Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Reparto Trabajo TP4.xlsm

Overview

General Information

Sample name:Reparto Trabajo TP4.xlsm
Analysis ID:1583538
MD5:290563ecab13a6d4b23a554013729212
SHA1:d344139cc411390e19ee140113afbb788f7a634c
SHA256:f76ae809d4692f0a92a0ea5b83284e4b230f7241895870caac93aad3465c9288
Tags:xlsmuser-smica83
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Document contains an embedded macro with GUI obfuscation
Document exploit detected (process start blacklist hit)
AV process strings found (often used to terminate AV products)
Document contains an embedded VBA macro which executes code when the document is opened / closed
Document contains embedded VBA macros
Document misses a certain OLE stream usually present in this Microsoft Office document type
Enables security privileges
May use bcdedit to modify the Windows boot settings
One or more processes crash

Classification

Process Tree

  • System is w11x64_office
  • EXCEL.EXE (PID: 7980 cmdline: "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: F9F7B6C42211B06E7AC3E4B60AA8FB77)
    • WerFault.exe (PID: 6764 cmdline: C:\Windows\system32\WerFault.exe -u -p 7980 -s 3736 MD5: 5A849C27C4796C1A7C22C572D8EAF95D)
    • WerFault.exe (PID: 7772 cmdline: C:\Windows\system32\WerFault.exe -u -p 7980 -s 4752 MD5: 5A849C27C4796C1A7C22C572D8EAF95D)
  • EXCEL.EXE (PID: 6424 cmdline: "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Reparto Trabajo TP4.xlsm" MD5: F9F7B6C42211B06E7AC3E4B60AA8FB77)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Office Macro File Creation
Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE, ProcessId: 7980, TargetFilename: C:\Users\user\Desktop\~$Reparto Trabajo TP4.xlsm

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEDirectory created: C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files\Microsoft Office\root\vfs\System\MSVCR100.dllJump to behavior

Software Vulnerabilities

barindex
Document exploit detected (process start blacklist hit)
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\System32\WerFault.exe
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://b.c2r.ts.cdn.office.net/prcom
Source: EXCEL.EXE, 00000000.00000002.12439458338.0000023A50B36000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0B
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60932000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: EXCEL.EXE, 00000000.00000002.12439458338.0000023A50B36000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0
Source: EXCEL.EXE, 00000000.00000002.12461984815.0000023A6A212000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12454893707.0000023A62E70000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://dublincore.org/schemas/xmls/qdc/2003/04/02/dc.xsd
Source: EXCEL.EXE, 00000000.00000002.12461984815.0000023A6A212000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://dublincore.org/schemas/xmls/qdc/2003/04/02/dc.xsdz
Source: EXCEL.EXE, 00000000.00000002.12461984815.0000023A6A212000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12461984815.0000023A6A1B0000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12454893707.0000023A62E70000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://dublincore.org/schemas/xmls/qdc/2003/04/02/dcterms.xsd
Source: EXCEL.EXE, 00000000.00000002.12461984815.0000023A6A212000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://dublincore.org/schemas/xmls/qdc/2003/04/02/dcterms.xsdf
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr~
Source: EXCEL.EXE, 00000000.00000002.12439458338.0000023A50B36000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: EXCEL.EXE, 00000000.00000002.12448535688.0000023A60530000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: EXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://sajatypeworks.comi
Source: EXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://sajatypeworks.comk
Source: EXCEL.EXE, 00000000.00000002.12461984815.0000023A6A1E6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.m
Source: EXCEL.EXE, 00000000.00000002.12440674652.0000023A5C8A0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
Source: EXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://scripts.sil.org/OFL
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IRoamingSettingsService/GetConfig
Source: EXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: EXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: EXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: EXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: EXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: EXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: EXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: EXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: EXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: EXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: EXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: EXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: EXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: EXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: EXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: EXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
Source: EXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: EXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: EXCEL.EXE, 00000000.00000002.12445772993.0000023A6035C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/v2/auth
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionloggings
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticatedB.
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticateds
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalledx&
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/queryg
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/queryted0
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.aadrm.com
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.aadrm.com/
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.aadrm.comPE
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.aadrm.comget0E&
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.cortana.aidB
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.cortana.aiet
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.diagnostics.office.com
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.diagnostics.office.com.
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.diagnostics.office.com.com
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.diagnostics.office.com4
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.diagnostics.office.comj
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.diagnostics.office.comm
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.diagnosticssdf.office.com
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.diagnosticssdf.office.com6
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.diagnosticssdf.office.comj
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.diagnosticssdf.office.comm
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.microsoftstream.com
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.microsoftstream.com/api/
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.microsoftstream.com/api/d
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.microsoftstream.comHVgd:
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12458196652.0000023A6495F000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12453660102.0000023A610F8000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12453660102.0000023A60F8D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.office.net
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.office.netet
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.office.netetPI
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.office.netetPJ
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.office.netlJ
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.office.neton
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.office.nett
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.onedrive.com/v1.0/v1.0
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.onedrive.comce
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.onedrive.comnd:
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12438848081.0000023A4E370000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://apis.live.net/v5.0/
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://apis.live.net/v5.0/neP
Source: EXCEL.EXE, 00000000.00000002.12440077509.0000023A50FB1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: EXCEL.EXE, 00000000.00000002.12440077509.0000023A50ECA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft1
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com/v4/api/selectiond
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12438848081.0000023A4E370000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://augloop.office.com
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://augloop.office.com/v2
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://augloop.office.com/v2:
Source: EXCEL.EXE, 00000000.00000002.12443043055.0000023A5DCA7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://autodiscover.com.br/Autodiscover/Autodiscover.xml:
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://autodiscover.com.br/autodiscover/autodiscover.xml:
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://autodiscover.com.cn/Autodiscover/Autodiscover.xml:
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://autodiscover.com.cn/autodiscover/autodiscover.xml:
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://autodiscover.com/Autodiscover/Autodiscover.xml
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://autodiscover.com/autodiscover/autodiscover.xml
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://autodiscover.es/Autodiscover/Autodiscover.xmlp
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://autodiscover.es/autodiscover/autodiscover.xml
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://autodiscover.fr/Autodiscover/Autodiscover.xml4
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://autodiscover.fr/autodiscover/autodiscover.xml
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://autodiscover.in/Autodiscover/Autodiscover.xml
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://autodiscover.in/autodiscover/autodiscover.xml
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://autodiscover.it/Autodiscover/Autodiscover.xml
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://autodiscover.it/autodiscover/autodiscover.xml
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://autodiscover.online/Autodiscover/Autodiscover.xml:
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://autodiscover.online/autodiscover/autodiscover.xml
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://autodiscover.sg/Autodiscover/Autodiscover.xml
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://autodiscover.sg/autodiscover/autodiscover.xml
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://autodiscover.uk/Autodiscover/Autodiscover.xml
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://autodiscover.uk/autodiscover/autodiscover.xmly
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://autodiscover.xyz/Autodiscover/Autodiscover.xml
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://autodiscover.xyz/autodiscover/autodiscover.xml
Source: EXCEL.EXE, 00000000.00000002.12448535688.0000023A60530000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://broadcast.officeapps.live.com/m/broadcasthost.asmx
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/create-module
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assetsbUndoH)
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen4
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screenB)
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbareen
Source: EXCEL.EXE, 00000000.00000002.12445447353.0000023A60293000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12445636380.0000023A602FD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.entity.
Source: EXCEL.EXE, 00000000.00000002.12445447353.0000023A60293000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.entity.osi.office.net/OfficeEntity/web/views/juno.mac.cshtmltml
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://clients.config.office.net
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://clients.config.office.net/
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://clients.config.office.net/$
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://clients.config.office.net/.
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallationetal
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policieson
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkeydll
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://clients.config.office.net/z
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://clients.config.office.netalog
Source: EXCEL.EXE, 00000000.00000002.12445447353.0000023A60293000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://contacts.msn.com/ABService/ABService.asmx.asmx
Source: EXCEL.EXE, 00000000.00000002.12445447353.0000023A60293000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://contentstorage.osi.office.net/getofficecarouselcore/index.htmltml
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cortana.ai
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cortana.ai/api
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cortana.ai/api$B
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cortana.ai/api(B
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cortana.aietltXD
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cortana.aitlhE
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cr.office.com
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://d.docs.live.net
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://d.docs.live.netAPIHost
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://d.docs.live.nett
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dataservice.o365filtering.com
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dataservice.o365filtering.com/4
Source: EXCEL.EXE, 00000000.00000002.12448535688.0000023A60530000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: EXCEL.EXE, 00000000.00000002.12448535688.0000023A60530000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFileFile
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dataservice.o365filtering.com/t
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dataservice.o365filtering.comX
Source: EXCEL.EXE, 00000000.00000002.12448535688.0000023A60530000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://designerapp.azurewebsites.net
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://designerapp.azurewebsites.netn
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://designerapp.officeapps.live.com/designerappvc/subscription
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dev.cortana.ai
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dev.cortana.ai4D:
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dev.cortana.aiet
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint//restY
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/k
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dev0-api.acompli.net/autodetect(
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://devnull.onenote.com
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://diancolombia.sharepoint.com/sites/Div-ABAD-Cont-Carga/GITABADTrafPostEnvUrgentes/06_Asignaci
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://directory.services.
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://directory.services.live.com/profile/Profile.asmx.asmx
Source: EXCEL.EXE, 00000000.00000002.12445447353.0000023A60293000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://docs.live.net/SharingService.svcvice.svcamingCA
Source: EXCEL.EXE, 00000000.00000002.12445447353.0000023A60293000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://docs.live.net/SkyDocsService.svcvice.svcpm
Source: EXCEL.EXE, 00000000.00000002.12439566568.0000023A50DE4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ecs.nel.measure.office.net?TenantId=Office&DestinationEndpoint=Edge-Prod-EWR30r4c&FrontEnd=A
Source: EXCEL.EXE, 00000000.00000002.12458196652.0000023A6495F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ecs.office.com
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: EXCEL.EXE, 00000000.00000002.12456219093.0000023A64240000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ecs.office.com/config/v2/Office/excel/16.0.18129.20158/Production/CC?&EcsCanary=1&Clientid=
Source: EXCEL.EXE, 00000000.00000002.12452978168.0000023A60B9F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ecs.office.com/config/v2/Office=
Source: EXCEL.EXE, 00000000.00000002.12458196652.0000023A6495F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ecs.office.comO
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://edge.skype.com/registrar/prod
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://edge.skype.com/rps
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://enrichment.osi.office.net/
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1#
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v14
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: EXCEL.EXE, 00000000.00000002.12445447353.0000023A60293000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: EXCEL.EXE, 00000000.00000002.12445447353.0000023A60293000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.jsonl
Source: EXCEL.EXE, 00000000.00000002.12445447353.0000023A60293000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: EXCEL.EXE, 00000000.00000002.12445447353.0000023A60293000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: EXCEL.EXE, 00000000.00000002.12445447353.0000023A60293000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtmln
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://enrichment.osi.office.net/P
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://enrichment.osi.office.net/b
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://enrichment.osi.office.net/d
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://entity.osi.office.net/t
Source: EXCEL.EXE, 00000000.00000002.12449120821.0000023A60654000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excelcs.officeapps.live.com/xlauto/excelautomation.svc/XlAutomation
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://forms.office.com/formapi/api/
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: EXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/cascadia-code/blob/main/LICENSE).
Source: EXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/cascadia-code/blob/master/LICENSE).
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://graph.ppe.windows.net
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://graph.ppe.windows.net/
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://graph.ppe.windows.net/6
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://graph.windows.net
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://graph.windows.net/
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://graph.windows.net/G
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60E97000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://hubble.officeapps.live.com/mediasvc/api/media/getoembedproviders?type=video&endpoints=1&disp
Source: EXCEL.EXE, 00000000.00000002.12448535688.0000023A60530000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://hubble.officeapps.live.com/mediasvc/api/media/log
Source: EXCEL.EXE, 00000000.00000002.12448535688.0000023A60530000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://hubble.officeapps.live.com/mediasvc/api/media/oembed
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12454083630.0000023A611A3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3dx
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12454083630.0000023A611A3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1V
Source: EXCEL.EXE, 00000000.00000002.12454083630.0000023A611A3000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12445636380.0000023A602FD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: EXCEL.EXE, 00000000.00000002.12454083630.0000023A611A3000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12445636380.0000023A602FD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: EXCEL.EXE, 00000000.00000002.12454083630.0000023A611A3000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12445636380.0000023A602FD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: EXCEL.EXE, 00000000.00000002.12454083630.0000023A611A3000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon??
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/sharedfilepickerkerSID
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/videohostpage/videodeo
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/videopickerker
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ic3.teams.office.comhd:
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://imagetodoc.officeapps.live.comH
Source: EXCEL.EXE, 00000000.00000002.12454083630.0000023A611A3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: EXCEL.EXE, 00000000.00000002.12448535688.0000023A60530000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12454083630.0000023A611A3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: EXCEL.EXE, 00000000.00000002.12454083630.0000023A611A3000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12445636380.0000023A602FD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: EXCEL.EXE, 00000000.00000002.12454083630.0000023A611A3000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12445636380.0000023A602FD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: EXCEL.EXE, 00000000.00000002.12448535688.0000023A60530000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12454083630.0000023A611A3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: EXCEL.EXE, 00000000.00000002.12454083630.0000023A611A3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: EXCEL.EXE, 00000000.00000002.12454083630.0000023A611A3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmediaKey
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmediame
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://insertmedia.osi.office.net/insertmediadiacA
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://invites.office.com/
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://lifecycle.office.com:
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://lifecycle.office.comEd:
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/err.srfr.srf
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/logout.srft.srfr
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&response_type=token&redirect
Source: EXCEL.EXE, 00000000.00000002.12445447353.0000023A60293000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srfp.srfalc
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.live.comHost
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/b
Source: EXCEL.EXE, 00000000.00000002.12440077509.0000023A50FB1000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12445447353.0000023A60270000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/organizations
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.comPI
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.localH
Source: EXCEL.EXE, 00000000.00000002.12445447353.0000023A60293000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12441420188.0000023A5D695000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12440077509.0000023A50F10000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: EXCEL.EXE, 00000000.00000002.12445447353.0000023A60293000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize.asmx
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize9
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeKey
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeaMetion
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeaming
Source: EXCEL.EXE, 00000000.00000002.12445447353.0000023A60293000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizecKeyP
Source: EXCEL.EXE, 00000000.00000002.12445447353.0000023A60293000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizece
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeedrd
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeembed
Source: EXCEL.EXE, 00000000.00000002.12445447353.0000023A60293000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeest
Source: EXCEL.EXE, 00000000.00000002.12445447353.0000023A60293000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizehOndiP
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizelMe
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizelog1
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizelvupdi
Source: EXCEL.EXE, 00000000.00000002.12445447353.0000023A60293000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizem
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizenRTL
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizene
Source: EXCEL.EXE, 00000000.00000002.12445447353.0000023A60293000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizent
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizentA
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeot9
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeredirnd
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizests
Source: EXCEL.EXE, 00000000.00000002.12438758921.0000023A4E2DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizetemEXE4
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeton
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://make.powerautomate.com
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://make.powerautomate.comXNEd:
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://management.azure.com
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://management.azure.com/
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://management.azure.com/S
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://management.azure.comDd:
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://management.core.windows.net/
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://messaging.action.office.com/
Source: EXCEL.EXE, 00000000.00000002.12443814882.0000023A5DE3A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://messaging.office.com/
Source: EXCEL.EXE, 00000000.00000002.12443814882.0000023A5DE3A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://messaging.office.com/airtrafficcontrol/governancerulesles
Source: EXCEL.EXE, 00000000.00000002.12458196652.0000023A6495F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://mss.office.com
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: EXCEL.EXE, 00000000.00000002.12440077509.0000023A50ECA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ncus.pagecontentsync.
Source: EXCEL.EXE, 00000000.00000002.12440077509.0000023A50ECA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ncus.pagecontentsync.onenote.com/pagecontentsync/attachment/v1nc/attachment/v1s
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://nexusrules.officeapps.live.comL
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://nleditor.osi.office.net/NlEditor/CloudSuggest/V1/V1
Source: EXCEL.EXE, 00000000.00000002.12448535688.0000023A60530000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://notification.m365.svc.cloud.microsoft/PushNotifications.Register
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ocws.officeapps.live.com/ocs/docs/recent
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ocws.officeapps.live.com/ocs/docs/sharedwithme
Source: EXCEL.EXE, 00000000.00000002.12448535688.0000023A60530000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ocws.officeapps.live.com/ocs/docs/v2.0/sharedwithme
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ocws.officeapps.live.com/ocs/locations/recenty
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ocws.officeapps.live.com/ocs/quickaccess/sitesandteams
Source: EXCEL.EXE, 00000000.00000002.12448535688.0000023A60530000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/help/clientdeveloper
Source: EXCEL.EXE, 00000000.00000002.12448535688.0000023A60530000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12459221043.0000023A64DF1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/servicemanager/catalog
Source: EXCEL.EXE, 00000000.00000002.12459829402.0000023A6515F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/servicemanager/catalogl-16
Source: EXCEL.EXE, 00000000.00000002.12448535688.0000023A60530000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/servicemanager/liveredir
Source: EXCEL.EXE, 00000000.00000002.12449120821.0000023A60654000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/servicemanager/manageserviceredir.aspx
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/servicemanager/reportserviceerror
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/servicemanager/serviceadd
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/servicemanager/v
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.pngatedt
Source: EXCEL.EXE, 00000000.00000002.12445772993.0000023A6035C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/sm/google_16_1.png
Source: EXCEL.EXE, 00000000.00000002.12459637693.0000023A65000000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12445772993.0000023A6035C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/sm/google_32_1.png
Source: EXCEL.EXE, 00000000.00000002.12445772993.0000023A6035C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/sm/google_48_1.png
Source: EXCEL.EXE, 00000000.00000002.12445772993.0000023A6035C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/sm/google_64_1.png
Source: EXCEL.EXE, 00000000.00000002.12445772993.0000023A6035C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/sm/google_80_1.png
Source: EXCEL.EXE, 00000000.00000002.12445772993.0000023A6035C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/sm/google_96_1.png
Source: EXCEL.EXE, 00000000.00000002.12459637693.0000023A65000000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/sm/liveconnect_16_1.png
Source: EXCEL.EXE, 00000000.00000002.12459637693.0000023A65000000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/sm/sharepoint_16_2.png
Source: EXCEL.EXE, 00000000.00000002.12448535688.0000023A60530000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/federationProvidernt/browse?cp=Flickr
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrddia/logY
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/idpnProvider
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: EXCEL.EXE, 00000000.00000002.12448535688.0000023A60530000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12441575460.0000023A5D91F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.com
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.com(
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.com8?nd:
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.com8dqd:
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.comApc
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.comH
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.comHost
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.comK$L$M$N$u
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.comK)L)M)N)5
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.comL6M6N6O6$
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.comNam
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.comO
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.comS
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.com_.
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.comcom
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.comed
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.comg&h&i&j&
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.comk
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.coml:
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.como-p-q-r-
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.comom
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.comrl
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.coms$t$u$v$
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.comt0
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.comt6u6v6w6
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.comtq#r#N
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.comux
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.comx
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officepyservice.office.net/V
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officepyservice.office.net/service.functionalityu
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: EXCEL.EXE, 00000000.00000002.12448535688.0000023A60530000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ols.officeapps.live.com/olsc/OlsClient.svc/OlsClient
Source: EXCEL.EXE, 00000000.00000002.12445447353.0000023A60293000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ols.officeapps.live.com/olsc/olsconfig.svc/pin/v2//web/main.cshtml
Source: EXCEL.EXE, 00000000.00000002.12449120821.0000023A60654000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ols.officeapps.live.com/olsc/olsconfig.svc/redemption/flighting/
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ols.officeapps.live.com/olsc/olsconfig.svc/redemption/locales
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesq
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdatedp
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdatedssIdr
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiess
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: EXCEL.EXE, 00000000.00000002.12454083630.0000023A611A3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://onedrive.live.com
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://onedrive.live.com/embed?
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://onedrive.live.com/embed?J
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://onedrive.live.com:
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://osi.office.netst
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://otelrules.azureedge.net
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://otelrules.azureedge.net(u0d:
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://otelrules.svc.static.microsoft
Source: EXCEL.EXE, 00000000.00000002.12449000970.0000023A6057B000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.office.com
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.office.comh
Source: EXCEL.EXE, 00000000.00000002.12449000970.0000023A6057B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.office365.com
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12452978168.0000023A60B67000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.office365.com/
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.office365.com/H
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.office365.com:
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlookated
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlookdj-
Source: EXCEL.EXE, 00000000.00000002.12448535688.0000023A60530000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json0
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://planner.cloud.microsoft
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerlift-frontdesk.acompli.netT
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerlift.acompli.net:
Source: EXCEL.EXE, 00000000.00000002.12452978168.0000023A60B9F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://pptcs.officeapps.live.com/pptauto/PowerpointAutomation.svc/PptAutomationZ
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://pptcs.officeapps.live.com/pptauto/PowerpointAutomation.svc/rest
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://pptcts.officeapps.live.com/pptcts/Home.aspxsvc/PptSample
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://pptservicescast.officeapps.live.com/TextTranslationHandler.ashx
Source: EXCEL.EXE, 00000000.00000002.12443043055.0000023A5DCA7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://pptsgs.officeapps.live.com/pptsgs/FrontDoor.ashx
Source: EXCEL.EXE, 00000000.00000002.12443043055.0000023A5DCA7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://pptsgs.officeapps.live.com/pptsgs/FrontDoor.ashxnResultsToReturn
Source: EXCEL.EXE, 00000000.00000002.12452978168.0000023A60B9F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://pptsgs.officeapps.live.com/pptsgs/PowerpointSuggestion.svc/PptSuggestion
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://pptsgs.officeapps.live.com/pptsgs/resources/c/officehub
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://pptss.officeapps.live.com/pptss/powerpointsample.svc/PptSample
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectoryK
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://profile.live.com/cid-%s/d-%s/l
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://profile.live.com/home/homesrf
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://pushchannel.1drv.ms
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ready.osi.office.net/orforfo
Source: EXCEL.EXE, 00000000.00000002.12440077509.0000023A50ECA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://realtimesync.onenote.com/realtimechannel/v1.0/signalr/hubv1.0/signalr/hub
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: EXCEL.EXE, 00000000.00000002.12450078579.0000023A60730000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40/flatfontassets
Source: EXCEL.EXE, 00000000.00000002.12440521823.0000023A5C47C000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12440567301.0000023A5C580000.00000004.00000001.00040000.00000006.sdmp, EXCEL.EXE, 00000000.00000002.12459266056.0000023A64EAC000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12453660102.0000023A60F64000.00000004.00000001.00020000.00000000.sdmp, Primary1735862406471841700_DD6F8B40-D578-4CDF-9B22-B18ECAC37B9C.log.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40/flatfontassets.pkg
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EC0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40769
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EC0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40:
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40es
Source: EXCEL.EXE, 00000000.00000002.12439184161.0000023A50967000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12441575460.0000023A5D91F000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12439374399.0000023A50A20000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12440077509.0000023A50F10000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/office-growth/resources/programmablesurfaces/content/assets/office/wxp-wi
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://revere.osi.office.net/api/v
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12460904987.0000023A67310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://roaming.officeapps.live.com/rs/v1/settings.
Source: EXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://scripts.sil.org/OFL
Source: EXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://scripts.sil.org/OFL)
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://service.powerapps.com:
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://settings.outlook.com:
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://shell.suite.office.com:1443
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://skyapi.live.net/Activity/
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work1
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work26
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/workon
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://staging.cortana.ai
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://staging.cortana.airl
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://staging.cortana.airl)
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-1
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-2
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-100
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-150
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-200
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-light-
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://storage.azure.com/
Source: EXCEL.EXE, 00000000.00000002.12454083630.0000023A611A3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://storage.live.com/clientlogs/uploadlocationeck
Source: EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://storage.live.com/clientlogs/uploadlocationhme1
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://store.office.cn/addinstemplate
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://store.office.cn/addinstemplateV
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://store.office.com/catalog/laststoreupdateonMetrics_YellowInfoV0T.
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://store.office.com/myapps.aspx
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://store.office.de/addinstemplatet
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://store.office.de/addinstemplate~
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://stores.office.com/myaccount/api/account.svc/officehubub
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://stores.office.com/myaccount/api/account.svc/subscriptionon
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.com
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.com%d:
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.com&d:
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.com/CompliancePolicy/ClientSyncFile/
Source: EXCEL.EXE, 00000000.00000002.12452978168.0000023A60B9F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.com/imageB2/v1.0/me/image/resize%28width%3D384%2Cheight%3D384%2CallowResize
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.com/orca
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.com/puds/v1/me/settings/scan/outputSettings00.p
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.com/pudsN
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory/V1nt
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.com/search/api/v1/recommendedDocuments
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.com0d:
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.com:
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.com;d:
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.comP
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.comSd:
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.combd:
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.comcd:
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.comgd:
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.comhd:
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.comqd:
Source: EXCEL.EXE, 00000000.00000002.12443043055.0000023A5DCA7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileF
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://tellmeservice.osi.office.net/tellmeservice/api/suggestionsons
Source: EXCEL.EXE, 00000000.00000002.12449120821.0000023A605C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://templates.office.com/Search/results?ocid=oo_toc_client_app_MARVEL_UPS_templates_gopremiumLan
Source: EXCEL.EXE, 00000000.00000002.12439566568.0000023A50C38000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://templates.office.com/en-US/templates-for-Excel-470
Source: EXCEL.EXE, 00000000.00000002.12452978168.0000023A60B9F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://templates.office.com/templates-for-powerpoint?ocid=oo_toc_client_app_MARVEL_UPS_templates_go
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://templatesmetadata.office.net/
Source: EXCEL.EXE, 00000000.00000002.12445447353.0000023A60293000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/Insights/v2vice.svc/root/
Source: EXCEL.EXE, 00000000.00000002.12448535688.0000023A60530000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12445447353.0000023A60293000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: EXCEL.EXE, 00000000.00000002.12443043055.0000023A5DCA7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://voice.officeapps.live.com/CustomEndpointHandler.ashxligibilityChecks
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://voice.officeapps.live.com/coachrealtime.aspx
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://web.microsoftstream.com/video/
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://web.microsoftstream.com/video/X
Source: EXCEL.EXE, 00000000.00000002.12445447353.0000023A60293000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://webshell.suite.office.com
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://webshell.suite.office.come
Source: EXCEL.EXE, 00000000.00000002.12439566568.0000023A50DE4000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx&
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios/v1
Source: EXCEL.EXE, 00000000.00000002.12448535688.0000023A60530000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wordcs.officeapps.live.com/wordauto/wordautomation.svc/wordautomation
Source: EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wordcs.officeapps.live.com/wrdps/wordprint.svc/wrdprint
Source: EXCEL.EXE, 00000000.00000002.12440077509.0000023A50ECA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wus2.pagecontentsync.onenote.com/pagecontentsync/attachment/v1nc/attachment/v1rs
Source: EXCEL.EXE, 00000000.00000002.12449120821.0000023A60654000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: EXCEL.EXE, 00000000.00000002.12445772993.0000023A6035C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: EXCEL.EXE, 00000000.00000002.12445772993.0000023A6035C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.odwebp.svc.ms:
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.odwebp.svc.msmX
Source: EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.onenote.com/apipi
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.onenote.com/bulletinsns
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.onenote.com/noteses
Source: EXCEL.EXE, 00000000.00000002.12443814882.0000023A5DE3A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.onenote.com/onaugmentation/clipperDomEnhancer/v1.0/0/
Source: EXCEL.EXE, 00000000.00000002.12440077509.0000023A50ECA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.onenote.com/userinfo/v1/settings/IsFeatureEnabled/PremiumFeatureses2
Source: EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.onenote.com/wb/apipi
Source: EXCEL.EXE, 00000000.00000002.12458196652.0000023A6495F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.yammer.com

System Summary

barindex
Document contains an embedded macro with GUI obfuscation
Source: Reparto Trabajo TP4.xlsmStream path 'VBA/M\x243dulo1' : Found suspicious string scripting.filesystemobject in non macro stream
Source: Reparto Trabajo TP4.xlsmOLE, VBA macro line: Private Sub Workbook_Open()
Source: Reparto Trabajo TP4.xlsmOLE indicator, VBA macros: true
Source: WER.222f6948-1d30-4502-abe2-b0c11e096d50.tmp.xml.15.drOLE indicator, VBA macros: true
Source: ~DFDD5FC2BE9BA206A1.TMP.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: WER.222f6948-1d30-4502-abe2-b0c11e096d50.tmp.xml.15.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: ~DF396D13D8AA2691DE.TMP.24.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess token adjusted: SecurityJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7980 -s 3736
Source: classification engineClassification label: mal48.expl.evad.winXLSM@4/18@0/0
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\Desktop\~$Reparto Trabajo TP4.xlsmJump to behavior
Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7980
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{DD6F8B40-D578-4CDF-9B22-B18ECAC37B9C} - OProcSessId.datJump to behavior
Source: Reparto Trabajo TP4.xlsmOLE indicator, Workbook stream: true
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\WerFault.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\PayloadJump to behavior
Source: unknownProcess created: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7980 -s 3736
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7980 -s 4752
Source: unknownProcess created: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Reparto Trabajo TP4.xlsm"
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\CLSID\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Reparto Trabajo TP4.xlsmInitial sample: OLE zip file path = xl/worksheets/_rels/sheet2.xml.rels
Source: Reparto Trabajo TP4.xlsmInitial sample: OLE zip file path = xl/calcChain.xml
Source: Reparto Trabajo TP4.xlsmInitial sample: OLE zip file path = customXml/item3.xml
Source: Reparto Trabajo TP4.xlsmInitial sample: OLE zip file path = customXml/itemProps3.xml
Source: Reparto Trabajo TP4.xlsmInitial sample: OLE zip file path = docProps/custom.xml
Source: Reparto Trabajo TP4.xlsmInitial sample: OLE zip file path = customXml/itemProps2.xml
Source: Reparto Trabajo TP4.xlsmInitial sample: OLE zip file path = xl/tables/table1.xml
Source: Reparto Trabajo TP4.xlsmInitial sample: OLE zip file path = xl/tables/table2.xml
Source: Reparto Trabajo TP4.xlsmInitial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Reparto Trabajo TP4.xlsmInitial sample: OLE zip file path = customXml/_rels/item3.xml.rels
Source: Reparto Trabajo TP4.xlsmInitial sample: OLE zip file path = customXml/item2.xml
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEDirectory created: C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files\Microsoft Office\root\vfs\System\MSVCR100.dllJump to behavior
Source: ~DFDD5FC2BE9BA206A1.TMP.0.drInitial sample: OLE indicators vbamacros = False
Source: Amcache.hve.15.drBinary or memory string: bcdedit.exe|ac227fd116781fea
Source: Amcache.hve.15.drBinary or memory string: c:\windows\system32\bcdedit.exe
Source: Amcache.hve.15.drBinary or memory string: bcdedit.exe
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: Amcache.hve.15.drBinary or memory string: VMware, Inc.
Source: EXCEL.EXE, 00000000.00000002.12441843197.0000023A5DA1B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMWare, Inc.
Source: Amcache.hve.15.drBinary or memory string: VMware20,1
Source: EXCEL.EXE, 00000000.00000002.12441575460.0000023A5D91F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWf
Source: EXCEL.EXE, 00000000.00000002.12439374399.0000023A50A20000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Amcache.hve.15.drBinary or memory string: VMware-56 4d 5e b8 7f fe b2 05-05 05 26 a7 ed b4 36 80
Source: EXCEL.EXE, 00000000.00000002.12441864782.0000023A5DA39000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: QEMU?
Source: EXCEL.EXE, 00000000.00000002.12441420188.0000023A5D695000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-USn
Source: Amcache.hve.15.drBinary or memory string: VMware Virtual RAM
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformationJump to behavior
Source: Amcache.hve.15.drBinary or memory string: msmpeng.exe
Source: Amcache.hve.15.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.15.drBinary or memory string: MsMpEng.exe

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information12
Scripting		Valid Accounts1
Exploitation for Client Execution		1
Bootkit		1
Process Injection		3
Masquerading		OS Credential Dumping11
Security Software Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job12
Scripting		Boot or Logon Initialization Scripts1
Bootkit		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS2
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1583538 Sample: Reparto Trabajo TP4.xlsm Startdate: 03/01/2025 Architecture: WINDOWS Score: 48 17 Document contains an embedded macro with GUI obfuscation 2->17 19 Document exploit detected (process start blacklist hit) 2->19 6 EXCEL.EXE 504 63 2->6         started        9 EXCEL.EXE 16 58 2->9         started        process3 file4 15 C:\Users\user\...\~$Reparto Trabajo TP4.xlsm, data 6->15 dropped 11 WerFault.exe 1 13 6->11         started        13 WerFault.exe 2 6->13         started        process5

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Reparto Trabajo TP4.xlsm0%VirustotalBrowse
Reparto Trabajo TP4.xlsm0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://substrate.office.com%d:0%Avira URL Cloudsafe
https://d.docs.live.nett0%Avira URL Cloudsafe
https://autodiscover.uk/Autodiscover/Autodiscover.xml0%Avira URL Cloudsafe
https://officepyservice.office.net/V0%Avira URL Cloudsafe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios/v10%Avira URL Cloudsafe
https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectoryK0%Avira URL Cloudsafe
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFileFile0%Avira URL Cloudsafe
https://scripts.sil.org/OFL0%Avira URL Cloudsafe
https://sr.outlook.office.net/ws/speech/recognize/assistant/work260%Avira URL Cloudsafe
https://autodiscover.in/Autodiscover/Autodiscover.xml0%Avira URL Cloudsafe
https://autodiscover.it/Autodiscover/Autodiscover.xml0%Avira URL Cloudsafe
https://api.cortana.aiet0%Avira URL Cloudsafe
https://autodiscover.com.br/autodiscover/autodiscover.xml:0%Avira URL Cloudsafe
https://scripts.sil.org/OFL)0%Avira URL Cloudsafe
https://profile.live.com/cid-%s/d-%s/l0%Avira URL Cloudsafe
https://api.office.neton0%Avira URL Cloudsafe
http://dublincore.org/schemas/xmls/qdc/2003/04/02/dc.xsd0%Avira URL Cloudsafe
https://settings.outlook.com:0%Avira URL Cloudsafe
https://realtimesync.onenote.com/realtimechannel/v1.0/signalr/hubv1.0/signalr/hub0%Avira URL Cloudsafe
https://lifecycle.office.comEd:0%Avira URL Cloudsafe
https://substrate.office.comP0%Avira URL Cloudsafe
https://www.odwebp.svc.msmX0%Avira URL Cloudsafe
https://api.onedrive.comnd:0%Avira URL Cloudsafe
https://api.cortana.aidB0%Avira URL Cloudsafe
https://substrate.office.comhd:0%Avira URL Cloudsafe
https://api.diagnostics.office.com.com0%Avira URL Cloudsafe
https://api.diagnosticssdf.office.comm0%Avira URL Cloudsafe
http://sajatypeworks.comi0%Avira URL Cloudsafe
https://api.diagnosticssdf.office.comj0%Avira URL Cloudsafe
http://sajatypeworks.comk0%Avira URL Cloudsafe
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json00%Avira URL Cloudsafe
https://ncus.pagecontentsync.onenote.com/pagecontentsync/attachment/v1nc/attachment/v1s0%Avira URL Cloudsafe
https://profile.live.com/home/homesrf0%Avira URL Cloudsafe
https://autodiscover.com.cn/autodiscover/autodiscover.xml:0%Avira URL Cloudsafe
https://autodiscover.fr/Autodiscover/Autodiscover.xml40%Avira URL Cloudsafe
https://clients.config.office.netalog0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
fp2e7a.wpc.phicdn.net
192.229.221.95
truefalse
    		high

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://autodiscover.uk/Autodiscover/Autodiscover.xmlEXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://clients.config.office.net/user/v1.0/tenantassociationkeydllEXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpfalse
      		high
      https://shell.suite.office.com:1443EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpfalse
        		high
        https://designerapp.azurewebsites.netEXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpfalse
          		high
          https://api.microsoftstream.com/api/dEXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpfalse
            		high
            https://substrate.office.com%d:EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://login.windows.net/common/oauth2/authorizestsEXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpfalse
              		high
              https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectoryKEXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrEXCEL.EXE, 00000000.00000002.12448535688.0000023A60530000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12454083630.0000023A611A3000.00000004.00000001.00020000.00000000.sdmpfalse
                		high
                https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios/v1EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://cdn.entity.EXCEL.EXE, 00000000.00000002.12445447353.0000023A60293000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12445636380.0000023A602FD000.00000004.00000001.00020000.00000000.sdmpfalse
                  		high
                  https://d.docs.live.nettEXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://officepyservice.office.net/VEXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.fontbureau.com/designersEXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpfalse
                    		high
                    https://substrate.office.com/imageB2/v1.0/me/image/resize%28width%3D384%2Cheight%3D384%2CallowResizeEXCEL.EXE, 00000000.00000002.12452978168.0000023A60B9F000.00000004.00000001.00020000.00000000.sdmpfalse
                      		high
                      https://login.windows.net/common/oauth2/authorizeKeyEXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpfalse
                        		high
                        https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFileFileEXCEL.EXE, 00000000.00000002.12448535688.0000023A60530000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://www.onenote.com/wb/apipiEXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpfalse
                          		high
                          https://api.aadrm.com/EXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpfalse
                            		high
                            https://scripts.sil.org/OFLEXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://sr.outlook.office.net/ws/speech/recognize/assistant/work26EXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://autodiscover.in/Autodiscover/Autodiscover.xmlEXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.yammer.comEXCEL.EXE, 00000000.00000002.12458196652.0000023A6495F000.00000004.00000001.00020000.00000000.sdmpfalse
                              		high
                              https://autodiscover.it/Autodiscover/Autodiscover.xmlEXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://api.microsoftstream.com/api/EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpfalse
                                		high
                                https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveEXCEL.EXE, 00000000.00000002.12454083630.0000023A611A3000.00000004.00000001.00020000.00000000.sdmpfalse
                                  		high
                                  https://cr.office.comEXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpfalse
                                    		high
                                    https://login.windows.net/common/oauth2/authorizeedrdEXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpfalse
                                      		high
                                      https://autodiscover.com.br/autodiscover/autodiscover.xml:EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://cortana.ai/api$BEXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.galapagosdesign.com/DPleaseEXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpfalse
                                          		high
                                          https://otelrules.svc.static.microsoftEXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpfalse
                                            		high
                                            https://substrate.office.com/search/api/v1/SearchHistory/V1ntEXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpfalse
                                              		high
                                              https://api.cortana.aietEXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://edge.skype.com/registrar/prodEXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                		high
                                                https://login.windows.net/common/oauth2/authorizeembedEXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://dublincore.org/schemas/xmls/qdc/2003/04/02/dc.xsdEXCEL.EXE, 00000000.00000002.12461984815.0000023A6A212000.00000004.00000001.00020000.00000000.sdmp, EXCEL.EXE, 00000000.00000002.12454893707.0000023A62E70000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://officeci.azurewebsites.net/api/EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://my.microsoftpersonalcontent.comEXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://store.office.cn/addinstemplateEXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://edge.skype.com/rpsEXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://scripts.sil.org/OFL)EXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://storage.live.com/clientlogs/uploadlocationeckEXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://outlook.office365.com/HEXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://web.microsoftstream.com/video/EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://graph.windows.netEXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://realtimesync.onenote.com/realtimechannel/v1.0/signalr/hubv1.0/signalr/hubEXCEL.EXE, 00000000.00000002.12440077509.0000023A50ECA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://login.windows.net/common/oauth2/authorizeamingEXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://login.windows.net/common/oauth2/authorizenRTLEXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://contacts.msn.com/ABService/ABService.asmx.asmxEXCEL.EXE, 00000000.00000002.12445447353.0000023A60293000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://profile.live.com/cid-%s/d-%s/lEXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.carterandcone.comlEXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://autodiscover.in/autodiscover/autodiscover.xmlEXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://api.office.netonEXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://settings.outlook.com:EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://templates.office.com/en-US/templates-for-Excel-470EXCEL.EXE, 00000000.00000002.12439566568.0000023A50C38000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://learningtools.onenote.com/learningtoolsapi/v2.0/GetvoicesEXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.onenote.com/onaugmentation/clipperDomEnhancer/v1.0/0/EXCEL.EXE, 00000000.00000002.12443814882.0000023A5DE3A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonEXCEL.EXE, 00000000.00000002.12448535688.0000023A60530000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://notification.m365.svc.cloud.microsoft/PushNotifications.RegisterEXCEL.EXE, 00000000.00000002.12448535688.0000023A60530000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://d.docs.live.netEXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://onedrive.live.com/embed?JEXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://lifecycle.office.comEd:EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://www.odwebp.svc.msmXEXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://autodiscover.it/autodiscover/autodiscover.xmlEXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://api.onedrive.comnd:EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/EXCEL.EXE, 00000000.00000002.12445447353.0000023A60293000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://dev.virtualearth.net/REST/V1/GeospatialEndpoint//restYEXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://substrate.office.comPEXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosEXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://templates.office.com/templates-for-powerpoint?ocid=oo_toc_client_app_MARVEL_UPS_templates_goEXCEL.EXE, 00000000.00000002.12452978168.0000023A60B9F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlEXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://mss.office.comEXCEL.EXE, 00000000.00000002.12458196652.0000023A6495F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://pushchannel.1drv.msEXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://api.diagnostics.office.com.comEXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://login.windows.net/common/oauth2/authorizeneEXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://login.windows.net/common/oauth2/authorizelvupdiEXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://substrate.office.comhd:EXCEL.EXE, 00000000.00000002.12457981713.0000023A647EF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://api.cortana.aidBEXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://api.diagnosticssdf.office.commEXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://sajatypeworks.comiEXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://api.diagnosticssdf.office.comjEXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://sajatypeworks.comkEXCEL.EXE, 00000000.00000002.12444272798.0000023A5DE92000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://storage.live.com/clientlogs/uploadlocationhme1EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://ncus.pagecontentsync.onenote.com/pagecontentsync/attachment/v1nc/attachment/v1sEXCEL.EXE, 00000000.00000002.12440077509.0000023A50ECA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://clients.config.office.net/user/v1.0/android/policiesEXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://schemas.microEXCEL.EXE, 00000000.00000002.12440674652.0000023A5C8A0000.00000002.00000001.00040000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.jsonEXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json0EXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      https://api.onedrive.com/v1.0/v1.0EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://storage.live.com/clientlogs/uploadlocationEXCEL.EXE, 00000000.00000002.12454083630.0000023A611A3000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://login.microsoftonline.comEXCEL.EXE, 00000000.00000002.12452401689.0000023A60A2F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://profile.live.com/home/homesrfEXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://substrate.office.com/search/api/v1/SearchHistoryEXCEL.EXE, 00000000.00000002.12458028993.0000023A64860000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://login.windows.net/common/oauth2/authorize9EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://autodiscover.com.cn/autodiscover/autodiscover.xml:EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                https://autodiscover.fr/Autodiscover/Autodiscover.xml4EXCEL.EXE, 00000000.00000002.12442715270.0000023A5DC2B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                https://forms.office.com/formapi/api/EXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://clients.config.office.netalogEXCEL.EXE, 00000000.00000002.12453475385.0000023A60EFB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  https://clients.config.office.net/c2r/v1.0/InteractiveInstallationEXCEL.EXE, 00000000.00000002.12452401689.0000023A609AC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                    		high

                                                                                                                                    World Map of Contacted IPs

                                                                                                                                    No contacted IP infos

                                                                                                                                    General Information

                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                    Analysis ID:1583538
                                                                                                                                    Start date and time:2025-01-03 00:59:14 +01:00
                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                    Overall analysis duration:0h 6m 6s
                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                    Report type:full
                                                                                                                                    Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                    Analysis system description:Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
                                                                                                                                    Run name:Potential for more IOCs and behavior
                                                                                                                                    Number of analysed new started processes analysed:26
                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                    Technologies:
                                                                                                                                    • HCA enabled
                                                                                                                                    • EGA enabled
                                                                                                                                    • AMSI enabled
                                                                                                                                    Analysis Mode:default
                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                    Sample name:Reparto Trabajo TP4.xlsm
                                                                                                                                    Detection:MAL
                                                                                                                                    Classification:mal48.expl.evad.winXLSM@4/18@0/0
                                                                                                                                    EGA Information:Failed
                                                                                                                                    HCA Information:Failed
                                                                                                                                    Cookbook Comments:
                                                                                                                                    • Found application associated with file extension: .xlsm
                                                                                                                                    • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                    • Attach to Office via COM
                                                                                                                                    • Active Button Object
                                                                                                                                    • Close Viewer

                                                                                                                                    Warnings

                                                                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, sppsvc.exe, BackgroundTransferHost.exe, WerFault.exe, SIHClient.exe, appidcertstorecheck.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                    • Excluded IPs from analysis (whitelisted): 204.79.197.203, 52.109.28.46, 52.109.28.47, 52.113.194.132, 52.109.89.119, 52.168.117.174, 95.100.110.77, 95.100.110.74, 20.189.173.21, 52.109.76.240, 20.189.173.13, 23.56.254.164, 40.126.32.136, 4.175.87.197, 20.103.156.88
                                                                                                                                    • Excluded domains from analysis (whitelisted): odc.officeapps.live.com, slscr.update.microsoft.com, oneocsp-microsoft-com.a-0003.a-msedge.net, oneocsp.microsoft.com, mobile.events.data.microsoft.com, osiprod-weu-bronze-azsc-000.westeurope.cloudapp.azure.com, ocsp.digicert.com, login.live.com, officeclient.microsoft.com, ecs.office.com, e40491.dscg.akamaiedge.net, fs.microsoft.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, x1.c.lencr.org, uks-azsc-000.roaming.officeapps.live.com, watson.events.data.microsoft.com, res-prod.trafficmanager.net, owamail.public.cdn.office.net.edgekey.net, onedscolprdwus12.westus.cloudapp.azure.com, s-0005.s-msedge.net, owamail.public.cdn.office.net.edgekey.net.globalredir.akadns.net, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net, mobile.events.data.trafficmanager.net, chrome.cloudflare-dns.com, europe.odcsm1.live.com.akadns.net, eur.roaming1.live.com.akadns.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, ocsp.edge.dig
                                                                                                                                    • Execution Graph export aborted for target EXCEL.EXE, PID 7980 because there are no executed function
                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                    • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                    • Report size getting too big, too many NtSetValueKey calls found.

                                                                                                                                    Simulations

                                                                                                                                    Behavior and APIs

                                                                                                                                    TimeTypeDescription
                                                                                                                                    19:01:09API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                    IPs

                                                                                                                                    No context

                                                                                                                                    Domains

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                    fp2e7a.wpc.phicdn.netEwpsQzeky5.msiGet hashmaliciousUnknownBrowse
                                                                                                                                    • 192.229.221.95
                                                                                                                                    https://gldkzr-lpqw.buzz/script/ut.js?cb%5C=1735764124690Get hashmaliciousUnknownBrowse
                                                                                                                                    • 192.229.221.95
                                                                                                                                    hcxmivKYfL.exeGet hashmaliciousRedLineBrowse
                                                                                                                                    • 192.229.221.95
                                                                                                                                    Bo6uO5gKL4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    • 192.229.221.95
                                                                                                                                    vEtDFkAZjO.exeGet hashmaliciousRL STEALER, StormKittyBrowse
                                                                                                                                    • 192.229.221.95
                                                                                                                                    BEncode Editor.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    • 192.229.221.95
                                                                                                                                    valyzt.msiGet hashmaliciousXRedBrowse
                                                                                                                                    • 192.229.221.95
                                                                                                                                    docx.msiGet hashmaliciousXRedBrowse
                                                                                                                                    • 192.229.221.95
                                                                                                                                    SecuredOnedrive.ClientSetup.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                    • 192.229.221.95
                                                                                                                                    dsoft.exeGet hashmaliciousPython Stealer, Creal StealerBrowse
                                                                                                                                    • 192.229.221.95

                                                                                                                                    ASNs

                                                                                                                                    No context

                                                                                                                                    JA3 Fingerprints

                                                                                                                                    No context

                                                                                                                                    Dropped Files

                                                                                                                                    No context

                                                                                                                                    Created / dropped Files

                                                                                                                                    C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):118
                                                                                                                                    Entropy (8bit):3.5700810731231707
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                                                                                    MD5:573220372DA4ED487441611079B623CD
                                                                                                                                    SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                                                                                    SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                                                                                    SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                                                                                    Malicious:false
                                                                                                                                    Reputation:high, very likely benign file
                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_EXCEL.EXE_473ff77ee5affcd975e72e7bbc2589029b995b0_e573ab31_5e6d8859-7dde-4e9a-a20c-adf350efd07d\Report.wer

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\WerFault.exe
                                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with very long lines (2251), with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):65536
                                                                                                                                    Entropy (8bit):2.2130355844441234
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:jUik/cjMRTjd82TziRkScnArmqBGAOJ7UKGWauu7FN14lrJVXB:j6cgRTjXTk4c5uu7FN14lrb
                                                                                                                                    MD5:680494322C5AD62905087FD56C3328EA
                                                                                                                                    SHA1:60EA97029E327343850C44BC833B1531358BA5C0
                                                                                                                                    SHA-256:E03F9F74CE914A9B22C55D1BE75D14DE7590BDFA86FDBF08C3DE731F72F52810
                                                                                                                                    SHA-512:3FC35C72F2B7B72B470BCB1F41EEF4EEF9413DF16CDB8685498BF5E064CC664CD2BF12B41464CEB06F1DEA6E60B07C69C08BDC3D33BFFEE7B846853CAFD82CC7
                                                                                                                                    Malicious:false
                                                                                                                                    Reputation:low
                                                                                                                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.3.3.6.0.6.5.0.2.8.8.7.8.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.3.3.6.0.6.6.4.8.2.0.0.2.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.e.6.d.8.8.5.9.-.7.d.d.e.-.4.e.9.a.-.a.2.0.c.-.a.d.f.3.5.0.e.f.d.0.7.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.2.4.1.d.0.3.0.-.f.2.1.3.-.4.2.2.9.-.a.6.1.9.-.b.a.d.0.6.d.6.c.0.5.c.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.E.X.C.E.L...E.X.E.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.E.x.c.e.l...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.f.2.c.-.0.0.0.1.-.0.0.0.e.-.e.c.8.3.-.c.4.7.1.7.2.5.d.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.d.b.b.d.9.0.a.1.4.9.4.1.1.7.6.3.b.a.1.3.8.d.d.c.2.f.1.7.3.1.b.7.0.0.0.0.f.f.f.f.!.0.0.0.0.a.7.0.e.2.2.5.e.4.c.d.2.c.1.5.3.7.8.4.d.0.8.8.a.6.2.f.e.6.5.d.9.9.2.1.2.8.4.e.a.!.E.X.C.E.L...E.X.E.....T.a.r.g.e.t.A.

                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER.222f6948-1d30-4502-abe2-b0c11e096d50.tmp.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\WerFault.exe
                                                                                                                                    File Type:XML 1.0 document, ASCII text, with very long lines (2272), with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):7849
                                                                                                                                    Entropy (8bit):4.884842094132343
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:uIWqy64+VM1HyL3/g9eT8OpByO7MsKVDk9cadsfponVoyjkRQ:RXf5VDkRQ
                                                                                                                                    MD5:28B2CF83BA5111FCB865E00100394343
                                                                                                                                    SHA1:81D06434BF1D796B4BDA564178DDA51C3411DB7B
                                                                                                                                    SHA-256:4BAF8699C18A47760904A3546D77E8158EA3FE28832E951C87BF99EE05324288
                                                                                                                                    SHA-512:48CE43C2700B51C27DDE6BC261DCD5B144CB2BDA242B397C2DC6E35931E2AA35649104FC0BE9A7016426605A6B6A50F14F55C9F4EC86A0DCA93FC7C6BDD7256E
                                                                                                                                    Malicious:false
                                                                                                                                    Reputation:low
                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="22631" />.. <arg nm="vercsdbld" val="4169" />.. <arg nm="verqfe" val="4169" />.. <arg nm="csdbld" val="4169" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="34910" />.. <arg nm="osinsty" val="2" />.. <arg nm="iever" val="11.1.22621.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096"

                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER.3f7b1b76-c899-4a27-b19b-cd6fb308975b.tmp.dmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\WerFault.exe
                                                                                                                                    File Type:Mini DuMP crash report, 17 streams, Fri Jan 3 00:01:05 2025, 0x1205a4 type
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):530302
                                                                                                                                    Entropy (8bit):1.8381751877950483
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:tTrY8MNdugQS1yQcv8KfTQoLHGje01y+lgYQWUwuhi4Zt5i0FR1ZL:tTrYNdZE3fTQoLHGje01y+OYQV/FV
                                                                                                                                    MD5:01FB3CB03F6C1E33959684660F6F833C
                                                                                                                                    SHA1:AABA21C4D8C1EF3E102915E85E9E6772968607AE
                                                                                                                                    SHA-256:067D0A8F1CB875577FFE27ECEF620AC14B2ACAC7D2913C70D67237FB86448CCE
                                                                                                                                    SHA-512:072D372A73E9C8AB307FE047634214BCFFB97867ADD0C61994DC6AAA313B487B67A0C065AF8A248D4D7977F9F8ABF1BAACD4F973156DCD6F3D47B0DB42E53599
                                                                                                                                    Malicious:false
                                                                                                                                    Reputation:low
                                                                                                                                    Preview:MDMP..]..... ........(wg............t... .......xF...............S......@....S..........2...........x.......8...........T...$...........f*...........c...........e..........xf..............................................................................gX.......f......Lw...............*.Z....T.......,....(wg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................2.2.6.2.1...1...a.m.d.6.4.f.r.e...n.i._.r.e.l.e.a.s.e...2.2.0.5.0.6.-.1.2.5.0...............................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER.b7b22293-ed26-4ada-b27c-a465350257a9.tmp.WERInternalMetadata.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\WerFault.exe
                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (380), with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):13296
                                                                                                                                    Entropy (8bit):3.7627865975821133
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:RHlnNzawaMKxaMYIMINiaMYIMINca43I3M6YnV3bQgmf8yPXBhGx0fy:RHlNKYIMIN7IMIND3K3bwpE
                                                                                                                                    MD5:E6145059B941155F904A29C9206675EB
                                                                                                                                    SHA1:C08D729D39A0E566A04F00BBA34D90647BC90B06
                                                                                                                                    SHA-256:F9B2290313527D24C930BAE1A30769D7E2D2A331DD0BB9A0938E5C48D1A15AD8
                                                                                                                                    SHA-512:5BB3BB166067DC085FB19B402E2BA6F1C3A807677E4F2095E0416B6612FFF41BA57703B9F57B30C198C74888EC0D66264D62CA4D7FAFA9D279C9C6FF306A2078
                                                                                                                                    Malicious:false
                                                                                                                                    Reputation:low
                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.2.2.6.3.1.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.2.2.6.2.1...4.1.6.9...a.m.d.6.4.f.r.e...n.i._.r.e.l.e.a.s.e...2.2.0.5.0.6.-.1.2.5.0.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.4.1.6.9.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.........<.B.u.i.l.d.L.a.y.e.r.s.>...........<.B.u.i.l.d.L.a.y.e.r. .L.a.y.e.r.N.a.m.e.=.".2.2.6.2.1...1...a.m.d.6.4.f.r.e...n.i._.r.

                                                                                                                                    C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Additional\Additional1735862406476074700_DD6F8B40-D578-4CDF-9B22-B18ECAC37B9C.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):20971520
                                                                                                                                    Entropy (8bit):8.112143835430977E-5
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Tuekk9NJtHFfs1XsExe/t:qeVJ8
                                                                                                                                    MD5:AFDEAC461EEC32D754D8E6017E845D21
                                                                                                                                    SHA1:5D0874C19B70638A0737696AEEE55BFCC80D7ED8
                                                                                                                                    SHA-256:3A96B02F6A09F6A6FAC2A44A5842FF9AEB17EB4D633E48ABF6ADDF6FB447C7E2
                                                                                                                                    SHA-512:CAB6B8F9FFDBD80210F42219BAC8F1124D6C0B6995C5128995F7F48CED8EF0F2159EA06A2CD09B1FDCD409719F94A7DB437C708D3B1FDA01FDC80141A4595FC7
                                                                                                                                    Malicious:false
                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                    Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Additional\Additional1735862406476489500_DD6F8B40-D578-4CDF-9B22-B18ECAC37B9C.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):20971520
                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3::
                                                                                                                                    MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                                                                                                    SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                                                                                                    SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                                                                                                    SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Additional\Additional1735862494705798100_071CC7FF-DEE2-418B-9A63-5F950B920D5D.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):20971520
                                                                                                                                    Entropy (8bit):8.112143835430977E-5
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Tuekk9NJtHFfs1XsExe/t:qeVJ8
                                                                                                                                    MD5:AFDEAC461EEC32D754D8E6017E845D21
                                                                                                                                    SHA1:5D0874C19B70638A0737696AEEE55BFCC80D7ED8
                                                                                                                                    SHA-256:3A96B02F6A09F6A6FAC2A44A5842FF9AEB17EB4D633E48ABF6ADDF6FB447C7E2
                                                                                                                                    SHA-512:CAB6B8F9FFDBD80210F42219BAC8F1124D6C0B6995C5128995F7F48CED8EF0F2159EA06A2CD09B1FDCD409719F94A7DB437C708D3B1FDA01FDC80141A4595FC7
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Additional\Additional1735862494706075500_071CC7FF-DEE2-418B-9A63-5F950B920D5D.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):20971520
                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3::
                                                                                                                                    MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                                                                                                    SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                                                                                                    SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                                                                                                    SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Primary1735862406471841700_DD6F8B40-D578-4CDF-9B22-B18ECAC37B9C.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                    File Type:ASCII text, with very long lines (28528), with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):20971520
                                                                                                                                    Entropy (8bit):0.1753008626166452
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:mTxn2V8UvhndjoPj+l8hMj9oGXvDTeohlO6gM711YGlLAGfEmJ6u1BE5WHXKnboO:obUvPjo6wwoGrw+i9cFyH1
                                                                                                                                    MD5:7BA096B70B7BEC1A825406D64300642A
                                                                                                                                    SHA1:A729F77E64D4C5F19F1B73B12E5FE76B9415DD4D
                                                                                                                                    SHA-256:56A756CD122CF197B0344797E6D304DC601557CAB49ACD676F073BDA8EF1F45F
                                                                                                                                    SHA-512:9308B0C26DC286B4FA112F88C2FFA3208B353FCA355A1480B3B648A559A4A82E1E8DB9BC398158E606FD1DD5721D2873910304B947A9B538AA0A3447FD8170EC
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..01/03/2025 00:00:06.488.EXCEL (0x1F2C).0x1F28.Microsoft Excel.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":25,"Time":"2025-01-03T00:00:06.488Z","Contract":"Office.System.Activity","Activity.CV":"QItv3XjV30ybIrGOysN7nA.1.11","Activity.Duration":13,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...01/03/2025 00:00:06.488.EXCEL (0x1F2C).0x1F28.Microsoft Excel.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":26,"Time":"2025-01-03T00:00:06.488Z","Contract":"Office.System.Activity","Activity.CV":"QItv3XjV30ybIrGOysN7nA.1.12","Activity.Duration":7,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.

                                                                                                                                    C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Primary1735862406473301800_DD6F8B40-D578-4CDF-9B22-B18ECAC37B9C.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):20971520
                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3::
                                                                                                                                    MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                                                                                                    SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                                                                                                    SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                                                                                                    SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Primary1735862494704102300_071CC7FF-DEE2-418B-9A63-5F950B920D5D.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                    File Type:ASCII text, with very long lines (28885), with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):20971520
                                                                                                                                    Entropy (8bit):0.20622061569988626
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:
                                                                                                                                    MD5:6389981D1D47EB4CCD13CF42CE999519
                                                                                                                                    SHA1:EF82B9D15FD2727B14D76EF23D69D16FF7468B20
                                                                                                                                    SHA-256:D935FB221CBAB239A9974E6CA1D1FC249E7019ABF5B1EDD74B9C55F838401FB5
                                                                                                                                    SHA-512:500EF719BDC3CC68A1DFA59AB7D17986822F0C7F3FA9AE699B79D25BCC598866532960CC860538651A8526EED7266AAE6E147C7B1A4089333DF54BD2A115B699
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..01/03/2025 00:01:34.716.EXCEL (0x1918).0x1D50.Microsoft Excel.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Experimentation.FeatureQueryBatched","Flags":33777005812056321,"InternalSequenceNumber":18,"Time":"2025-01-03T00:01:34.716Z","Data.Sequence":0,"Data.Count":128,"Data.Features":"[ { \"ID\" : 1, \"N\" : \"Microsoft.Office.Telemetry.TrackCPSWrites\", \"V\" : false, \"S\" : 1, \"P\" : 0, \"T\" : \"2025-01-03T00:01:34.5451104Z\", \"C\" : \"33\", \"Q\" : 0.0, \"M\" : 0, \"F\" : 5 }, { \"ID\" : 1, \"N\" : \"Microsoft.Office.Telemetry.CPSMaxWrites\", \"V\" : 2, \"S\" : 1, \"P\" : 0, \"T\" : \"2025-01-03T00:01:34.5451104Z\", \"C\" : \"33\", \"Q\" : 0.0, \"M\" : 0, \"F\" : 5 }, { \"ID\" : 1, \"N\" : \"Microsoft.Office.Word.UAEOnSafeModeEnabled\", \"V\" : true, \"S\" : 1, \"P\" : 0, \"T\" : \"2025-01-03T00:01:34.5451104Z\", \"C\" : \"\", \"Q\" : 6.0, \"M\" : 0, \"F\" : 5, \"G\" : \"Opt\" }, { \"ID\" : 1, \"

                                                                                                                                    C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Primary1735862494704459100_071CC7FF-DEE2-418B-9A63-5F950B920D5D.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):20971520
                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:
                                                                                                                                    MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                                                                                                    SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                                                                                                    SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                                                                                                    SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\Excel8.0\MSForms.exd

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):230700
                                                                                                                                    Entropy (8bit):4.31400869628903
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:
                                                                                                                                    MD5:9B4C89FCB2F483B1D324B32518C955FE
                                                                                                                                    SHA1:072529380167AEE489E80C3446FAC9C0B8219E9E
                                                                                                                                    SHA-256:2FFFD2EB8F654327592AB24F7AFCAE5B90B178A44DC7682A6A80CF480632D884
                                                                                                                                    SHA-512:11A2D7001AE818219BA463A3AC782606C3F040214026F1F329168E62FE2936F56DFE19D809C3A305EC62C05614B0052FA66C76E25DEC11EC51EB630357708A68
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MSFT................Q................................%......$....... ...................d.......,...........X....... ...........L...........x.......@...........l.......4...........`.......(...........T...................H...........t.......<...........h.......0...........\.......$...........P...........|.......D...........p.......8...........d.......,...........X....... ...........L...........x.......@........ ..l ... ..4!...!...!..`"..."..(#...#...#..T$...$...%...%...%..H&...&...'..t'...'..<(...(...)..h)...)..0*...*...*..\+...+..$,...,...,..P-...-......|.......D/.../...0..p0...0..81...1...2..d2...2..,3...3...3..X4...4.. 5...5...5..L6...6...7..x7...7..@8...8...9..l9...9..4:...:...:..`;...;..(<...<...<..T=...=...>...>...>..H?...?...@..t@...@..<A...A...B..hB.......B..........L_...............r..4...........LX...............F..............<G...............s...............u..lL..............T...............P...........................(.......................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\~DF396D13D8AA2691DE.TMP

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):49152
                                                                                                                                    Entropy (8bit):3.886963069188002
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:
                                                                                                                                    MD5:92980713C712C69F6717BEDD033F575D
                                                                                                                                    SHA1:4D48C2602876C96A6803414DDC04BAC1A5F87F1A
                                                                                                                                    SHA-256:FB71A52F6841B1774D1F4D158EA0BD1B26D2733120C7F62379A0F63785416BD4
                                                                                                                                    SHA-512:18DBF2DA4976C7C22D5DC7AC429842C7592B02EE5D7A943242EA6F9F0C93B0DA7D05DC8CB2F8930C4C01F771470DE9602CDE65559F7C8D97ADD1525F9808C64B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\~DFDD5FC2BE9BA206A1.TMP

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):49152
                                                                                                                                    Entropy (8bit):3.886963069188002
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:
                                                                                                                                    MD5:92980713C712C69F6717BEDD033F575D
                                                                                                                                    SHA1:4D48C2602876C96A6803414DDC04BAC1A5F87F1A
                                                                                                                                    SHA-256:FB71A52F6841B1774D1F4D158EA0BD1B26D2733120C7F62379A0F63785416BD4
                                                                                                                                    SHA-512:18DBF2DA4976C7C22D5DC7AC429842C7592B02EE5D7A943242EA6F9F0C93B0DA7D05DC8CB2F8930C4C01F771470DE9602CDE65559F7C8D97ADD1525F9808C64B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\~$Reparto Trabajo TP4.xlsm

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):165
                                                                                                                                    Entropy (8bit):1.4134958568691696
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:
                                                                                                                                    MD5:8B6F49EF043D1AF562C216108A13E0F2
                                                                                                                                    SHA1:0106337F6D46E83B30CA7C1563C3FC3AF4209AF3
                                                                                                                                    SHA-256:C80D5433620A06CF252C9489F9A46BA091A5DAA239AAC3A98DB918627DEFF314
                                                                                                                                    SHA-512:241592FDA43D686AF92D22B2B451C51E70B742A5C33FA94307613155906396A53501E05719DD568C3D3C8088B95B83D7E98393B3692EB4B01907FE8BD927E896
                                                                                                                                    Malicious:true
                                                                                                                                    Preview:.user ..M.a.o.g.a. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                    C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\WerFault.exe
                                                                                                                                    File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):786432
                                                                                                                                    Entropy (8bit):3.52037923942097
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:
                                                                                                                                    MD5:72C2A97E8C35D786B7222E3A1599218A
                                                                                                                                    SHA1:016486C8F81AC52C1234A7E31CD1FBADFD1BED34
                                                                                                                                    SHA-256:3324B11C3AE8197F6D2D90D8CE844E2E1553CD0A2F2F65E4680FEEBECF26BBC7
                                                                                                                                    SHA-512:B06040EF014DED27DC4AC3EE63D8B3599C1F12DAB359F2A7E1F80624919B74F5BB0C1497805E1B68FAF928263CE80C8B41AAD68E498B4A3CFFF2FAB67253880B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:regfn...n...w.k.eJ.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e......X.......n......X.......n..........X.......n...rmtm.z.r]..............................................................................................................................................................................................................................................................................................................................................'z..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    Static File Info

                                                                                                                                    General

                                                                                                                                    File type:Microsoft Excel 2007+
                                                                                                                                    Entropy (8bit):7.818470424957574
                                                                                                                                    TrID:
                                                                                                                                    • Excel Microsoft Office Open XML Format document with Macro (52504/1) 54.97%
                                                                                                                                    • Excel Microsoft Office Open XML Format document (35004/1) 36.65%
                                                                                                                                    • ZIP compressed archive (8000/1) 8.38%
                                                                                                                                    File name:Reparto Trabajo TP4.xlsm
                                                                                                                                    File size:163'492 bytes
                                                                                                                                    MD5:290563ecab13a6d4b23a554013729212
                                                                                                                                    SHA1:d344139cc411390e19ee140113afbb788f7a634c
                                                                                                                                    SHA256:f76ae809d4692f0a92a0ea5b83284e4b230f7241895870caac93aad3465c9288
                                                                                                                                    SHA512:a08c6ac80ba7cc6a3339faa1e6973a9dc539598b547bf7c94d920d193cbd0cd5cef74ad73ffcd0278ee73706d60fc3c683771630498ab139ab192a2a9ed8bc66
                                                                                                                                    SSDEEP:3072:N+HRml1BarWinpwcNVDUQmw34ohHfpdc2CpK+LJTfY:N9lvw34MH3dCM+LJLY
                                                                                                                                    TLSH:B1F3C0DB684DFDA6CC9726FB035D01D9681ACCC39EC3A32CB8E1656850F794EB09158E
                                                                                                                                    File Content Preview:PK..........!..L7.6...].......[Content_Types].xml ...(.........................................................................................................................................................................................................

                                                                                                                                    File Icon

                                                                                                                                    Icon Hash:1d356664a4a09519

                                                                                                                                    Static OLE Info

                                                                                                                                    General

                                                                                                                                    Document Type:OpenXML
                                                                                                                                    Number of OLE Files:1

                                                                                                                                    OLE File "Reparto Trabajo TP4.xlsm"

                                                                                                                                    Indicators
                                                                                                                                    Has Summary Info:
                                                                                                                                    Application Name:
                                                                                                                                    Encrypted Document:False
                                                                                                                                    Contains Word Document Stream:False
                                                                                                                                    Contains Workbook/Book Stream:True
                                                                                                                                    Contains PowerPoint Document Stream:False
                                                                                                                                    Contains Visio Document Stream:False
                                                                                                                                    Contains ObjectPool Stream:False
                                                                                                                                    Flash Objects Count:0
                                                                                                                                    Contains VBA Macros:True
                                                                                                                                    Summary
                                                                                                                                    Title:
                                                                                                                                    Subject:
                                                                                                                                    Author:German Alberto Benavides Acevedo
                                                                                                                                    Keywords:
                                                                                                                                    Last Saved By:Fabio Andres Alarcon Echeverry
                                                                                                                                    Revion Number:
                                                                                                                                    Create Time:2023-08-01T12:08:11Z
                                                                                                                                    Last Saved Time:2025-01-02T19:33:21Z
                                                                                                                                    Creating Application:Microsoft Excel
                                                                                                                                    Security:0
                                                                                                                                    Document Summary
                                                                                                                                    Thumbnail Scaling Desired:false
                                                                                                                                    Company:
                                                                                                                                    Contains Dirty Links:false
                                                                                                                                    Shared Document:false
                                                                                                                                    Changed Hyperlinks:false
                                                                                                                                    Application Version:16.0300

                                                                                                                                    Streams with VBA

                                                                                                                                    VBA File Name: Hoja1, Stream Size: 3290
                                                                                                                                    General
                                                                                                                                    Stream Path:VBA/Hoja1
                                                                                                                                    VBA File Name:Hoja1
                                                                                                                                    Stream Size:3290
                                                                                                                                    Data ASCII:. . . . . . . . . P . . . . . . . f . . . . . . . . . . . . . . . . . . . . . . i . . c . . . . . . . . . . . . . . . . . . . . O g 9 = L { E . . . . . . . . . . . . . . F . . . . . . . . . . . . . . . . . . . . b 9 . B r . - . . . . . . . . . . . . . . . . . . . . . . x . . . . . * . b t n E j e c u t a r , 5 6 , 0 , M S F o r m s , C o m m a n d B u t t o n . b 9 . B r . - O g 9 = L { E . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . P . . . . . [ L . . . . S . . . . . S . . . .
                                                                                                                                    Data Raw:01 16 03 00 06 2e 01 00 00 50 08 00 00 12 01 00 00 66 02 00 00 ec 08 00 00 06 09 00 00 1a 0b 00 00 01 00 00 00 01 00 00 00 f3 b0 83 69 00 00 ff ff 63 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 80 00 ff ff 00 00 4f 67 39 f9 88 d6 3d 4c a3 7b a1 45 a5 e9 b6 a3 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                    VBA Code
                                                                                                                                    Attribute VB_Name = "Hoja1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Attribute VB_Control = "btnEjecutar, 56, 0, MSForms, CommandButton"
Option Explicit

Private Sub btnEjecutar_Click()
GenerarSorteo
If Range("S21").Value > 0 Then
    btnEjecutar.Enabled = False
    CreaArchivo
End If
End Sub


Private Sub Worksheet_Activate()

If Range("S21").Value = 0 Then btnEjecutar.Enabled = True

End Sub

Private Sub Worksheet_Change(ByVal Target As Range)
If Range("S21").Value = 0 Then btnEjecutar.Enabled = True
End Sub

                                                                                                                                    VBA File Name: Hoja2, Stream Size: 1050
                                                                                                                                    General
                                                                                                                                    Stream Path:VBA/Hoja2
                                                                                                                                    VBA File Name:Hoja2
                                                                                                                                    Stream Size:1050
                                                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . U . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 .
                                                                                                                                    Data Raw:01 16 03 00 01 f0 00 00 00 da 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff e1 02 00 00 55 03 00 00 00 00 00 00 01 00 00 00 f3 b0 e6 ca 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                    VBA Code
                                                                                                                                    Attribute VB_Name = "Hoja2"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Option Explicit

                                                                                                                                    VBA File Name: ThisWorkbook, Stream Size: 1741
                                                                                                                                    General
                                                                                                                                    Stream Path:VBA/ThisWorkbook
                                                                                                                                    VBA File Name:ThisWorkbook
                                                                                                                                    Stream Size:1741
                                                                                                                                    Data ASCII:. . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . p . . . d J ) . \\ % . . . . . . . . . . . . . . F . . . . . . . . . . . . . . . . . . . . . . . . d N . 8 ' f . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . d N . 8 ' f d J ) . \\ % . . . . M E . . . . . . . . . . . . . . . . . . . . . ( . P . . . . . S L . . . . S . . . . . S . . . . 6 " . . . . . . . . . . < 0 . . . . . . < 8 . . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0
                                                                                                                                    Data Raw:01 16 03 00 06 00 01 00 00 92 04 00 00 e4 00 00 00 38 02 00 00 e7 04 00 00 f5 04 00 00 c9 05 00 00 00 00 00 00 01 00 00 00 f3 b0 1a 14 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 70 00 ff ff 00 00 84 b6 d2 64 fb c9 d9 4a 88 8d 29 0d 5c bd b6 25 19 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                    VBA Code
                                                                                                                                    Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Option Explicit

Private Sub Workbook_Open()
    
    RestableceFormato

End Sub

                                                                                                                                    Streams

                                                                                                                                    Stream Path: PROJECT, File Type: ISO-8859 text, with CRLF line terminators, Stream Size: 665
                                                                                                                                    General
                                                                                                                                    Stream Path:PROJECT
                                                                                                                                    CLSID:
                                                                                                                                    File Type:ISO-8859 text, with CRLF line terminators
                                                                                                                                    Stream Size:665
                                                                                                                                    Entropy:5.103704962464626
                                                                                                                                    Base64 Encoded:True
                                                                                                                                    Data ASCII:I D = " { 0 0 0 0 0 0 0 0 - 0 0 0 0 - 0 0 0 0 - 0 0 0 0 - 0 0 0 0 0 0 0 0 0 0 0 0 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = H o j a 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = H o j a 2 / & H 0 0 0 0 0 0 0 0 . . M o d u l e = M d u l o 1 . . H e l p F i l e = " " . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " F 8 F A 5 4 A 2 5 8 A 2 5 8 A 7 5 D A
                                                                                                                                    Data Raw:49 44 3d 22 7b 30 30 30 30 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 30 30 30 30 30 30 30 30 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 48 6f 6a 61 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 48 6f 6a 61 32 2f 26 48 30 30 30 30 30
                                                                                                                                    Stream Path: PROJECTwm, File Type: data, Stream Size: 101
                                                                                                                                    General
                                                                                                                                    Stream Path:PROJECTwm
                                                                                                                                    CLSID:
                                                                                                                                    File Type:data
                                                                                                                                    Stream Size:101
                                                                                                                                    Entropy:3.268618072248388
                                                                                                                                    Base64 Encoded:False
                                                                                                                                    Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . H o j a 1 . H . o . j . a . 1 . . . H o j a 2 . H . o . j . a . 2 . . . M d u l o 1 . M . . d . u . l . o . 1 . . . . .
                                                                                                                                    Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 48 6f 6a 61 31 00 48 00 6f 00 6a 00 61 00 31 00 00 00 48 6f 6a 61 32 00 48 00 6f 00 6a 00 61 00 32 00 00 00 4d f3 64 75 6c 6f 31 00 4d 00 f3 00 64 00 75 00 6c 00 6f 00 31 00 00 00 00 00
                                                                                                                                    Stream Path: VBA/M\x243dulo1, File Type: data, Stream Size: 10795
                                                                                                                                    General
                                                                                                                                    Stream Path:VBA/M\x243dulo1
                                                                                                                                    CLSID:
                                                                                                                                    File Type:data
                                                                                                                                    Stream Size:10795
                                                                                                                                    Entropy:5.161483883882513
                                                                                                                                    Base64 Encoded:True
                                                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . H . . . x " . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . @ . . . . . J . . . . . 6 . . . . . " . . . . . L . . . . . L . . . . . P . . . . . L . . . . . . . . . . L
                                                                                                                                    Data Raw:01 16 03 00 06 f0 00 00 00 a2 0e 00 00 d4 00 00 00 c8 02 00 00 ff ff ff ff 48 10 00 00 78 22 00 00 01 00 00 00 01 00 00 00 f3 b0 1d 0e 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 08 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                    Stream Path: VBA/_VBA_PROJECT, File Type: data, Stream Size: 4385
                                                                                                                                    General
                                                                                                                                    Stream Path:VBA/_VBA_PROJECT
                                                                                                                                    CLSID:
                                                                                                                                    File Type:data
                                                                                                                                    Stream Size:4385
                                                                                                                                    Entropy:4.826911659340962
                                                                                                                                    Base64 Encoded:False
                                                                                                                                    Data ASCII:a . . . . . $ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . r . o . g . r . a . m . . F . i . l . e . s . \\ . C . o . m . m . o . n . . F . i . l . e . s . \\ . M . i . c . r . o . s . o . f . t . . S . h . a . r . e . d . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 . . . D .
                                                                                                                                    Data Raw:cc 61 b5 00 00 03 00 ff 0a 24 00 00 09 04 00 00 e4 04 03 00 00 00 00 00 00 00 00 00 01 00 05 00 02 00 20 01 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00
                                                                                                                                    Stream Path: VBA/__SRP_0, File Type: data, Stream Size: 5732
                                                                                                                                    General
                                                                                                                                    Stream Path:VBA/__SRP_0
                                                                                                                                    CLSID:
                                                                                                                                    File Type:data
                                                                                                                                    Stream Size:5732
                                                                                                                                    Entropy:3.7337490119812435
                                                                                                                                    Base64 Encoded:False
                                                                                                                                    Data ASCII:K * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . r U . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . .
                                                                                                                                    Data Raw:93 4b 2a b5 03 00 10 00 00 00 ff ff 00 00 00 00 01 00 02 00 ff ff 00 00 00 00 01 00 00 00 00 00 00 00 00 00 01 00 02 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 00 00 01 00 02 00 03 00 00 00 00 00 01 00 00 00 01 00 00 00 00 00 01 00 02 00 01 00 00 00 00 00 01 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 00 00 72 55 c9 04 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00
                                                                                                                                    Stream Path: VBA/__SRP_1, File Type: data, Stream Size: 567
                                                                                                                                    General
                                                                                                                                    Stream Path:VBA/__SRP_1
                                                                                                                                    CLSID:
                                                                                                                                    File Type:data
                                                                                                                                    Stream Size:567
                                                                                                                                    Entropy:1.954306426843084
                                                                                                                                    Base64 Encoded:False
                                                                                                                                    Data ASCII:r U @ . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ b . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 # . . . . . . . . . . 0 . . . . . . . . . . . . . . .
                                                                                                                                    Data Raw:72 55 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 02 00 00 00 00 00 00 7e 02 00 00 00 00 00 00 7e 02 00 00 00 00 00 00 7e 02 00 00 00 00 00 00 7e 02 00 00 00 00 00 00 7e 02 00 00 00 00 00 00 7e 02 00 00 00 00 00 00 7e 62 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 12 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 ff ff
                                                                                                                                    Stream Path: VBA/__SRP_2, File Type: data, Stream Size: 908
                                                                                                                                    General
                                                                                                                                    Stream Path:VBA/__SRP_2
                                                                                                                                    CLSID:
                                                                                                                                    File Type:data
                                                                                                                                    Stream Size:908
                                                                                                                                    Entropy:1.8864217471193974
                                                                                                                                    Base64 Encoded:False
                                                                                                                                    Data ASCII:r U . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A . . . . . . . . . . . . . 7 . ` . . . . . . . . . . . . . . . . . . . . . . . . . . 1 . . . . . . . . . . . . . . . . . . . ` i . . . . . . . . . . . . . . . . . . . . . . . . . . h . . . . . . . . . . . . . . . g .
                                                                                                                                    Data Raw:72 55 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 03 00 50 00 00 00 00 00 00 00 00 00 00 00 01 00 01 00 01 00 00 00 11 04 00 00 00 00 00 00 00 00 04 00 01 00 01 00 00 00 01 00 71 0a 00 00 00 00 00 00 00 00 00 00 a1 0a
                                                                                                                                    Stream Path: VBA/__SRP_3, File Type: data, Stream Size: 156
                                                                                                                                    General
                                                                                                                                    Stream Path:VBA/__SRP_3
                                                                                                                                    CLSID:
                                                                                                                                    File Type:data
                                                                                                                                    Stream Size:156
                                                                                                                                    Entropy:1.7820663630707385
                                                                                                                                    Base64 Encoded:False
                                                                                                                                    Data ASCII:r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . 8 . . . . . . . . . . . . . . . ` . . . 8 . . . . . . . . . . . . . . . . . b . . . . . . . . . . . . . . .
                                                                                                                                    Data Raw:72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 78 00 00 00 08 00 38 00 e1 01 00 00 00 00 00 00 00 00 02 00 00 00 03 60 00 00 d8 08 38 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00
                                                                                                                                    Stream Path: VBA/__SRP_4, File Type: data, Stream Size: 5068
                                                                                                                                    General
                                                                                                                                    Stream Path:VBA/__SRP_4
                                                                                                                                    CLSID:
                                                                                                                                    File Type:data
                                                                                                                                    Stream Size:5068
                                                                                                                                    Entropy:4.1745767224928585
                                                                                                                                    Base64 Encoded:False
                                                                                                                                    Data ASCII:r U . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 . . . 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                    Data Raw:72 55 80 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 04 00 00 00 00 00 00 7e 78 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 05 00 10 00 00 00 00 00 00 00 00 00 04 00 04 00 04 00 37 00 00 00 31 0d 00 00 00 00 00 00 00 00 00 00 11 10 00 00 00 00
                                                                                                                                    Stream Path: VBA/__SRP_5, File Type: data, Stream Size: 306
                                                                                                                                    General
                                                                                                                                    Stream Path:VBA/__SRP_5
                                                                                                                                    CLSID:
                                                                                                                                    File Type:data
                                                                                                                                    Stream Size:306
                                                                                                                                    Entropy:1.8350734561373765
                                                                                                                                    Base64 Encoded:False
                                                                                                                                    Data ASCII:r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . ` . . . . . . . . . . . . 8 . a . . . . . . . . . . . . . . ` . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . b . . . . . . . . . . . . . . .
                                                                                                                                    Data Raw:72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 04 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 10 00 00 00 08 00 38 00 f1 00 00 00 00 00 00 00 00 00 04 00 00 00 00 60 00 00 fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00
                                                                                                                                    Stream Path: VBA/__SRP_6, File Type: data, Stream Size: 1666
                                                                                                                                    General
                                                                                                                                    Stream Path:VBA/__SRP_6
                                                                                                                                    CLSID:
                                                                                                                                    File Type:data
                                                                                                                                    Stream Size:1666
                                                                                                                                    Entropy:2.79139329992375
                                                                                                                                    Base64 Encoded:False
                                                                                                                                    Data ASCII:r U . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H . . . . . . . . . . 1 % . . . . . . . . . . . . . . . . . . . . . a . . . . . . . . . . . . . . . . . . . F . . . . . . . . . . . . . . . . . . . . . F . . . . . . . . . . . . . . . . . . . . . . . . . h . . . . . . . . . . . . . . A . . . . . . . . . . . . # . . . . . . . . . . . . . . 8 . . . . . . . . . . . . ` . . . . .
                                                                                                                                    Data Raw:72 55 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 07 00 80 03 00 00 00 00 00 00 00 00 00 00 03 00 03 00 04 00 00 00 a1 48 00 00 00 00 00 00 00 00 00 00 31 25 00 00 00 00 00 00 00 00 00 00 f1 00 00 00 00 00 00 00 00 00
                                                                                                                                    Stream Path: VBA/__SRP_7, File Type: data, Stream Size: 334
                                                                                                                                    General
                                                                                                                                    Stream Path:VBA/__SRP_7
                                                                                                                                    CLSID:
                                                                                                                                    File Type:data
                                                                                                                                    Stream Size:334
                                                                                                                                    Entropy:2.29236171498046
                                                                                                                                    Base64 Encoded:False
                                                                                                                                    Data ASCII:r U . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . ` . . . . 8 . . . . . . . . . . . 8 . . . . . . . . . . . . . . . ` . . . . 8 . . . . . . . . . . . H . . . . . . . . . . . . . . . ` . . . . @ . . . . . ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . q . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . ` . . . . . . . b . . . . . . . . . . . .
                                                                                                                                    Data Raw:72 55 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 06 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 88 00 00 00 08 00 38 00 01 03 00 00 00 00 00 00 00 00 06 00 00 00 03 60 00 00 08 05 38 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00
                                                                                                                                    Stream Path: VBA/dir, File Type: data, Stream Size: 849
                                                                                                                                    General
                                                                                                                                    Stream Path:VBA/dir
                                                                                                                                    CLSID:
                                                                                                                                    File Type:data
                                                                                                                                    Stream Size:849
                                                                                                                                    Entropy:6.501040343053457
                                                                                                                                    Base64 Encoded:True
                                                                                                                                    Data ASCII:. M . . . . . . . . 0 J . . . H . . . . H . . . . . . . . . . . . V B A P r o j e c t . . . . . @ . . . . . = . . . . r . . . . . . . . . . I P f . . . . J < . . . . . . 9 s t d o l e . > . . s . t . d . . o . l . e . . . . h . % ^ . . * \\ G { . 0 0 0 2 0 4 3 0 v - . . . . C . . . . . . 0 . 0 4 6 } # 2 . 0 . # 0 # C : \\ W i . n d o w s \\ S y s t e m 3 2 \\ . e . 2 . t l b # O L . E A u t o m a p t i o n . 0 . . E O . f f i c E O . f Q . i . c E . . . E 2 D F 8 D 0 . 4 C - 5 B F A - . 1 0 1 B - B D E R 5
                                                                                                                                    Data Raw:01 4d b3 80 01 00 04 00 00 00 03 00 30 aa 4a 06 90 02 02 48 09 00 c0 14 06 48 08 03 00 02 00 8c e4 04 04 00 02 0a 00 1c 56 42 41 50 72 6f 20 6a 65 63 74 05 00 1a 00 00 aa 40 02 0a 06 02 0a 3d 02 0a 07 02 72 15 01 14 08 06 12 09 02 12 1f 49 d4 50 66 04 00 0c 02 4a 3c 02 0a 16 02 00 01 39 73 74 64 6f 6c 65 02 3e 02 19 73 00 74 00 64 00 00 6f 00 6c 00 65 00 0d 00 0a 68 00 25 5e 00 03

                                                                                                                                    Network Behavior

                                                                                                                                    DNS Answers

                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                    Jan 3, 2025 01:00:00.624403954 CET1.1.1.1192.168.2.240x74ebNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Jan 3, 2025 01:00:00.624403954 CET1.1.1.1192.168.2.240x74ebNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

                                                                                                                                    Statistics

                                                                                                                                    CPU Usage

                                                                                                                                    Click to jump to process

                                                                                                                                    Memory Usage

                                                                                                                                    Click to jump to process

                                                                                                                                    High Level Behavior Distribution

                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                    Behavior

                                                                                                                                    Click to jump to process

                                                                                                                                    System Behavior

                                                                                                                                    General

                                                                                                                                    Target ID:0
                                                                                                                                    Start time:19:00:05
                                                                                                                                    Start date:02/01/2025
                                                                                                                                    Path:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                    Imagebase:0x7ff7a90e0000
                                                                                                                                    File size:70'082'712 bytes
                                                                                                                                    MD5 hash:F9F7B6C42211B06E7AC3E4B60AA8FB77
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:moderate
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:15
                                                                                                                                    Start time:19:01:02
                                                                                                                                    Start date:02/01/2025
                                                                                                                                    Path:C:\Windows\System32\WerFault.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\WerFault.exe -u -p 7980 -s 3736
                                                                                                                                    Imagebase:0x7ff7aa630000
                                                                                                                                    File size:628'208 bytes
                                                                                                                                    MD5 hash:5A849C27C4796C1A7C22C572D8EAF95D
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:low
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:20
                                                                                                                                    Start time:19:01:10
                                                                                                                                    Start date:02/01/2025
                                                                                                                                    Path:C:\Windows\System32\WerFault.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\WerFault.exe -u -p 7980 -s 4752
                                                                                                                                    Imagebase:0x7ff7aa630000
                                                                                                                                    File size:628'208 bytes
                                                                                                                                    MD5 hash:5A849C27C4796C1A7C22C572D8EAF95D
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:low
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:24
                                                                                                                                    Start time:19:01:34
                                                                                                                                    Start date:02/01/2025
                                                                                                                                    Path:C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Reparto Trabajo TP4.xlsm"
                                                                                                                                    Imagebase:0x7ff7a90e0000
                                                                                                                                    File size:70'082'712 bytes
                                                                                                                                    MD5 hash:F9F7B6C42211B06E7AC3E4B60AA8FB77
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:moderate
                                                                                                                                    Has exited:false

                                                                                                                                    Disassembly

                                                                                                                                    No disassembly