Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xls

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Apr 17 02:34:47 2024, Security: 1

initial sample

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\main[1].js

Unicode text, UTF-8 text, with very long lines (45197)

dropped

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1

data

modified

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

ASCII text

dropped

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF6beb59.TMP (copy)

ASCII text

dropped

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\font[1].eot

Embedded OpenType (EOT), Atkinson Hyperlegible family

modified

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\global[1].css

ASCII text, with very long lines (2265), with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\index[1].html

HTML document, ASCII text, with very long lines (348)

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\main[1].css

ASCII text, with very long lines (8981), with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\index[1].html

HTML document, ASCII text, with very long lines (348)

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\css2[1].css

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\99E1BAC8.emf

Windows Enhanced Metafile (EMF) image data version 0x10000

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BFAAF593.emf

Windows Enhanced Metafile (EMF) image data version 0x10000

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D4E20A78.emf

Windows Enhanced Metafile (EMF) image data version 0x10000

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E3092323.emf

Windows Enhanced Metafile (EMF) image data version 0x10000

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FE6A2C29.emf

Windows Enhanced Metafile (EMF) image data version 0x10000

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FEB9295A.emf

Windows Enhanced Metafile (EMF) image data version 0x10000

dropped

C:\Users\user\AppData\Local\Temp\~DF4197F9AF0E1175A1.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DF57F995265FDB66B6.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DFB6DE027B7CC70010.TMP

Composite Document File V2 Document, Cannot read section info

dropped

C:\Users\user\AppData\Local\Temp\~DFC849BCD570ABD8B1.TMP

data

dropped

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store

data

dropped

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei

data

dropped

C:\Users\user\Desktop\11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xls (copy)

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Thu Apr 18 09:18:18 2024, Security: 1

dropped

C:\Users\user\Desktop\C2030000

dropped

C:\Users\user\Desktop\C2030000:Zone.Identifier

ASCII text, with CRLF line terminators

dropped

There are 19 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	808
Target ID:	0
Parent PID:	564
Name:	EXCEL.EXE
Class:	excel
Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Commandline:	"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
Size:	28253536
MD5:	D53B85E21886D2AF9815C377537BCAC3
Time:	10:17:36
Date:	18/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x13f630000
Modulesize:	28282880
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Excel Network Connections	System Summary
Sigma detected: Suspicious Office Outbound Connections	System Summary
Sigma detected: Modification of IE Registry Settings	System Summary
Spawns processes	System Summary	Process Injection

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	848
Target ID:	4
Parent PID:	564
Name:	AcroRd32.exe
Class:	acrobat
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Commandline:	"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" -Embedding
Size:	2525680
MD5:	2F8D93826B8CBF9290BC57535C7A6817
Time:	10:18:05
Date:	18/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x8e0000
Modulesize:	2539520
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Document exploit detected (process start blacklist hit)	Software Vulnerabilities	Exploitation for Client Execution
Spawns processes	System Summary	Process Injection

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043

Details

Is windows:	true
Is dropped:	false
PID:	3268
Target ID:	6
Parent PID:	848
Name:	RdrCEF.exe
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Commandline:	"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
Size:	9805808
MD5:	326A645391A97C760B60C558A35BB068
Time:	10:18:20
Date:	18/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x1220000
Modulesize:	9830400
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://www.pop.tg/dist/main.css

172.67.206.230

Details

Name:	https://www.pop.tg/dist/main.css
IP:	172.67.206.230
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for domain / URL	AV Detection
Potential document exploit detected (performs HTTP gets)	Software Vulnerabilities	Exploitation for Client Execution
Potential document exploit detected (unknown TCP traffic)	Software Vulnerabilities	Exploitation for Client Execution
Sigma detected: Excel Network Connections	System Summary
Sigma detected: Suspicious Office Outbound Connections	System Summary
Uses secure TLS version for HTTPS connections	Compliance, Networking

https://www.pop.tg/dist/main.js

172.67.206.230

Details

Name:	https://www.pop.tg/dist/main.js
IP:	172.67.206.230
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for domain / URL	AV Detection
Potential document exploit detected (performs HTTP gets)	Software Vulnerabilities	Exploitation for Client Execution
Potential document exploit detected (unknown TCP traffic)	Software Vulnerabilities	Exploitation for Client Execution
Sigma detected: Excel Network Connections	System Summary
Sigma detected: Suspicious Office Outbound Connections	System Summary
Uses secure TLS version for HTTPS connections	Compliance, Networking

https://www.pop.tg/global.css

172.67.206.230

Details

Name:	https://www.pop.tg/global.css
IP:	172.67.206.230
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for domain / URL	AV Detection
Potential document exploit detected (performs HTTP gets)	Software Vulnerabilities	Exploitation for Client Execution
Potential document exploit detected (unknown TCP traffic)	Software Vulnerabilities	Exploitation for Client Execution
Sigma detected: Excel Network Connections	System Summary
Sigma detected: Suspicious Office Outbound Connections	System Summary
Uses secure TLS version for HTTPS connections	Compliance, Networking

https://www.pop.tg

unknown

Details

Name:	https://www.pop.tg
TargetID:	-1
From Memory:	true
Source:	index[1].html0.0.dr, index[1].html.0.dr

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for domain / URL	AV Detection
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking

https://www.pop.tg/

172.67.206.230

Details

Name:	https://www.pop.tg/
IP:	172.67.206.230
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for domain / URL	AV Detection
Potential document exploit detected (performs HTTP gets)	Software Vulnerabilities	Exploitation for Client Execution
Potential document exploit detected (unknown TCP traffic)	Software Vulnerabilities	Exploitation for Client Execution
Sigma detected: Excel Network Connections	System Summary
Sigma detected: Suspicious Office Outbound Connections	System Summary
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Uses secure TLS version for HTTPS connections	Compliance, Networking

http://ogp.me/ns#

unknown

http://pop.tg/IGWYr

172.67.206.230

Details

Name:	http://pop.tg/IGWYr
IP:	172.67.206.230
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for domain / URL	AV Detection
Document embeds suspicious OLE2 link	System Summary
Potential document exploit detected (performs HTTP gets)	Software Vulnerabilities	Exploitation for Client Execution
Potential document exploit detected (unknown TCP traffic)	Software Vulnerabilities	Exploitation for Client Execution
Sigma detected: Excel Network Connections	System Summary
Sigma detected: Suspicious Office Outbound Connections	System Summary
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

Domains

Name

Malicious

www.pop.tg

172.67.206.230

Details

Name:	www.pop.tg
IP:	172.67.206.230
TargetID:	0
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Potential document exploit detected (performs DNS queries)	Software Vulnerabilities	Exploitation for Client Execution
Potential document exploit detected (performs HTTP gets)	Software Vulnerabilities	Exploitation for Client Execution
Potential document exploit detected (unknown TCP traffic)	Software Vulnerabilities	Exploitation for Client Execution
Sigma detected: Excel Network Connections	System Summary
Sigma detected: Suspicious Office Outbound Connections	System Summary
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

pop.tg

172.67.206.230

Details

Name:	pop.tg
IP:	172.67.206.230
TargetID:	0
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Document embeds suspicious OLE2 link	System Summary
Potential document exploit detected (performs DNS queries)	Software Vulnerabilities	Exploitation for Client Execution
Potential document exploit detected (performs HTTP gets)	Software Vulnerabilities	Exploitation for Client Execution
Potential document exploit detected (unknown TCP traffic)	Software Vulnerabilities	Exploitation for Client Execution
Sigma detected: Excel Network Connections	System Summary
Sigma detected: Suspicious Office Outbound Connections	System Summary
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

172.67.206.230

www.pop.tg

United States

Details

IP:	172.67.206.230
TargetID:	0
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	www.pop.tg

Signature Hits	Behavior Group	Mitre Attack
Potential document exploit detected (performs HTTP gets)	Software Vulnerabilities	Exploitation for Client Execution
Potential document exploit detected (unknown TCP traffic)	Software Vulnerabilities	Exploitation for Client Execution
Sigma detected: Excel Network Connections	System Summary
Sigma detected: Suspicious Office Outbound Connections	System Summary
Uses secure TLS version for HTTPS connections	Compliance, Networking

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems

5 &

HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel

Enabled

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel

MTTT

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle

ReviewToken

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\266BE

266BE

HKEY_CURRENT_USER\Software\Microsoft\GDIPlus

FontCachePath

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems

1i&

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU

Max Display

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Max Display

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 1

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 2

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 3

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 4

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 5

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 6

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 7

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 8

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 9

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 10

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 11

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 12

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 13

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 14

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 15

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 16

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 17

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 18

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 19

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 20

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\30619

30619

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3078F

3078F

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\30ABA

30ABA

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU

Max Display

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU

Item 1

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Max Display

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 1

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 2

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 3

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 4

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 5

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 6

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 7

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 8

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 9

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 10

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 11

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 12

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 13

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 14

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 15

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 16

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached

{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 17

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 18

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 19

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 20

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru

Item 21

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents

LastPurgeTime

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1033

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1033

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage

EXCELFiles

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage

ProductFiles

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage

VBAFiles

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

SavedLegacySettings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C

Blob

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C

Blob

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3078F

3078F

There are 62 hidden registries, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xls

Files

Processes

URLs

Domains

IPs

Registry

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xls

Files

Processes

URLs

Domains

IPs

Registry

IOC Report
11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xls