Windows Analysis Report
Cybersecurity Course Mapping- FY24H2+.xlsx

Overview

General Information

Sample name:	Cybersecurity Course Mapping- FY24H2+.xlsx
Analysis ID:	1428886
MD5:	c8a147e3a7a3ae4118c72c03423c926a
SHA1:	17d0f969aa1475987efe91b8995620867534f5af
SHA256:	4d112d85332f4cfef517d7aca2282f60f11711b02ad03b88d80d52ef154415fc
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Sigma detected: Excel Network Connections

Sigma detected: Suspicious Office Outbound Connections

Classification

Signatures

Source: unknown	HTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49718 version: TLS 1.2

Potential document exploit detected (performs HTTP gets)

Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443

Potential document exploit detected (unknown TCP traffic)

Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49722

Source: excel.exe

Memory has grown: Private usage: 1MB later: 98MB

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49718 version: TLS 1.2

Source: classification engine

Classification label: clean2.winXLSX@3/3@0/51

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Users\user\Desktop\~$Cybersecurity Course Mapping- FY24H2+.xlsx

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\{FCC69225-369F-4FA5-8EFF-B43C92B70960} - OProcSessId.dat

Source: Cybersecurity Course Mapping- FY24H2+.xlsx

OLE indicator, Workbook stream: true

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File read: C:\Users\desktop.ini

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Cybersecurity Course Mapping- FY24H2+.xlsx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77F10CF0-3DB5-4966-B520-B7C54FD35ED6}\InProcServer32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Cybersecurity Course Mapping- FY24H2+.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet4.xml
Source: Cybersecurity Course Mapping- FY24H2+.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet5.xml
Source: Cybersecurity Course Mapping- FY24H2+.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet6.xml
Source: Cybersecurity Course Mapping- FY24H2+.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet6.xml.rels
Source: Cybersecurity Course Mapping- FY24H2+.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet5.xml.rels
Source: Cybersecurity Course Mapping- FY24H2+.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet4.xml.rels
Source: Cybersecurity Course Mapping- FY24H2+.xlsx	Initial sample: OLE zip file path = xl/media/image1.png
Source: Cybersecurity Course Mapping- FY24H2+.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet3.xml.rels
Source: Cybersecurity Course Mapping- FY24H2+.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet2.xml.rels
Source: Cybersecurity Course Mapping- FY24H2+.xlsx	Initial sample: OLE zip file path = xl/tables/table1.xml
Source: Cybersecurity Course Mapping- FY24H2+.xlsx	Initial sample: OLE zip file path = xl/comments1.xml

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Source: Cybersecurity Course Mapping- FY24H2+.xlsx

Initial sample: OLE indicators vbamacros = False

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX

Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000
Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000
Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000
Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000
Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000
Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Process information queried: ProcessInformation

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
52.109.124.28	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.113.194.132	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.109.8.36	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.213.41	part-0013.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.201.212.130	unknown	United States	5432	PROXIMUS-ISP-ASBE	false
13.89.178.26	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Contacted Domains

Name	IP	Active
part-0013.t-0009.t-msedge.net	13.107.213.41	true

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\D6FF007.png	PNG image data, 443 x 276, 8-bit/color RGBA, non-interlaced	1C202558540EFE306A5E0C6902DD84A3	3EFD1908A9C447CA1DF4CEDB0234C3D381841A5A	A3FD59F6B2BD37E1AD162D2A3D624B6A0E6E060365EE108CB03A6627EC2E81A1
C:\Users\user\AppData\Local\Temp\error070440_01.xml	XML 1.0 document, ASCII text, with very long lines (379), with CRLF line terminators	CEEC48C4F585E785D0A9D4270E172320	D3A2E6DAA6360979BA91DDF8482AC23A0FFBE61C	E833340ACB02DCBEE8D6CF8875700AEBCF16AFB40C993674E905FE8490075648
C:\Users\user\Desktop\~$Cybersecurity Course Mapping- FY24H2+.xlsx	data	9AC4D67F6E514F452D4A1DB79CE3B2E8	33F8C665ECBB81275D2E49D48F2565A58A282043	407E1D871964C93DBDBD4D00613CD0A9E30D3ED6352D8052C58E7A252D52FC5A

Source: unknown	HTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49718 version: TLS 1.2

Potential document exploit detected (performs HTTP gets)

Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443

Potential document exploit detected (unknown TCP traffic)

Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 13.107.213.41:443 -> 192.168.2.16:49722

Source: excel.exe

Memory has grown: Private usage: 1MB later: 98MB

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49718 version: TLS 1.2

Source: classification engine

Classification label: clean2.winXLSX@3/3@0/51

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Users\user\Desktop\~$Cybersecurity Course Mapping- FY24H2+.xlsx

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\{FCC69225-369F-4FA5-8EFF-B43C92B70960} - OProcSessId.dat

Source: Cybersecurity Course Mapping- FY24H2+.xlsx

OLE indicator, Workbook stream: true

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File read: C:\Users\desktop.ini

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Cybersecurity Course Mapping- FY24H2+.xlsx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77F10CF0-3DB5-4966-B520-B7C54FD35ED6}\InProcServer32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Cybersecurity Course Mapping- FY24H2+.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet4.xml
Source: Cybersecurity Course Mapping- FY24H2+.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet5.xml
Source: Cybersecurity Course Mapping- FY24H2+.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet6.xml
Source: Cybersecurity Course Mapping- FY24H2+.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet6.xml.rels
Source: Cybersecurity Course Mapping- FY24H2+.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet5.xml.rels
Source: Cybersecurity Course Mapping- FY24H2+.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet4.xml.rels
Source: Cybersecurity Course Mapping- FY24H2+.xlsx	Initial sample: OLE zip file path = xl/media/image1.png
Source: Cybersecurity Course Mapping- FY24H2+.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet3.xml.rels
Source: Cybersecurity Course Mapping- FY24H2+.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet2.xml.rels
Source: Cybersecurity Course Mapping- FY24H2+.xlsx	Initial sample: OLE zip file path = xl/tables/table1.xml
Source: Cybersecurity Course Mapping- FY24H2+.xlsx	Initial sample: OLE zip file path = xl/comments1.xml

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Source: Cybersecurity Course Mapping- FY24H2+.xlsx

Initial sample: OLE indicators vbamacros = False

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX

Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000
Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000
Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000
Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000
Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000
Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Process information queried: ProcessInformation

ID:	1428886
Product:	CloudBasic
Start time:	19:13:37
Start date:	19.04.2024
Sample:	Cybersecurity Course Mapping- FY24H2+.xlsx
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	c8a147e3a7a3ae4118c72c03423c926a
SHA1:	17d0f969aa1475987efe91b8995620867534f5af
SHA256:	4d112d85332f4cfef517d7aca2282f60f11711b02ad03b88d80d52ef154415fc
Filetype:	Excel Microsoft Office Open XML Format document (40004/1) 83.33%

Windows Analysis Report
Cybersecurity Course Mapping- FY24H2+.xlsx

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Windows Analysis Report Cybersecurity Course Mapping- FY24H2+.xlsx

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Windows Analysis Report
Cybersecurity Course Mapping- FY24H2+.xlsx