Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

"C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	5800
Target ID:	0
Parent PID:	800
Name:	EXCEL.EXE
Class:	excel
Path:	C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
Commandline:	"C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding
Size:	27110184
MD5:	5D6638F2C8F8571C593999C58866007E
Time:	06:38:17
Date:	31/10/2022
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x11b0000
Modulesize:	27131904
Wow64:	true

URLs

Name

Malicious

https://ebs-prd.eos.lkqeurope.com:443/OA_HTML//BneUploaderService?bne:tickleSession=Truem:443/

unknown

http://www.oracle.com/bne

unknown

https://ebs-prd.eos.lkqeurope.com:443/OA_HTML//

unknown

https://ebs-prd.eos.lkqeurope.com:443/OA_HTML/BneComponentServiceos.lk

unknown

https://ebs-prd.eos.lkqeurope.com:443/OA_HTML/BneUploaderServiceeos.lk

unknown

https://ebs-prd.eos.lkqeurope.com:443/OA_HTML/

unknown

https://ebs-prd.eos.lkqeurope.com:443/OA_HTML/BneDownloadServiceeos.lk(

unknown

https://ebs-prd.eos.lkqeurope.com:443/OA_HTML/BneDownloadServiceeos.lk(FM51SOK4ODFJXCML07W7O8HY1PLOC

unknown

https://ebs-prd.eos.lkqeurope.

unknown

https://ebs-prd.eos.lkqeurope.com:443/OA

unknown

https://ebs-prd.eos.lkqeurope.com:443/OA_HTML/BneApplicationService

unknown

There are 1 hidden URLs, click here to show them.

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems

!i8

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems

"i8

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV

LastBootTime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage

VBAFiles

HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0

MSForms

HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0

MSComctlLib

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle

ReviewToken

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\1C918

1C918

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FCD71760-D87F-4BEC-B4D1-A7CD1A88740B}\2.0

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FCD71760-D87F-4BEC-B4D1-A7CD1A88740B}\2.0\FLAGS

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FCD71760-D87F-4BEC-B4D1-A7CD1A88740B}\2.0\0\win32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FCD71760-D87F-4BEC-B4D1-A7CD1A88740B}\2.0\HELPDIR

NULL

HKEY_CURRENT_USER_Classes\TypeLib\{FCD71760-D87F-4BEC-B4D1-A7CD1A88740B}\2.0

NULL

HKEY_CURRENT_USER_Classes\TypeLib\{FCD71760-D87F-4BEC-B4D1-A7CD1A88740B}\2.0\FLAGS

NULL

HKEY_CURRENT_USER_Classes\TypeLib\{FCD71760-D87F-4BEC-B4D1-A7CD1A88740B}\2.0\0\win32

NULL

HKEY_CURRENT_USER_Classes\TypeLib\{FCD71760-D87F-4BEC-B4D1-A7CD1A88740B}\2.0\HELPDIR

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}

NULL

HKEY_CURRENT_USER_Classes\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{EC72F590-F375-11CE-B9E8-00AA006B1A69}

NULL

HKEY_CURRENT_USER_Classes\Interface\{EC72F590-F375-11CE-B9E8-00AA006B1A69}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}

NULL

HKEY_CURRENT_USER_Classes\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{82B02371-B5BC-11CF-810F-00A0C9030074}

NULL

HKEY_CURRENT_USER_Classes\Interface\{82B02371-B5BC-11CF-810F-00A0C9030074}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{82B02372-B5BC-11CF-810F-00A0C9030074}

NULL

HKEY_CURRENT_USER_Classes\Interface\{82B02372-B5BC-11CF-810F-00A0C9030074}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}

NULL

HKEY_CURRENT_USER_Classes\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{8A683C91-BA84-11CF-8110-00A0C9030074}

NULL

HKEY_CURRENT_USER_Classes\Interface\{8A683C91-BA84-11CF-8110-00A0C9030074}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF}

NULL

HKEY_CURRENT_USER_Classes\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{04598FC7-866C-11CF-AB7C-00AA00C08FCF}

NULL

HKEY_CURRENT_USER_Classes\Interface\{04598FC7-866C-11CF-AB7C-00AA00C08FCF}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}

NULL

HKEY_CURRENT_USER_Classes\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{04598FC8-866C-11CF-AB7C-00AA00C08FCF}

NULL

HKEY_CURRENT_USER_Classes\Interface\{04598FC8-866C-11CF-AB7C-00AA00C08FCF}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{9A4BBF53-4E46-101B-8BBD-00AA003E3B29}

NULL

HKEY_CURRENT_USER_Classes\Interface\{9A4BBF53-4E46-101B-8BBD-00AA003E3B29}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}

NULL

HKEY_CURRENT_USER_Classes\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{CF3F94A0-F546-11CE-9BCE-00AA00608E01}

NULL

HKEY_CURRENT_USER_Classes\Interface\{CF3F94A0-F546-11CE-9BCE-00AA00608E01}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}

NULL

HKEY_CURRENT_USER_Classes\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{04598FC4-866C-11CF-AB7C-00AA00C08FCF}

NULL

HKEY_CURRENT_USER_Classes\Interface\{04598FC4-866C-11CF-AB7C-00AA00C08FCF}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{8BD21D13-EC42-11CE-9E0D-00AA006002F3}

NULL

HKEY_CURRENT_USER_Classes\Interface\{8BD21D13-EC42-11CE-9E0D-00AA006002F3}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}

NULL

HKEY_CURRENT_USER_Classes\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{8BD21D33-EC42-11CE-9E0D-00AA006002F3}

NULL

HKEY_CURRENT_USER_Classes\Interface\{8BD21D33-EC42-11CE-9E0D-00AA006002F3}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{8BD21D43-EC42-11CE-9E0D-00AA006002F3}

NULL

HKEY_CURRENT_USER_Classes\Interface\{8BD21D43-EC42-11CE-9E0D-00AA006002F3}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3}

NULL

HKEY_CURRENT_USER_Classes\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{8BD21D63-EC42-11CE-9E0D-00AA006002F3}

NULL

HKEY_CURRENT_USER_Classes\Interface\{8BD21D63-EC42-11CE-9E0D-00AA006002F3}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}

NULL

HKEY_CURRENT_USER_Classes\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{A38BFFC3-A5A0-11CE-8107-00AA00611080}

NULL

HKEY_CURRENT_USER_Classes\Interface\{A38BFFC3-A5A0-11CE-8107-00AA00611080}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{944ACF93-A1E6-11CE-8104-00AA00611080}

NULL

HKEY_CURRENT_USER_Classes\Interface\{944ACF93-A1E6-11CE-8104-00AA00611080}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}

NULL

HKEY_CURRENT_USER_Classes\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}

NULL

HKEY_CURRENT_USER_Classes\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{4C599243-6926-101B-9992-00000B65C6F9}

NULL

HKEY_CURRENT_USER_Classes\Interface\{4C599243-6926-101B-9992-00000B65C6F9}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}

NULL

HKEY_CURRENT_USER_Classes\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}

NULL

HKEY_CURRENT_USER_Classes\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}

NULL

HKEY_CURRENT_USER_Classes\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{5512D117-5CC6-11CF-8D67-00AA00BDCE1D}

NULL

HKEY_CURRENT_USER_Classes\Interface\{5512D117-5CC6-11CF-8D67-00AA00BDCE1D}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{5512D119-5CC6-11CF-8D67-00AA00BDCE1D}

NULL

HKEY_CURRENT_USER_Classes\Interface\{5512D119-5CC6-11CF-8D67-00AA00BDCE1D}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}

NULL

HKEY_CURRENT_USER_Classes\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{5512D11D-5CC6-11CF-8D67-00AA00BDCE1D}

NULL

HKEY_CURRENT_USER_Classes\Interface\{5512D11D-5CC6-11CF-8D67-00AA00BDCE1D}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{5512D11F-5CC6-11CF-8D67-00AA00BDCE1D}

NULL

HKEY_CURRENT_USER_Classes\Interface\{5512D11F-5CC6-11CF-8D67-00AA00BDCE1D}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}

NULL

HKEY_CURRENT_USER_Classes\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{5512D125-5CC6-11CF-8D67-00AA00BDCE1D}

NULL

HKEY_CURRENT_USER_Classes\Interface\{5512D125-5CC6-11CF-8D67-00AA00BDCE1D}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{978C9E22-D4B0-11CE-BF2D-00AA003F40D0}

NULL

HKEY_CURRENT_USER_Classes\Interface\{978C9E22-D4B0-11CE-BF2D-00AA003F40D0}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F}

NULL

HKEY_CURRENT_USER_Classes\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}

NULL

HKEY_CURRENT_USER_Classes\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{8BD21D22-EC42-11CE-9E0D-00AA006002F3}

NULL

HKEY_CURRENT_USER_Classes\Interface\{8BD21D22-EC42-11CE-9E0D-00AA006002F3}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}

NULL

HKEY_CURRENT_USER_Classes\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}

NULL

HKEY_CURRENT_USER_Classes\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}

NULL

HKEY_CURRENT_USER_Classes\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}

NULL

HKEY_CURRENT_USER_Classes\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}

NULL

HKEY_CURRENT_USER_Classes\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{7B020EC7-AF6C-11CE-9F46-00AA00574A4F}

NULL

HKEY_CURRENT_USER_Classes\Interface\{7B020EC7-AF6C-11CE-9F46-00AA00574A4F}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}

NULL

HKEY_CURRENT_USER_Classes\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}

NULL

HKEY_CURRENT_USER_Classes\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D}

NULL

HKEY_CURRENT_USER_Classes\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}

NULL

HKEY_CURRENT_USER_Classes\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{47FF8FE1-6198-11CF-8CE8-00AA006CB389}

NULL

HKEY_CURRENT_USER_Classes\Interface\{47FF8FE1-6198-11CF-8CE8-00AA006CB389}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}

NULL

HKEY_CURRENT_USER_Classes\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389}

NULL

HKEY_CURRENT_USER_Classes\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{47FF8FE4-6198-11CF-8CE8-00AA006CB389}

NULL

HKEY_CURRENT_USER_Classes\Interface\{47FF8FE4-6198-11CF-8CE8-00AA006CB389}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{47FF8FE5-6198-11CF-8CE8-00AA006CB389}

NULL

HKEY_CURRENT_USER_Classes\Interface\{47FF8FE5-6198-11CF-8CE8-00AA006CB389}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}

NULL

HKEY_CURRENT_USER_Classes\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389}

NULL

HKEY_CURRENT_USER_Classes\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{47FF8FE9-6198-11CF-8CE8-00AA006CB389}

NULL

HKEY_CURRENT_USER_Classes\Interface\{47FF8FE9-6198-11CF-8CE8-00AA006CB389}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{5CEF5613-713D-11CE-80C9-00AA00611080}

NULL

HKEY_CURRENT_USER_Classes\Interface\{5CEF5613-713D-11CE-80C9-00AA00611080}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}

NULL

HKEY_CURRENT_USER_Classes\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}

NULL

HKEY_CURRENT_USER_Classes\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}

NULL

HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F}

NULL

HKEY_CURRENT_USER_Classes\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109E60090400000000000F01FEC\Usage

VBAFilesIntl_1033

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems

dz8

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\28880

28880

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109E60090400000000000F01FEC\Usage

ProductNonBootFilesIntl_1033

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\29561

29561

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Place MRU

Item 1

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\File MRU

Item 21

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage

ProductFiles

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-US

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-US

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage

EXCELFiles

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming

RoamingConfigurableSettings

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming

RoamingLastSyncTime

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming

RoamingLastWriteTime

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV

LastBootTime

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109E60090400000000000F01FEC\Usage

ProductNonBootFilesIntl_1033

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\28880

28880

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage

VBAFiles

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\28880

28880

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Documents

LastPurgeTime

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\28880

28880

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

CacheReady

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

LastRequest

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

CacheReady

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

LastUpdate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

NextUpdate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Place MRU\Change

ChangeId

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\File MRU

Item 1

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\File MRU

Item 2

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\File MRU

Item 3

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\File MRU

Item 4

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\File MRU

Item 5

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\File MRU

Item 6

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\File MRU

Item 7

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\File MRU

Item 8

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\File MRU

Item 9

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\File MRU

Item 10

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\File MRU

Item 11

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\File MRU

Item 12

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\File MRU

Item 13

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\File MRU

Item 14

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\File MRU

Item 15

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\File MRU

Item 16

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\File MRU

Item 17

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\File MRU

Item 18

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\File MRU

Item 19

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\File MRU

Item 20

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\File MRU\Change

ChangeId

There are 184 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

24314602000

heap

page read and write

DF4F2FE000

stack

page read and write

619B57D000

stack

page read and write

3F0CB7F000

stack

page read and write

31780FC000

stack

page read and write

6DF357C000

stack

page read and write

1979E65F000

heap

page read and write

19A1FB00000

heap

page read and write

15039C29000

heap

page read and write

619B37E000

stack

page read and write

23199002000

heap

page read and write

19A1FA65000

heap

page read and write

6DF367E000

stack

page read and write

1979E600000

heap

page read and write

23199065000

heap

page read and write

3177DFC000

stack

page read and write

1979E658000

heap

page read and write

23199000000

heap

page read and write

2431462A000

heap

page read and write

19A1F990000

heap

page read and write

24316002000

trusted library allocation

page read and write

23199075000

heap

page read and write

1F088C90000

heap

page read and write

24314657000

heap

page read and write

1979E67A000

heap

page read and write

31781FC000

stack

page read and write

19A1FB02000

heap

page read and write

1F088E13000

heap

page read and write

2431463D000

heap

page read and write

2DAF0B00000

heap

page read and write

1979E63A000

heap

page read and write

6DF2FFF000

stack

page read and write

619B77E000

stack

page read and write

2DAF0A75000

heap

page read and write

3F0CDFA000

stack

page read and write

19A1F930000

heap

page read and write

15039C66000

heap

page read and write

19A1FA02000

heap

page read and write

1979E667000

heap

page read and write

A8F8FF000

stack

page read and write

19A1FA4F000

heap

page read and write

1979E633000

heap

page read and write

DF4F1FB000

stack

page read and write

24314613000

heap

page read and write

1979E65A000

heap

page read and write

A8FEFD000

stack

page read and write

23199029000

heap

page read and write

2DAF0830000

heap

page read and write

1979E663000

heap

page read and write

15039C64000

heap

page read and write

619B87F000

stack

page read and write

1979E662000

heap

page read and write

24314700000

heap

page read and write

1979E520000

heap

page read and write

24314600000

heap

page read and write

619ACEB000

stack

page read and write

3F0CEFF000

stack

page read and write

1D4A17E000

stack

page read and write

1979EE02000

trusted library allocation

page read and write

1F088DC0000

remote allocation

page read and write

A8FFFD000

stack

page read and write

23199113000

heap

page read and write

19A1FA29000

heap

page read and write

1979E613000

heap

page read and write

15039CCA000

heap

page read and write

1979E64E000

heap

page read and write

15039CC1000

heap

page read and write

31779EC000

stack

page read and write

1503A402000

heap

page read and write

3F0D07F000

stack

page read and write

619B97F000

stack

page read and write

2DAF0A00000

heap

page read and write

1979E67B000

heap

page read and write

1979E530000

heap

page read and write

A8FAFF000

stack

page read and write

15039D13000

heap

page read and write

19A1FA13000

heap

page read and write

1979E640000

heap

page read and write

1F088E02000

heap

page read and write

15039C00000

heap

page read and write

3177F7E000

stack

page read and write

2DAF0A02000

heap

page read and write

23199680000

trusted library allocation

page read and write

2DAF0A13000

heap

page read and write

243145E0000

trusted library allocation

page read and write

24315FF0000

remote allocation

page read and write

1979E674000

heap

page read and write

24314450000

heap

page read and write

3F0CCFE000

stack

page read and write

19A1F9E0000

trusted library allocation

page read and write

1D4A27F000

stack

page read and write

6DF317F000

stack

page read and write

23199102000

heap

page read and write

317837D000

stack

page read and write

243145C0000

trusted library allocation

page read and write

24314689000

heap

page read and write

1D4A07E000

stack

page read and write

1F088E00000

heap

page read and write

1979E66A000

heap

page read and write

243144C0000

heap

page read and write

2DAF1002000

trusted library allocation

page read and write

24314658000

heap

page read and write

23198EC0000

heap

page read and write

1F088DC0000

remote allocation

page read and write

A8F87C000

stack

page read and write

24314672000

heap

page read and write

6DF327F000

stack

page read and write

1F088E27000

heap

page read and write

24315FB0000

trusted library allocation

page read and write

1F088E54000

heap

page read and write

6DF377C000

stack

page read and write

15039A90000

heap

page read and write

619B27C000

stack

page read and write

1979E657000

heap

page read and write

1503A500000

heap

page read and write

DF4F4FE000

stack

page read and write

6DF337F000

stack

page read and write

15039C13000

heap

page read and write

2DAF0B02000

heap

page read and write

1F088E5C000

heap

page read and write

1979E642000

heap

page read and write

DF4ECFC000

stack

page read and write

3F0CFFF000

stack

page read and write

2DAF0A28000

heap

page read and write

A8FDFE000

stack

page read and write

24314648000

heap

page read and write

19A1FA3C000

heap

page read and write

19A1FA2C000

heap

page read and write

24315FF0000

remote allocation

page read and write

15039CB9000

heap

page read and write

2DAF07C0000

heap

page read and write

1979E65C000

heap

page read and write

6DF347E000

stack

page read and write

2DAF0B13000

heap

page read and write

1F089602000

trusted library allocation

page read and write

DF4F3FB000

stack

page read and write

1F088C20000

heap

page read and write

15039CE4000

heap

page read and write

1F088C30000

heap

page read and write

317827B000

stack

page read and write

19A1FA58000

heap

page read and write

6DF2BCC000

stack

page read and write

1979E590000

heap

page read and write

15039D02000

heap

page read and write

1F088E3C000

heap

page read and write

23198EB0000

heap

page read and write

24316200000

trusted library allocation

page read and write

24314665000

heap

page read and write

1979E5C0000

trusted library allocation

page read and write

24315FF0000

remote allocation

page read and write

2DAF0A3C000

heap

page read and write

1979E660000

heap

page read and write

2319905A000

heap

page read and write

1D49F7E000

stack

page read and write

1F088DC0000

remote allocation

page read and write

3F0C9FB000

stack

page read and write

1979E675000

heap

page read and write

2DAF0A71000

heap

page read and write

15039C6F000

heap

page read and write

1979E665000

heap

page read and write

19A1F9C0000

trusted library allocation

page read and write

1D49B3E000

stack

page read and write

15039C44000

heap

page read and write

19A1FA43000

heap

page read and write

24314702000

heap

page read and write

619B67E000

stack

page read and write

317847E000

stack

page read and write

1979E629000

heap

page read and write

23198F20000

heap

page read and write

1979E677000

heap

page read and write

1979E631000

heap

page read and write

1979E67E000

heap

page read and write

24314648000

heap

page read and write

2DAF07D0000

heap

page read and write

1F088F02000

heap

page read and write

1979E684000

heap

page read and write

1D49BBE000

stack

page read and write

15039A30000

heap

page read and write

23199013000

heap

page read and write

2DAF0F90000

trusted library allocation

page read and write

3F0C59C000

stack

page read and write

619B0FA000

stack

page read and write

24314718000

heap

page read and write

1979E66B000

heap

page read and write

1979E66D000

heap

page read and write

619BA7F000

stack

page read and write

1D49ABB000

stack

page read and write

619B47E000

stack

page read and write

2DAF0A51000

heap

page read and write

19A1FA00000

heap

page read and write

24314647000

heap

page read and write

2319906E000

heap

page read and write

19A1FB13000

heap

page read and write

24314658000

heap

page read and write

1F088E29000

heap

page read and write

19A20202000

trusted library allocation

page read and write

1979E63D000

heap

page read and write

317807E000

stack

page read and write

A8FB7E000

stack

page read and write

3F0CC7B000

stack

page read and write

A8FC7E000

stack

page read and write

23199067000

heap

page read and write

1979E702000

heap

page read and write

1979E645000

heap

page read and write

317857F000

stack

page read and write

15039A20000

heap

page read and write

A8FD7D000

stack

page read and write

19A1FA64000

heap

page read and write

1979E648000

heap

page read and write

2319903D000

heap

page read and write

1F088D90000

trusted library allocation

page read and write

23199802000

trusted library allocation

page read and write

24314713000

heap

page read and write

15039B90000

trusted library allocation

page read and write

24314460000

heap

page read and write

1979E646000

heap

page read and write

19A1F920000

heap

page read and write

There are 207 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
bnerad4129F.xlsm

Files

Processes

URLs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportbnerad4129F.xlsm

Files

Processes

URLs

Registry

Memdumps

IOC Report
bnerad4129F.xlsm