7ae8b3795f2efff6e153b1290633c327a5d3ade19f40ecc0a891579ed5587c61

Add for printing

File name:	Solicitud de cotizaciòn..xlsx
Full analysis:	https://app.any.run/tasks/a7ed4b30-3199-425f-a958-787c2b10a6c1
Verdict:	Malicious activity
Analysis date:	December 05, 2022, 18:15:51
OS:	Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME:	application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
File info:	Microsoft Excel 2007+
MD5:	CD9567E232B722B34985981E32633321
SHA1:	3B1FDB9DACD8A1F20FDC0F03D2088855924452A7
SHA256:	7AE8B3795F2EFFF6E153B1290633C327A5D3ADE19F40ECC0A891579ED5587C61
SSDEEP:	24576:Cmv7PSn7ViMIY4oSX6fM1lPH/VE+njnkLQp:CmMVHfSlPHJngEp

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 660 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.789.19041.0 undefined
Adobe Acrobat Reader DC (20.013.20074)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (5.74)
FileZilla Client 3.51.0 (3.51.0)
Google Chrome (87.0.4280.88)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Microsoft Edge (104.0.1293.63)
Microsoft Edge Update (1.3.167.21)
Microsoft Office Professional 2019 - de-de (16.0.12026.20264)
Microsoft Office Professional 2019 - en-us (16.0.12026.20264)
Microsoft Office Professional 2019 - es-es (16.0.12026.20264)
Microsoft Office Professional 2019 - it-it (16.0.12026.20264)
Microsoft Office Professional 2019 - ja-jp (16.0.12026.20264)
Microsoft Office Professional 2019 - ko-kr (16.0.12026.20264)
Microsoft Office Professional 2019 - pt-br (16.0.12026.20264)
Microsoft Office Professional 2019 - tr-tr (16.0.12026.20264)
Microsoft Office Professionnel 2019 - fr-fr (16.0.12026.20264)
Microsoft Office профессиональный 2019 - ru-ru (16.0.12026.20264)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30704 (14.30.30704.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.30.30704 (14.30.30704)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.30.30704 (14.30.30704)
Mozilla Firefox 84.0 (x64 en-US) (84.0)
Mozilla Maintenance Service (84.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.12026.20264)
Office 16 Click-to-Run Licensing Component (16.0.12026.20264)
Office 16 Click-to-Run Localization Component (16.0.12026.20264)
Opera 12.15 (12.15.1748)
QGA (2.14.32)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.67.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
VLC media player (3.0.11)
WinRAR 5.60 (64-bit) (5.60.0)
Windows 10 Upgrade Assistant (1.4.9200.22175)

Hotfixes

Client LanguagePack Package
DotNetRollup
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
- Reads settings of System Certificates
  - SLUI.exe (PID: 2496)
  - slui.exe (PID: 2416)
- Process requests binary or script from the Internet
  - EXCEL.EXE (PID: 2888)
INFO
- Checks proxy server information
  - EXCEL.EXE (PID: 2888)
  - slui.exe (PID: 2416)
- Reads the software policy settings
  - SLUI.exe (PID: 2496)
  - slui.exe (PID: 2416)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.xlsx	\|	Excel Microsoft Office Open XML Format document (61.2)
.zip	\|	Open Packaging Conventions container (31.5)
.zip	\|	ZIP compressed archive (7.2)

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

133

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

2888

"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\admin\Desktop\Solicitud de cotizaciòn..xlsx"

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE

Explorer.EXE

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Excel

Version:

16.0.12026.20264

Modules

Images
c:\program files\microsoft office\root\office16\excel.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\combase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll

6096

C:\WINDOWS\system32\SppExtComObj.exe -Embedding

C:\WINDOWS\system32\SppExtComObj.exe

—

svchost.exe

User:

NETWORK SERVICE

Company:

Microsoft Corporation

Integrity Level:

SYSTEM

Description:

KMS Connection Broker

Exit code:

Version:

10.0.19041.1202 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll

2496

"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEvent

C:\WINDOWS\System32\SLUI.exe

SppExtComObj.exe

User:

NETWORK SERVICE

Company:

Microsoft Corporation

Integrity Level:

SYSTEM

Description:

Windows Activation Client

Exit code:

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll

5604

C:\Users\admin\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\FileCoAuth.exe -Embedding

C:\Users\admin\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\FileCoAuth.exe

—

svchost.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft OneDriveFile Co-Authoring Executable

Exit code:

Version:

19.043.0304.0013

Modules

Images
c:\users\admin\appdata\local\microsoft\onedrive\19.043.0304.0013\filecoauth.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll

4188

C:\Users\admin\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\FileCoAuth.exe -Embedding

C:\Users\admin\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\FileCoAuth.exe

—

svchost.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft OneDriveFile Co-Authoring Executable

Exit code:

Version:

19.043.0304.0013

Modules

Images
c:\users\admin\appdata\local\microsoft\onedrive\19.043.0304.0013\filecoauth.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll

2416

C:\WINDOWS\System32\slui.exe -Embedding

C:\WINDOWS\System32\slui.exe

svchost.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Activation Client

Exit code:

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll

Add for printing

Total events

11 448

Read events

11 240

Write events

173

Delete events

Modification events


(PID) Process:	(2888) EXCEL.EXE	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
Operation:	write	Name:	1
Value: 01D014000000001000284FFA2E01000000000000000500000000000000
(PID) Process:	(2888) EXCEL.EXE	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\2888
Operation:	write	Name:	0
Value: 0B0E10F15CBAE7E3A3A742B5382BB4252A395A23004695ED88DEDA9AC2EC016A0410240044FA5D64A89E01008500A907556E6B6E6F776E00
(PID) Process:	(2888) EXCEL.EXE	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:	write	Name:	en-US
Value: 2
(PID) Process:	(2888) EXCEL.EXE	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:	write	Name:	de-de
Value: 2
(PID) Process:	(2888) EXCEL.EXE	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:	write	Name:	fr-fr
Value: 2
(PID) Process:	(2888) EXCEL.EXE	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:	write	Name:	es-es
Value: 2
(PID) Process:	(2888) EXCEL.EXE	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:	write	Name:	it-it
Value: 2
(PID) Process:	(2888) EXCEL.EXE	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:	write	Name:	ja-jp
Value: 2
(PID) Process:	(2888) EXCEL.EXE	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:	write	Name:	ko-kr
Value: 2
(PID) Process:	(2888) EXCEL.EXE	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:	write	Name:	pt-br
Value: 2

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
2888	EXCEL.EXE	C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\Solicitud de cotizaciòn..xlsx.LNK		lnk
		MD5:F0B77DDCF9B3DEC544184F523AA95240	SHA256:E7B1BF3B2E75B0EC19E4C9B0B4EE80D8084B7CDADC3065AE771F61DD93D64323
2888	EXCEL.EXE	C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\index.dat		ini
		MD5:A2CB95355DE5394796E2AF7C5CC7ECF4	SHA256:F8F5E9FDF4CB865161E6BB8864E67B6E73C5EB050880FC51783658C268AB496B
2888	EXCEL.EXE	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\F9OGI6VYLGWI11T5LI8T.temp		binary
		MD5:E4A1661C2C886EBB688DEC494532431C	SHA256:B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5
2888	EXCEL.EXE	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms		binary
		MD5:4FCB2A3EE025E4A10D21E1B154873FE2	SHA256:90BF6BAA6F968A285F88620FBF91E1F5AA3E66E2BAD50FD16F37913280AD8228
2888	EXCEL.EXE	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\4VA93XNAVBMIOECWAWBI.temp		binary
		MD5:4FCB2A3EE025E4A10D21E1B154873FE2	SHA256:90BF6BAA6F968A285F88620FBF91E1F5AA3E66E2BAD50FD16F37913280AD8228
2888	EXCEL.EXE	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms~RF10908a.TMP		binary
		MD5:4FCB2A3EE025E4A10D21E1B154873FE2	SHA256:90BF6BAA6F968A285F88620FBF91E1F5AA3E66E2BAD50FD16F37913280AD8228
2888	EXCEL.EXE	C:\Users\admin\AppData\Local\Temp\.ses		text
		MD5:B53D0E2ABEB41FB3657AE78D88AABF8D	SHA256:C6C82E5E7DD9BC7871D6E5B0F188438250FB61A537252DD0C4769123F47F5A78
5604	FileCoAuth.exe	C:\Users\admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2022-12-05.1818.5604.1.aodl		binary
		MD5:923BF0E545D9C37CA8874C8D6C4A30E6	SHA256:AB32C675D35DDBEBFCF8B11720C3E550024E8D0DF557838F17186377E3D0FE65
2888	EXCEL.EXE	C:\Users\admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml		xml
		MD5:161DCED72C37510F353DEA6B6B729BAF	SHA256:CE76CA48160AAB291FBA97540C917F828ED0B6381DBA2F8F62E9F1E88FCD52B1
5604	FileCoAuth.exe	C:\Users\admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2022-12-05.1818.5604.1.odl		binary
		MD5:C0005BFDE850EEEBCA7958CF20B24E36	SHA256:AD973165C34D551FB3618D0EE34DC6B32A876D1E45324ECA20CF8B54568EE9D7

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
1700	sihclient.exe	GET	304	40.125.122.176:443	https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19044.1288/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.1288&MK=DELL&MD=DELL	US	—	—	whitelisted
1700	sihclient.exe	GET	200	40.125.122.176:443	https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19044.1288/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.1288&MK=DELL&MD=DELL	US	compressed	23.9 Kb	whitelisted
1012	svchost.exe	POST	200	40.126.32.134:443	https://login.live.com/RST2.srf	US	xml	1.25 Kb	whitelisted
1700	sihclient.exe	GET	200	2.19.126.87:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl	DE	der	824 b	whitelisted
1700	sihclient.exe	GET	200	2.19.126.97:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	DE	der	1.11 Kb	whitelisted
2888	EXCEL.EXE	GET	200	13.107.42.16:443	https://config.edge.skype.com/config/v2/Office/excel/16.0.12026.20264/Production/CC?&Clientid=%7bD61AB268-C26A-439D-BB15-2A0DEDFCA6A3%7d&Application=excel&Platform=win32&Version=16.0.12026.20264&MsoVersion=16.0.12026.20194&Audience=Production&Build=ship&Architecture=x64&Language=en-US&SubscriptionLicense=false&PerpetualLicense=2019&Channel=CC&InstallType=C2R&SessionId=%7bE7BA5CF1-A3E3-42A7-B538-2BB4252A395A%7d&LabMachine=false	US	text	170 Kb	whitelisted
2888	EXCEL.EXE	GET	200	52.109.13.62:443	https://nexusrules.officeapps.live.com/nexus/rules?Application=excel.exe&Version=16.0.12026.20264&ClientId=%7bD61AB268-C26A-439D-BB15-2A0DEDFCA6A3%7d&OSEnvironment=10&MsoAppId=1&AudienceName=Production&AudienceGroup=Production&AppVersion=16.0.12026.20264&	US	xml	202 Kb	whitelisted
2888	EXCEL.EXE	POST	200	13.69.239.72:443	https://self.events.data.microsoft.com/OneCollector/1.0/	IE	binary	10 b	whitelisted
2888	EXCEL.EXE	POST	200	13.69.239.72:443	https://self.events.data.microsoft.com/OneCollector/1.0/	IE	binary	9 b	whitelisted
2888	EXCEL.EXE	POST	200	13.69.239.72:443	https://self.events.data.microsoft.com/OneCollector/1.0/	IE	binary	84 b	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
2724	svchost.exe	40.113.103.199:443	client.wns.windows.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
1012	svchost.exe	40.126.32.134:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	NL	suspicious
2888	EXCEL.EXE	52.109.88.191:443	officeclient.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
1700	sihclient.exe	40.125.122.176:443	slscr.update.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	suspicious
—	—	2.19.126.87:80	crl.microsoft.com	Akamai International B.V.	DE	unknown
1700	sihclient.exe	2.19.126.87:80	crl.microsoft.com	Akamai International B.V.	DE	unknown
2888	EXCEL.EXE	13.107.42.16:443	config.edge.skype.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
1700	sihclient.exe	88.221.169.152:80	www.microsoft.com	AKAMAI-AS	DE	suspicious
1700	sihclient.exe	2.19.126.97:80	crl.microsoft.com	Akamai International B.V.	DE	unknown
2888	EXCEL.EXE	52.109.13.62:443	nexusrules.officeapps.live.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	suspicious

DNS requests

Domain	IP	Reputation
officeclient.microsoft.com	52.109.88.191	whitelisted
slscr.update.microsoft.com	40.125.122.176 52.152.110.14	whitelisted
crl.microsoft.com	2.19.126.87 2.19.126.97 23.216.77.6 23.216.77.28 95.101.54.122 95.101.54.128	whitelisted
www.microsoft.com	88.221.169.152 72.246.169.155 23.3.109.244 2.18.233.62	whitelisted
config.edge.skype.com	13.107.42.16	whitelisted
nexusrules.officeapps.live.com	52.109.13.62	whitelisted
self.events.data.microsoft.com	13.69.239.72 20.189.173.11	whitelisted
client.wns.windows.com	40.113.110.67 40.113.103.199	whitelisted
fe3cr.delivery.mp.microsoft.com	40.77.2.164 2603:1020:2:3::67	whitelisted
settings-win.data.microsoft.com	51.124.78.146 40.127.240.158 4.231.128.59 20.73.194.208	whitelisted

Threats

PID	Process	Class	Message
3620	svchost.exe	Misc activity	ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent
3620	svchost.exe	Misc activity	ET INFO Windows OS Submitting USB Metadata to Microsoft
3620	svchost.exe	Misc activity	ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent
3620	svchost.exe	Misc activity	ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent
3620	svchost.exe	Misc activity	ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent
3620	svchost.exe	Misc activity	ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent
3620	svchost.exe	Misc activity	ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent
3620	svchost.exe	Misc activity	ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent
3620	svchost.exe	Misc activity	ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent
3620	svchost.exe	Misc activity	ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent

Add for printing

No debug info

General Info

Solicitud de cotizaciòn..xlsx

CD9567E232B722B34985981E32633321

3B1FDB9DACD8A1F20FDC0F03D2088855924452A7

7AE8B3795F2EFFF6E153B1290633C327A5D3ADE19F40ECC0A891579ED5587C61

24576:Cmv7PSn7ViMIY4oSX6fM1lPH/VE+njnkLQp:CmMVHfSlPHJngEp

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

Reads settings of System Certificates

Process requests binary or script from the Internet

INFO

Checks proxy server information

Reads the software policy settings

Malware configuration

Static information

TRiD

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings