Windows Analysis Report
https://c.web.de/@337550745597380876/74ahEl4NT1un_FYZa8msnw

Overview

General Information

Sample URL:	https://c.web.de/@337550745597380876/74ahEl4NT1un_FYZa8msnw
Analysis ID:	1500454
Infos:

Detection

Score:	3
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Detected non-DNS traffic on DNS port

HTML body with high number of embedded SVGs detected

HTML page contains hidden javascript code

Sigma detected: Excel Network Connections

Sigma detected: Suspicious Office Outbound Connections

Stores files to the Windows start menu directory

Classification

Signatures

HTML body with high number of embedded SVGs detected

Source: https://c.web.de/@337550745597380876/74ahEl4NT1un_FYZa8msnw

HTTP Parser: Total embedded SVG size: 156283

HTML page contains hidden javascript code

Source: https://c.web.de/@337550745597380876/74ahEl4NT1un_FYZa8msnw

HTTP Parser: Base64 decoded: spfgoto=/onlinespeicher_erweitern&spfportal=produkte&mc=undefined

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.167.17.97:443 -> 192.168.2.16:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.71:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.71:443 -> 192.168.2.16:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.16:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.16:53306 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.16:53307 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.16:53308 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.16:53309 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:53932 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.71:443 -> 192.168.2.16:53935 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.57:443 -> 192.168.2.16:53941 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.57:443 -> 192.168.2.16:53939 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.57:443 -> 192.168.2.16:53940 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.57:443 -> 192.168.2.16:53938 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.57:443 -> 192.168.2.16:53937 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:53948 version: TLS 1.2

Source: excel.exe	Memory has grown: Private usage: 19MB later: 71MB
Source: chrome.exe	Memory has grown: Private usage: 7MB later: 30MB

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.16:53929 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53305 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53929 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53305 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53929 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53305 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53929 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53305 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53929 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53305 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53929 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53305 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 52.167.17.97
Source: unknown	TCP traffic detected without corresponding DNS query: 52.167.17.97
Source: unknown	TCP traffic detected without corresponding DNS query: 52.167.17.97
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.167.17.97
Source: unknown	TCP traffic detected without corresponding DNS query: 52.167.17.97

Source: global traffic	DNS traffic detected: DNS query: c.web.de
Source: global traffic	DNS traffic detected: DNS query: s.uicdn.com
Source: global traffic	DNS traffic detected: DNS query: dl.web.de
Source: global traffic	DNS traffic detected: DNS query: uim.tifbs.net
Source: global traffic	DNS traffic detected: DNS query: img.ui-portal.de
Source: global traffic	DNS traffic detected: DNS query: wa.web.de
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: sdthumbs.ui-static.net
Source: global traffic	DNS traffic detected: DNS query: img.web.de
Source: global traffic	DNS traffic detected: DNS query: cgateu01we.storage-webde.de

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 53944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53311 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 53938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53314 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53308 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53313 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53307 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 53948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53309 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53935
Source: unknown	Network traffic detected: HTTP traffic on port 53945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53932
Source: unknown	Network traffic detected: HTTP traffic on port 53310 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53309
Source: unknown	Network traffic detected: HTTP traffic on port 53946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53308
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53307
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53306
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53944
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53948
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53940
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53312
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53950
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53311
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53310
Source: unknown	Network traffic detected: HTTP traffic on port 53943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53314
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53313
Source: unknown	Network traffic detected: HTTP traffic on port 53312 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53306 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 53937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.167.17.97:443 -> 192.168.2.16:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.71:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.71:443 -> 192.168.2.16:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.16:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.16:53306 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.16:53307 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.16:53308 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.16:53309 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:53932 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.71:443 -> 192.168.2.16:53935 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.57:443 -> 192.168.2.16:53941 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.57:443 -> 192.168.2.16:53939 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.57:443 -> 192.168.2.16:53940 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.57:443 -> 192.168.2.16:53938 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.57:443 -> 192.168.2.16:53937 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:53948 version: TLS 1.2

Source: classification engine

Classification label: clean3.win@22/24@34/126

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\{6CA4AA6A-901C-40CE-BF79-9989D1EB488F} - OProcSessId.dat

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File read: C:\Users\desktop.ini

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://c.web.de/@337550745597380876/74ahEl4NT1un_FYZa8msnw
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1948,i,2416684251995544226,11427346836613146946,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1948,i,2416684251995544226,11427346836613146946,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Downloads\57361.xlsx"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Downloads\57361.xlsx"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Process information queried: ProcessInformation

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
52.113.194.132	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.185.68	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
184.27.96.196	unknown	United States	7016	CCCH-3US	false
51.132.193.105	unknown	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
74.125.133.84	unknown	United States	15169	GOOGLEUS	false
13.107.246.57	s-part-0029.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.186.163	unknown	United States	15169	GOOGLEUS	false
217.72.199.4	cloud.web.de	Germany	8560	ONEANDONE-ASBrauerstrasse48DE	false
195.20.251.162	sdthumbs.ui-static.net	Germany	8560	ONEANDONE-ASBrauerstrasse48DE	false
195.20.251.111	uim-tifbs.ha-cdn.de	Germany	8560	ONEANDONE-ASBrauerstrasse48DE	false
82.165.229.39	wa.web.de	Germany	8560	ONEANDONE-ASBrauerstrasse48DE	false
52.109.68.129	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.164	www.google.com	United States	15169	GOOGLEUS	false
195.20.251.168	cgateu01we.g-ha-web.de	Germany	8560	ONEANDONE-ASBrauerstrasse48DE	false
52.109.28.46	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.185.195	unknown	United States	15169	GOOGLEUS	false
184.28.90.27	unknown	United States	16625	AKAMAI-ASUS	false
142.250.184.206	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
wa.web.de	82.165.229.39	true
cgateu01we.g-ha-web.de	195.20.251.168	true
uim-tifbs.ha-cdn.de	195.20.251.111	true
www.google.com	142.250.185.164	true
sdthumbs.ui-static.net	195.20.251.162	true
cloud.web.de	217.72.199.4	true
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true
s-part-0029.t-0009.t-msedge.net	13.107.246.57	true
img.web.de	unknown	unknown
s.uicdn.com	unknown	unknown
c.web.de	unknown	unknown
cgateu01we.storage-webde.de	unknown	unknown
dl.web.de	unknown	unknown
img.ui-portal.de	unknown	unknown
uim.tifbs.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://c.web.de/@337550745597380876/74ahEl4NT1un_FYZa8msnw	false		unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Office\Features\1-7FeatureCache.txt (copy)	data	E7B95B7F3F1401DD8786963C91C74FF1	490735B94C9F702ECDDD41845FEA25B5A3D1CAFD	07E2EB1908245939906E837A7CA8A3CFE8627CE881291D1A77292F806AE8D043
C:\Users\user\AppData\Local\Temp\5C2BD76B.tmp	data	E7B95B7F3F1401DD8786963C91C74FF1	490735B94C9F702ECDDD41845FEA25B5A3D1CAFD	07E2EB1908245939906E837A7CA8A3CFE8627CE881291D1A77292F806AE8D043
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 28 10:58:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	3F96AF775D751D9AB9F32127CA7B83B7	6A77DAC9FC04BD3D0890F18531452FFBD477A98C	0C605B4A8A5921102DBAFF8FD1025A00F5A53F424DC921F86293110F94980767
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 28 10:58:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	E938BA6B778E6BC11D8510ED27F7116F	68C6DFAD2381277A2668CC6234D65011EB16CBE8	878DEBD0C6217BBDE13478E59241A8977866E4F72D57CF7B6630637252A35323
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	93E448D2671B4E652E6053FC505DA69B	2D007A9FBFC4CFE3D25C61B65D96DFE31B0B848F	750E2F9C737CD5BEC50075C7562508846C6EF8734DD7256344BBF85819D6B305
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 28 10:58:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	920D9F72C6E6DAAD96FDDA41F9D162CE	B1BB96D3CD67A5945F364E49FB3F714760EAD7E4	401C49B4C0629627B50EBA5887DD513DD9CF05F8CF4C0E4BAD92A893EDFE7D43
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 28 10:58:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	E4406A9CAEFF3F6402596BB39EC3C2F7	8A8FD8858AD2362FD2AA1721A300B75BA96D9FB3	267CE5D887ED69636323D95C90DA17EE8BE96257A66F87CC97D84BE25B05D7D0
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 28 10:58:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	1191B61E4C2DB7877771B5C5084FB6FB	461D708DAADD8243377601712EA39F97995BAD1D	42AF62A5CDCBFD605C2955836030D037E76E44B18724FE05219A301C9E31E243
C:\Users\user\Downloads\57361.xlsx (copy)	Microsoft Excel 2007+	A1B0648EF6027E125819875685A98561	29041F6181F644C2E1DED8CC24411F52268B6842	3EBA498F18C74DBB9D3EDA4AAD1EE18DA3DD5C828AC052DA074CB6F9AC916E6E
C:\Users\user\Downloads\57361.xlsx.crdownload (copy)	Microsoft Excel 2007+	A1B0648EF6027E125819875685A98561	29041F6181F644C2E1DED8CC24411F52268B6842	3EBA498F18C74DBB9D3EDA4AAD1EE18DA3DD5C828AC052DA074CB6F9AC916E6E
C:\Users\user\Downloads\9865efbd-ac21-42cd-b457-5bb4cab79430.tmp	Microsoft Excel 2007+	A1B0648EF6027E125819875685A98561	29041F6181F644C2E1DED8CC24411F52268B6842	3EBA498F18C74DBB9D3EDA4AAD1EE18DA3DD5C828AC052DA074CB6F9AC916E6E
C:\Users\user\Downloads\~$57361.xlsx	data	9AC4D67F6E514F452D4A1DB79CE3B2E8	33F8C665ECBB81275D2E49D48F2565A58A282043	407E1D871964C93DBDBD4D00613CD0A9E30D3ED6352D8052C58E7A252D52FC5A
Chrome Cache Entry: 176	MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel	E28E217FE7CC6E04619D224FE0864660	259EA5C86F9153D0980B3872FC3432BE6C0A7884	FC68B906543280A143EC95215F32825DB7A580B38955886D101FC1BA1DD0B6FD
Chrome Cache Entry: 179	Web Open Font Format, TrueType, length 18080, version 1.0	7D3616C7D04A9AE474875E42C4BC0496	4D0137DD6F1E5325EB3BA3E7BC4D577E68C75D46	7676E0D97793004054C4EC3E7CBD2D98C52FABC90479B7E3D5CFBB62F4E7A5AF
Chrome Cache Entry: 180	ASCII text, with very long lines (1156)	3B781B3D1514B04D608FA13D2D953DA6	2E725AA49E6ED81E4C0504667C7FF459FC58A277	B0183A27CEFE980ADC08F42279EF52492D3355030F82C787529854B1C0D71A67
Chrome Cache Entry: 181	ASCII text, with very long lines (10217)	7157132ED555035B02D8B2B48A3E8CC0	3B91A8BB97ADED989B2519429D17A9EB62140AA0	3D553C6558753F37757FFE12F433D5FC5785E29995ACC79CF4BF648CC23A70BA
Chrome Cache Entry: 182	ASCII text, with very long lines (65536), with no line terminators	A1E13ADE6C10A59FA83AB2AFC7EE635C	14E1CAA562247CB67F9359213ECF4DC91AD75130	4752E672F429A09E99E15E285C05888ECA3B890AD3D4516F0F7504C31CE4BC8E
Chrome Cache Entry: 183	ASCII text, with very long lines (1148)	7AC0F0FE6BB5AC05D36D5A514EF13DEC	CBDE7C5AA68EF0017E253B104303DCFCA36E8FD3	9577230B731D530DB1798D88829D4AB8DD1D580ACBD570EEA497125DB6E9E50B
Chrome Cache Entry: 185	ASCII text, with very long lines (65536), with no line terminators	05A945B320ED2C95CE16F8E6A7C4E5A7	5F9778777A3F131F0EEEE71342EF62F06AE64825	28436617D77ACFC81FE7626022A96AB4E259FFECA1724B887FD8630F9E72C494
Chrome Cache Entry: 189	Unicode text, UTF-8 (with BOM) text, with very long lines (65533), with no line terminators	F3E9E4E89CC07439EED85242D3CA98E0	59501E70ED04CABC7900D7E0CA61AE904BD8DAD5	B5FDA04A5F4322F80EA23005B3DE6CFD2142F4C7366BF5E6D1C40639309AA8C8
Chrome Cache Entry: 190	JSON data	1077F4776AEBEA915EFCAC4E9B298313	35D5C07B0E226F1472AB9974522DD5F645AF9093	16C7A883D1606D712EEB42E37AB88E4369F7E80D1CB60C46DC824C752C60D67C
Chrome Cache Entry: 191	JSON data	E4BC978E1E38A9D921F1A52454E86DF5	4305979A6385AB970852408B843A5675FB9B4CBC	00543C6D7CB857A2A1A183B146F28B2C6887B1A81EF7C7611C543BC5D20E1F5C
Chrome Cache Entry: 192	JSON data	66A46B78D6968714A0748431F0C0E46A	EBD990914F0563FB6AEA1945AF503E63B83A1FA2	6CE05ACF193622B841E1103494D740FE466C497FA544447118AFC16DF125260C
Chrome Cache Entry: 193	ASCII text, with very long lines (65536), with no line terminators	26A4D20A4C7352A536690E908C6771B9	48CA7296FCAE1A1A07248F84C03E41EE627B5182	9A81FB77E936DD51B57A1157B8808B123618933E062F29C80A12BACCFD792257
Chrome Cache Entry: 197	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x200, components 3	91012147F1D208743FC978837CF479DB	97042CAD89964DC9C494C5168654676A608AD941	6626B1FEA22304A57E92D38AD731140A6DBA56D14EBF03257A11C77366AE94AA
Chrome Cache Entry: 198	ASCII text, with very long lines (60878)	1E72002807A4BC2E01F439A27E229A2D	BFA937100A5550CFB79A2EE9DE0D1D12A2F65675	8CD3C58F9C12F731041A0DDE494601263FC377DC3D226861066C2DDE82DC5C68
Chrome Cache Entry: 199	HTML document, Unicode text, UTF-8 text, with very long lines (65534), with no line terminators	60B4385140123339BEFC90E632B26294	705AA3D450DEB76C26817B21D767106E5627E5B8	34FA0E170A392C910229BE2221725C55ED9C507A3D529E19432E553A144F42B5

HTML body with high number of embedded SVGs detected

Source: https://c.web.de/@337550745597380876/74ahEl4NT1un_FYZa8msnw

HTTP Parser: Total embedded SVG size: 156283

HTML page contains hidden javascript code

Source: https://c.web.de/@337550745597380876/74ahEl4NT1un_FYZa8msnw

HTTP Parser: Base64 decoded: spfgoto=/onlinespeicher_erweitern&spfportal=produkte&mc=undefined

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.167.17.97:443 -> 192.168.2.16:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.71:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.71:443 -> 192.168.2.16:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.16:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.16:53306 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.16:53307 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.16:53308 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.16:53309 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:53932 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.71:443 -> 192.168.2.16:53935 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.57:443 -> 192.168.2.16:53941 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.57:443 -> 192.168.2.16:53939 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.57:443 -> 192.168.2.16:53940 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.57:443 -> 192.168.2.16:53938 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.57:443 -> 192.168.2.16:53937 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:53948 version: TLS 1.2

Source: excel.exe	Memory has grown: Private usage: 19MB later: 71MB
Source: chrome.exe	Memory has grown: Private usage: 7MB later: 30MB

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.16:53929 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53305 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53929 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53305 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53929 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53305 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53929 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53305 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53929 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53305 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53929 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53305 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 52.167.17.97
Source: unknown	TCP traffic detected without corresponding DNS query: 52.167.17.97
Source: unknown	TCP traffic detected without corresponding DNS query: 52.167.17.97
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.167.17.97
Source: unknown	TCP traffic detected without corresponding DNS query: 52.167.17.97

Source: global traffic	DNS traffic detected: DNS query: c.web.de
Source: global traffic	DNS traffic detected: DNS query: s.uicdn.com
Source: global traffic	DNS traffic detected: DNS query: dl.web.de
Source: global traffic	DNS traffic detected: DNS query: uim.tifbs.net
Source: global traffic	DNS traffic detected: DNS query: img.ui-portal.de
Source: global traffic	DNS traffic detected: DNS query: wa.web.de
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: sdthumbs.ui-static.net
Source: global traffic	DNS traffic detected: DNS query: img.web.de
Source: global traffic	DNS traffic detected: DNS query: cgateu01we.storage-webde.de

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 53944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53311 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 53938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53314 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53308 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53313 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53307 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 53948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53309 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53935
Source: unknown	Network traffic detected: HTTP traffic on port 53945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53932
Source: unknown	Network traffic detected: HTTP traffic on port 53310 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53309
Source: unknown	Network traffic detected: HTTP traffic on port 53946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53308
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53307
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53306
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53944
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53948
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53940
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53312
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53950
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53311
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53310
Source: unknown	Network traffic detected: HTTP traffic on port 53943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53314
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53313
Source: unknown	Network traffic detected: HTTP traffic on port 53312 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53306 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 53937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.167.17.97:443 -> 192.168.2.16:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.71:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.71:443 -> 192.168.2.16:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.16:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.231.128.59:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.16:53306 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.16:53307 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.16:53308 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.16:53309 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:53932 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.71:443 -> 192.168.2.16:53935 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.57:443 -> 192.168.2.16:53941 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.57:443 -> 192.168.2.16:53939 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.57:443 -> 192.168.2.16:53940 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.57:443 -> 192.168.2.16:53938 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.57:443 -> 192.168.2.16:53937 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:53948 version: TLS 1.2

Source: classification engine

Classification label: clean3.win@22/24@34/126

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\{6CA4AA6A-901C-40CE-BF79-9989D1EB488F} - OProcSessId.dat

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File read: C:\Users\desktop.ini

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://c.web.de/@337550745597380876/74ahEl4NT1un_FYZa8msnw
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1948,i,2416684251995544226,11427346836613146946,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1948,i,2416684251995544226,11427346836613146946,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Downloads\57361.xlsx"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Downloads\57361.xlsx"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Process information queried: ProcessInformation

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

ID:	1500454
Product:	CloudBasic
Start time:	13:57:44
Start date:	28.08.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://c.web.de/@337550745597380876/74ahEl4NT1un_FYZa8msnw

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://c.web.de/@337550745597380876/74ahEl4NT1un_FYZa8msnw

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://c.web.de/@337550745597380876/74ahEl4NT1un_FYZa8msnw