Excel Macro Screens...
 
Notifications
Clear all

Excel Macro Screenshots (Author?)

3 Posts
3 Users
0 Likes
670 Views
(@neutralchaos)
Posts: 2
New Member
Topic starter
 

Hi,
we had an incident, where a user opened a compromised excel file and activated excel-macros beforehand to do so.
Now, we've found screenshots which documented the "macro-activation-process" (timestamp matches 100%).
The screenshots where found in "/Users/Username/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/…."
-
Now the question is, who created those screenshots and why ?
Windows ? Office ?

Best regards

 
Posted : 11/11/2019 8:04 am
(@rich2005)
Posts: 536
Honorable Member
 

Your post doesn't really give enough information to answer your question but some malware actively captures screenshots of user activity (although the ones I've seen put it in a specific folder rather than the internet history files).

 
Posted : 11/11/2019 12:03 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

Have you considered creating a timeline, in order to 'see' what was 'going on' around the time that the files were created?

 
Posted : 12/11/2019 12:26 pm
Share: