Click to jump to signature section
| Source: https://laurabingham.org/wp-content/plugins/wp-recipe-maker/downexcel.php | Avira URL Cloud: detection malicious, Label: malware |
| Source: laurabingham.org | Virustotal: Detection: 6% | Perma Link |
| Source: C:\Users\user\Downloads\Unconfirmed 695193.crdownload (copy) | Virustotal: Detection: 10% | Perma Link |
| Source: C:\Users\user\Downloads\22-May-24-document-63501ce1.xll (copy) | ReversingLabs: Detection: 29% |
| Source: C:\Users\user\Downloads\22-May-24-document-63501ce1.xll (copy) | Virustotal: Detection: 15% | Perma Link |
| Source: https://laurabingham.org/wp-content/plugins/wp-recipe-maker/downexcel.php | Virustotal: Detection: 6% | Perma Link |
| Source: C:\Users\user\Downloads\22-May-24-document-63501ce1.xll.crdownload | Joe Sandbox ML: detected |
| Source: unknown | HTTPS traffic detected: 40.126.32.133:443 -> 192.168.2.16:49702 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49712 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49713 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49714 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.126.32.133:443 -> 192.168.2.16:49724 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49725 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 13.107.213.67:443 -> 192.168.2.16:54372 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 13.107.213.67:443 -> 192.168.2.16:54373 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 13.107.213.67:443 -> 192.168.2.16:54370 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 13.107.213.67:443 -> 192.168.2.16:54371 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 13.107.213.67:443 -> 192.168.2.16:54369 version: TLS 1.2 |
| Source: excel.exe | Memory has grown: Private usage: 6MB later: 73MB |
| Source: chrome.exe | Memory has grown: Private usage: 1MB later: 31MB |
| Source: global traffic | TCP traffic: 192.168.2.16:54367 -> 1.1.1.1:53 |
| Source: global traffic | TCP traffic: 192.168.2.16:54367 -> 1.1.1.1:53 |
| Source: global traffic | TCP traffic: 192.168.2.16:54367 -> 1.1.1.1:53 |
| Source: global traffic | TCP traffic: 192.168.2.16:54367 -> 1.1.1.1:53 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.133 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.133 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.133 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.133 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.133 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.133 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.133 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.133 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.32.133 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.10 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.10 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: global traffic | DNS traffic detected: DNS query: laurabingham.org |
| Source: global traffic | DNS traffic detected: DNS query: www.google.com |
| Source: unknown | Network traffic detected: HTTP traffic on port 49710 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54370 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49706 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49712 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49678 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49702 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54376 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 54378 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49725 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54374 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 54377 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 54376 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54372 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54377 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49688 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49713 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49717 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49715 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49716 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49715 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49717 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49714 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49713 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49712 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49710 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54369 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54371 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49673 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54375 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54373 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49724 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 54369 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 54371 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 54370 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 54375 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54378 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 54374 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 54373 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 54372 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49716 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49706 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49714 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49725 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49702 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49724 |
| Source: unknown | HTTPS traffic detected: 40.126.32.133:443 -> 192.168.2.16:49702 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49712 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49713 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49714 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.126.32.133:443 -> 192.168.2.16:49724 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49725 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 13.107.213.67:443 -> 192.168.2.16:54372 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 13.107.213.67:443 -> 192.168.2.16:54373 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 13.107.213.67:443 -> 192.168.2.16:54370 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 13.107.213.67:443 -> 192.168.2.16:54371 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 13.107.213.67:443 -> 192.168.2.16:54369 version: TLS 1.2 |
| Source: classification engine | Classification label: mal76.win@27/10@4/139 |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\Downloads\fcac7eb4-7f07-4e12-95b3-363028033eb2.tmp |
| Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE | File created: C:\Users\user\AppData\Local\Temp\{2DF18481-BCDC-4A97-8205-C2A26039DB6E} - OProcSessId.dat |
| Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE | File read: C:\Users\desktop.ini |
| Source: unknown | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://laurabingham.org/wp-content/plugins/wp-recipe-maker/downexcel.php |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1828,i,17497539352936221100,5725822133758323697,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1828,i,17497539352936221100,5725822133758323697,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" -xlls "C:\Users\user\Downloads\22-May-24-document-63501ce1.xll" |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" -xlls "C:\Users\user\Downloads\22-May-24-document-63501ce1.xll" |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" -xlls "C:\Users\user\Downloads\22-May-24-document-63501ce1.xll" |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" -xlls "C:\Users\user\Downloads\22-May-24-document-63501ce1.xll" |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
| Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE | Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288 |
| Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE | Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288 |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
| Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE | Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32 |
| Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE | Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\Downloads\22-May-24-document-63501ce1.xll.crdownload | Jump to dropped file |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\Downloads\85383247-1691-41bf-a177-430a1ce7cd3e.tmp | Jump to dropped file |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\Downloads\fcac7eb4-7f07-4e12-95b3-363028033eb2.tmp | Jump to dropped file |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk |
| Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
| Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
| Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
| Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
| Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
| Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
| Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
| Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
| Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
| Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\splwow64.exe | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
| Source: C:\Windows\splwow64.exe | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
| Source: C:\Windows\splwow64.exe | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
| Source: C:\Windows\splwow64.exe | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
| Source: C:\Windows\splwow64.exe | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
| Source: C:\Windows\splwow64.exe | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
| Source: C:\Windows\splwow64.exe | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
| Source: C:\Windows\splwow64.exe | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
| Source: C:\Windows\splwow64.exe | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
| Source: C:\Windows\splwow64.exe | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
| Source: C:\Windows\splwow64.exe | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
| Source: C:\Windows\splwow64.exe | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
| Source: C:\Windows\splwow64.exe | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
| Source: C:\Windows\splwow64.exe | Thread delayed: delay time: 120000 |
| Source: C:\Windows\splwow64.exe | Thread delayed: delay time: 120000 |
| Source: C:\Windows\splwow64.exe | Thread delayed: delay time: 120000 |
| Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE | Process information queried: ProcessInformation |
| Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE | Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid |
Edit tour
chrome.exe (PID: 6148 cmdline: 
EXCEL.EXE (PID: 7792 cmdline: 
splwow64.exe (PID: 1960 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node