local\Temp\~DF477F7B9558984353.TMP
false
BF619EAC0CDF3F68D496EA9344137E8B
5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Users\user\AppData\Local\Temp\~DF82DC9C2209D4F75C.TMP
false
BF619EAC0CDF3F68D496EA9344137E8B
5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Users\user\AppData\Local\Temp\~DFA791BA4295C35A78.TMP
false
BF619EAC0CDF3F68D496EA9344137E8B
5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Users\user\Desktop\~$purchase order.xlsx
true
7AB76C81182111AC93ACF915CA8331D5
68B94B5D4C83A6FB415C8026AF61F3F8745E2559
6A499C020C6F82C54CD991CA52F84558C518CBD310B10623D847D878983A40EF
C:\Windows\Temp\SDIAG_a15a10f3-1521-4839-a5a3-4e170a5f026c\DiagPackage.diagpkg
false
191959B4C3F91BE170B30BF5D1BC2965
1891E3CB588516B94FDC53794DA4DF5469A4C6D0
8EC3A8F67BAF1E4658FC772F9F35230CA1B0318DDAF7A4C84789A329B6F7F047
C:\Windows\Temp\SDIAG_a15a10f3-1521-4839-a5a3-4e170a5f026c\DiagPackage.dll
false
6E492FFAD7267DC380363269072DC63F
3281F69F93D181ADEE35BC9AD93B8E1F1BBF7ED3
456AE5D9C48A1909EE8093E5B2FAD5952987D17A0B79AAE4FFF29EB684F938A8
C:\Windows\Temp\SDIAG_a15a10f3-1521-4839-a5a3-4e170a5f026c\RS_ProgramCompatibilityWizard.ps1
false
EDF1259CD24332F49B86454BA6F01EAB
7F5AA05727B89955B692014C2000ED516F65D81E
AB41C00808ADAD9CB3D76405A9E0AEE99FB6E654A8BF38DF5ABD0D161716DC27
C:\Windows\Temp\SDIAG_a15a10f3-1521-4839-a5a3-4e170a5f026c\TS_ProgramCompatibilityWizard.ps1
false
2C245DE268793272C235165679BF2A22
5F31F80468F992B84E491C9AC752F7AC286E3175
4A6E9F400C72ABC5B00D8B67EA36C06E3BC43BA9468FE748AEBD704947BA66A0
C:\Windows\Temp\SDIAG_a15a10f3-1521-4839-a5a3-4e170a5f026c\VF_ProgramCompatibilityWizard.ps1
false
60A20CE28D05E3F9703899DF58F17C07
98630ABC4B46C3F9BD6AF6F1D0736F2B82551CA9
B71BC60C5707337F4D4B42BA2B3D7BCD2BA46399D361E948B9C2E8BC15636DA2
C:\Windows\Temp\SDIAG_a15a10f3-1521-4839-a5a3-4e170a5f026c\en-US\CL_LocalizationData.psd1
false
E877AD0545EB0ABA64ED80B576BB67F6
4D200348AD4CA28B5EFED544D38F4EC35BFB1204
8CAC8E1DA28E288BF9DB07B2A5BDE294122C8D2A95EA460C757AE5BAA2A05F27
C:\Windows\Temp\SDIAG_a15a10f3-1521-4839-a5a3-4e170a5f026c\en-US\DiagPackage.dll.mui
false
CC3C335D4BBA3D39E46A555473DBF0B8
92ADCDF1210D0115DB93D6385CFD109301DEAA96
330A1D9ADF3C0D651BDD4C0B272BF2C7F33A5AF012DEEE8D389855D557C4D5FD
C:\Windows\Temp\SDIAG_a15a10f3-1521-4839-a5a3-4e170a5f026c\result\results.xsl
false
310E1DA2344BA6CA96666FB639840EA9
E8694EDF9EE68782AA1DE05470B884CC1A0E1DED
67401342192BABC27E62D4C1E0940409CC3F2BD28F77399E71D245EAE8D3F63C
172.245.119.48
https://api.diagnosticssdf.office.com
false
unknown
https://login.microsoftonline.com/
false
unknown
https://shell.suite.office.com:1443
false
unknown
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
false
unknown
https://autodiscover-s.outlook.com/
false
unknown
https://roaming.edog.
false
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
false
unknown
https://cdn.entity.
false
unknown
https://api.addins.omex.office.net/appinfo/query
false
unknown
https://clients.config.office.net/user/v1.0/tenantassociationkey
false
unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
false
unknown
https://powerlift.acompli.net
false
unknown
https://rpsticket.partnerservices.getmicrosoftkey.com
false
unknown
https://lookup.onenote.com/lookup/geolocation/v1
false
unknown
https://cortana.ai
false
unknown
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
false
unknown
https://cloudfiles.onenote.com/upload.aspx
false
unknown
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
false
unknown
https://entitlement.diagnosticssdf.office.com
false
unknown
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
false
unknown
https://api.aadrm.com/
false
unknown
https://ofcrecsvcapi-int.azurewebsites.net/
false
unknown
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
false
unknown
https://api.microsoftstream.com/api/
false
unknown
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
false
unknown
https://cr.office.com
false
unknown
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
false
unknown
https://portal.office.com/account/?ref=ClientMeControl
false
unknown
http://172.245.119.48/870/vbc.exe
false
172.245.119.48
https://graph.ppe.windows.net
false
unknown
https://res.getmicrosoftkey.com/api/redemptionevents
false
unknown
https://powerlift-frontdesk.acompli.net
false
unknown
https://tasks.office.com
false
unknown
https://officeci.azurewebsites.net/api/
false
unknown
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
false
unknown
https://store.office.cn/addinstemplate
false
unknown
https://api.aadrm.com
false
unknown
https://outlook.office.com/autosuggest/api/v1/init?cvid=
false
unknown
https://globaldisco.crm.dynamics.com
false
unknown
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
false
unknown
https://dev0-api.acompli.net/autodetect
false
unknown
https://www.odwebp.svc.ms
false
unknown
https://api.diagnosticssdf.office.com/v2/feedback
false
unknown
https://api.powerbi.com/v1.0/myorg/groups
false
unknown
https://web.microsoftstream.com/video/
false
unknown
https://api.addins.store.officeppe.com/addinstemplate
false
unknown
https://graph.windows.net
false
unknown
https://dataservice.o365filtering.com/
false
unknown
https://officesetup.getmicrosoftkey.com
false
unknown
https://analysis.windows.net/powerbi/api
false
unknown
https://prod-global-autodetect.acompli.net/autodetect
false
unknown
https://outlook.office365.com/autodiscover/autodiscover.json
false
unknown
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
false
unknown
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
false
unknown
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
false
unknown
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
false
unknown
http://172.245.119.48/shipping_invc/document.html
false
172.245.119.48
https://ncus.contentsync.
false
unknown
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
false
unknown
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
false
unknown
http://weather.service.msn.com/data.aspx
false
unknown
https://apis.live.net/v5.0/
false
unknown
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
false
unknown
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
false
unknown
https://messaging.lifecycle.office.com/
false
unknown
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
false
unknown
https://management.azure.com
false
unknown
https://outlook.office365.com
false
unknown
https://wus2.contentsync.
false
unknown
https://incidents.diagnostics.office.com
false
unknown
https://clients.config.office.net/user/v1.0/ios
false
unknown
https://insertmedia.bing.office.net/odc/insertmedia
false
unknown
https://o365auditrealtimeingestion.manage.office.com
false
unknown
https://outlook.office365.com/api/v1.0/me/Activities
false
unknown
https://api.office.net
false
unknown
https://incidents.diagnosticssdf.office.com
false
unknown
https://asgsmsproxyapi.azurewebsites.net/
false
unknown
https://clients.config.office.net/user/v1.0/android/policies
false
unknown
https://entitlement.diagnostics.office.com
false
unknown
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
false
unknown
https://substrate.office.com/search/api/v2/init
false
unknown
https://outlook.office.com/
false
unknown
https://storage.live.com/clientlogs/uploadlocation
false
unknown
https://outlook.office365.com/
false
unknown
https://webshell.suite.office.com
false
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
false
unknown
https://substrate.office.com/search/api/v1/SearchHistory
false
unknown
https://management.azure.com/
false
unknown
https://messaging.lifecycle.office.com/getcustommessage16
false
unknown
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
false
unknown
https://login.windows.net/common/oauth2/authorize
false
unknown
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
false
unknown
https://graph.windows.net/
false
unknown
https://api.powerbi.com/beta/myorg/imports
false
unknown
https://devnull.onenote.com
false
unknown
https://messaging.action.office.com/
false
unknown
https://ncus.pagecontentsync.
false
unknown
https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
false
unknown
https://messaging.office.com/
false
unknown
https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
false
unknown
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Multi AV Scanner detection for submitted file
Yara detected Microsoft Office Exploit Follina CVE-2022-30190
Document exploit detected (process start blacklist hit)