Windows Analysis Report
Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx

Overview

General Information

Sample name:	Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx
Analysis ID:	1431695
MD5:	026105386d912668f0adaa56f57a56fa
SHA1:	cef04163417810b11b1b3e519ad9afbb0b0e8434
SHA256:	d90404256a0ab420641745da8c3284c28cd0806ea2a2571854a31b558ac6a447
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Sigma detected: Excel Network Connections

Sigma detected: Suspicious Office Outbound Connections

Classification

Signatures

Source: unknown	HTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.16:49718 version: TLS 1.2

Potential document exploit detected (performs HTTP gets)

Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443

Potential document exploit detected (unknown TCP traffic)

Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49725

Source: excel.exe

Memory has grown: Private usage: 1MB later: 102MB

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.16:49718 version: TLS 1.2

Source: classification engine

Classification label: clean2.winXLSX@3/2@0/42

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\mso524C.tmp

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\{8A2F0A1F-E585-4A70-B257-6502CB8AD51E} - OProcSessId.dat

Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx

OLE indicator, Workbook stream: true

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File read: C:\Users\desktop.ini

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77F10CF0-3DB5-4966-B520-B7C54FD35ED6}\InProcServer32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet4.xml
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet5.xml
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/drawings/drawing2.xml
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/charts/style1.xml
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/charts/colors1.xml
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/charts/chart1.xml
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet2.xml.rels
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet4.xml.rels
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet5.xml.rels
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/drawings/_rels/drawing2.xml.rels
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/charts/_rels/chart1.xml.rels
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/ctrlProps/ctrlProp1.xml
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/ctrlProps/ctrlProp2.xml
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/tables/table1.xml
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/tables/table3.xml
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/calcChain.xml
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/tables/table2.xml
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/comments1.xml

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx

Static file information: File size 1903219 > 1048576

Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx

Initial sample: OLE indicators vbamacros = False

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX

Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000
Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000
Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000
Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000
Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Process information queried: ProcessInformation

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
52.109.56.128	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.113.194.132	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.189.173.28	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.41	part-0013.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.201.212.130	unknown	United States	5432	PROXIMUS-ISP-ASBE	false

Contacted Domains

Name	IP	Active
part-0013.t-0009.t-msedge.net	13.107.246.41	true

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\mso524C.tmp	PNG image data, 977 x 1024, 8-bit/color RGBA, non-interlaced	C4C38A7D937C652FE5C5A39C668F8D86	BAACAB0836AFC11765E1896388D06F7A5DEB9253	48B090CBFA1300A7A60F6EAAFA08DDACCFC96943C8A3E943A4B9D9E45A18B52A
C:\Users\user\Desktop\~$Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	data	9AC4D67F6E514F452D4A1DB79CE3B2E8	33F8C665ECBB81275D2E49D48F2565A58A282043	407E1D871964C93DBDBD4D00613CD0A9E30D3ED6352D8052C58E7A252D52FC5A

Source: unknown	HTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.16:49718 version: TLS 1.2

Potential document exploit detected (performs HTTP gets)

Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443

Potential document exploit detected (unknown TCP traffic)

Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49716 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49716
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49719
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 192.168.2.16:49720 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49720
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49723
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 192.168.2.16:49721 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49721
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 192.168.2.16:49722 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49722
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 192.168.2.16:49724 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49724
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49725
Source: global traffic	TCP traffic: 192.168.2.16:49725 -> 13.107.246.41:443
Source: global traffic	TCP traffic: 13.107.246.41:443 -> 192.168.2.16:49725

Source: excel.exe

Memory has grown: Private usage: 1MB later: 102MB

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.41:443 -> 192.168.2.16:49718 version: TLS 1.2

Source: classification engine

Classification label: clean2.winXLSX@3/2@0/42

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\mso524C.tmp

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\{8A2F0A1F-E585-4A70-B257-6502CB8AD51E} - OProcSessId.dat

Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx

OLE indicator, Workbook stream: true

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File read: C:\Users\desktop.ini

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77F10CF0-3DB5-4966-B520-B7C54FD35ED6}\InProcServer32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet4.xml
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet5.xml
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/drawings/drawing2.xml
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/charts/style1.xml
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/charts/colors1.xml
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/charts/chart1.xml
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet2.xml.rels
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet4.xml.rels
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet5.xml.rels
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/drawings/_rels/drawing2.xml.rels
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/charts/_rels/chart1.xml.rels
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/ctrlProps/ctrlProp1.xml
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/ctrlProps/ctrlProp2.xml
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/tables/table1.xml
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/tables/table3.xml
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/calcChain.xml
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/tables/table2.xml
Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx	Initial sample: OLE zip file path = xl/comments1.xml

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx

Static file information: File size 1903219 > 1048576

Source: Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx

Initial sample: OLE indicators vbamacros = False

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX

Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000
Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000
Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000
Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000
Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Process information queried: ProcessInformation

ID:	1431695
Product:	CloudBasic
Start time:	16:40:24
Start date:	25.04.2024
Sample:	Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	026105386d912668f0adaa56f57a56fa
SHA1:	cef04163417810b11b1b3e519ad9afbb0b0e8434
SHA256:	d90404256a0ab420641745da8c3284c28cd0806ea2a2571854a31b558ac6a447
Filetype:	Excel Microsoft Office Open XML Format document (40004/1) 83.33%

Windows Analysis Report
Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Windows Analysis Report Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Windows Analysis Report
Employee_PTO_Calculator_Tracker_Excel_Template_v2_3.xlsx