Analysis Overview
SHA256
c5835fdee5b37ac6eb59449bd8506ef91c10d7a04a000225d5c8a6b849874574
Threat Level: Known bad
The file b2a4aca9ebb9d8032d7ac5b426c3bbbfb59bff6051f963fc9d55239a48b06898.zip was found to be: Known bad.
Malicious Activity Summary
Async RAT payload
Arrowrat family
Asyncrat family
Obfuscated with Agile.Net obfuscator
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Office loads VBA resources, possible macro or embedded object present
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: AddClipboardFormatListener
Modifies Internet Explorer settings
Opens file in notepad (likely ransom note)
Suspicious use of FindShellTrayWindow
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-10-17 13:33
Signatures
Arrowrat family
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Asyncrat family
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral20
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:42
Platform
win10v2004-20230915-en
Max time kernel
124s
Max time network
308s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.Diagnostics.Contracts.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.22.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.98.74.40.in-addr.arpa | udp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:42
Platform
win10v2004-20230915-en
Max time kernel
134s
Max time network
309s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.Diagnostics.Debug.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.211.247.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.141.182.52.in-addr.arpa | udp |
Files
Analysis: behavioral24
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:42
Platform
win10v2004-20230915-en
Max time kernel
116s
Max time network
291s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.Diagnostics.FileVersionInfo.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.211.247.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.72.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:41
Platform
win7-20230831-en
Max time kernel
122s
Max time network
128s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.ComponentModel.EventBasedAsync.dll",#1
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:41
Platform
win10v2004-20230915-en
Max time kernel
108s
Max time network
253s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.ComponentModel.EventBasedAsync.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.202.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:41
Platform
win10v2004-20230915-en
Max time kernel
137s
Max time network
310s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.ComponentModel.Primitives.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.22.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:42
Platform
win10v2004-20230915-en
Max time kernel
309s
Max time network
312s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.ComponentModel.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.22.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.117.168.52.in-addr.arpa | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:42
Platform
win10v2004-20230915-en
Max time kernel
176s
Max time network
306s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.Console.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.148.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:42
Platform
win7-20230831-en
Max time kernel
120s
Max time network
127s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.Diagnostics.FileVersionInfo.dll",#1
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:41
Platform
win7-20230831-en
Max time kernel
300s
Max time network
320s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.Collections.Specialized.dll",#1
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:43
Platform
win10v2004-20230915-en
Max time kernel
359s
Max time network
442s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.Collections.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.148.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:44
Platform
win7-20230831-en
Max time kernel
273s
Max time network
316s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.ComponentModel.TypeConverter.dll",#1
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:41
Platform
win10v2004-20230915-en
Max time kernel
127s
Max time network
308s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.ComponentModel.TypeConverter.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral28
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:42
Platform
win10v2004-20230915-en
Max time kernel
123s
Max time network
310s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.Diagnostics.StackTrace.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.116.69.13.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:40
Platform
win7-20230831-en
Max time kernel
298s
Max time network
297s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
Enumerates physical storage devices
Office loads VBA resources, possible macro or embedded object present
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6E413261-6CF2-11EE-BACD-7200988DF339} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{484EE701-6CF2-11EE-BACD-7200988DF339} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\MenuExt | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\ = "&Edit" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b0000000002000000000010660000000100002000000052e9cd122b4358ffe83d4320440609580a72b74e85b6292717bc340a9ef99aed000000000e80000000020000200000006dfaa0b1232907163a5bc94e857bf427ca678943ff7906c7c719681fd39ab2d9900000005f6db9a563d7a637dd68eadfc5a87d2bf01bca96f30afe0240256b50e6ae7e1942ba38121f23f726f2d7932b4342afd863211a097ec7c85531dc22bf3315914826fdc3d7d1a0b18d8739eae11c8e1c08ee488e7e77f103bf3318b861f580e051ed2c1fcedc78f4a11a1b8078716d6b2f8f3e51639dbf594a963be3bfff897b198b0bb999632400fcd6aca3be3008c311400000007b3cf64eeb149a98f75927f35dd838002652d6fa6d75d53016071a9b00ee6dd79527cce32dc33f855f17aac0842ba67be12ca42b91618091958594cf2fee4d3e | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\ = "&Edit" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000 | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\ = "&Print" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\DefaultIcon | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\ = "[open(\"%1\")]" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\ = "&Open" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\ = "&Print" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\ = "&Open" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic\ = "system" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\command | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\command | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\application\ = "Excel" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\ = "&Open" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000 | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" %1" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohevi.dll" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000 | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\ = "&Edit" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\application | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000_CLASSES\mpeg3_auto_file\ | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\ShellEx | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" %1" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\command | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shellex\IconHandler | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000_CLASSES\mpeg3_auto_file\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ = "&Open" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\application\ = "Excel" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000_CLASSES\mpeg3_auto_file\shell\edit | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\DefaultIcon\ = "\"%1\"" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\ShellEx | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000_CLASSES\mpeg3_auto_file\shell\edit\command | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\DefaultIcon\ = "\"%1\"" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shellex\IconHandler\ = "{42042206-2D85-11D3-8CFF-005004838597}" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.Collections.NonGeneric.dll",#1
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Desktop\EditExit.odt"
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Desktop\ConfirmInstall.docx"
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\Desktop\DisconnectDeny.pdf"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.adobe.com/go/reader9_create_pdf
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2128 CREDAT:275457 /prefetch:2
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:2
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\SubmitMove.ocx
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\TestUnpublish.ps1xml
C:\Windows\system32\msinfo32.exe
"C:\Windows\system32\msinfo32.exe" "C:\Users\Admin\Desktop\BackupRequest.nfo"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\MergeUnpublish.htm
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:275457 /prefetch:2
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\ReceiveConvertFrom.mpeg3
C:\Program Files\Windows Mail\wab.exe
"C:\Program Files\Windows Mail\wab.exe" /contact "C:\Users\Admin\Desktop\ConnectMove.contact"
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\ReceiveConvertFrom.mpeg3
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Desktop\ReceiveConvertFrom.mpeg3"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.adobe.com | udp |
| NL | 23.72.252.163:80 | www.adobe.com | tcp |
| NL | 23.72.252.163:80 | www.adobe.com | tcp |
| NL | 23.72.252.163:443 | www.adobe.com | tcp |
| NL | 23.72.252.163:443 | www.adobe.com | tcp |
| NL | 23.72.252.163:443 | www.adobe.com | tcp |
| NL | 23.72.252.163:443 | www.adobe.com | tcp |
| NL | 23.72.252.163:443 | www.adobe.com | tcp |
| NL | 23.72.252.163:443 | www.adobe.com | tcp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| FR | 95.101.134.97:443 | use.typekit.net | tcp |
| FR | 95.101.134.97:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | auth.services.adobe.com | udp |
| US | 18.238.243.3:443 | auth.services.adobe.com | tcp |
| US | 18.238.243.3:443 | auth.services.adobe.com | tcp |
| US | 8.8.8.8:53 | assets.adobedtm.com | udp |
| FR | 23.57.80.54:443 | assets.adobedtm.com | tcp |
| FR | 23.57.80.54:443 | assets.adobedtm.com | tcp |
| FR | 95.101.134.97:443 | use.typekit.net | tcp |
| FR | 23.57.80.54:443 | assets.adobedtm.com | tcp |
| US | 8.8.8.8:53 | geo2.adobe.com | udp |
| FR | 23.57.81.34:443 | geo2.adobe.com | tcp |
| FR | 23.57.81.34:443 | geo2.adobe.com | tcp |
| FR | 95.101.134.97:443 | use.typekit.net | tcp |
| FR | 95.101.134.97:443 | use.typekit.net | tcp |
| FR | 23.57.80.54:443 | assets.adobedtm.com | tcp |
| FR | 23.57.80.54:443 | assets.adobedtm.com | tcp |
| FR | 95.101.134.97:443 | use.typekit.net | tcp |
| FR | 23.57.80.54:443 | assets.adobedtm.com | tcp |
| FR | 95.101.134.97:443 | use.typekit.net | tcp |
| FR | 23.57.80.54:443 | assets.adobedtm.com | tcp |
| FR | 95.101.134.97:443 | use.typekit.net | tcp |
| FR | 23.57.80.54:443 | assets.adobedtm.com | tcp |
Files
memory/2576-0-0x000000002F841000-0x000000002F842000-memory.dmp
memory/2576-1-0x000000005FFF0000-0x0000000060000000-memory.dmp
memory/2576-2-0x000000007187D000-0x0000000071888000-memory.dmp
memory/2576-14-0x000000007187D000-0x0000000071888000-memory.dmp
memory/2576-27-0x000000005FFF0000-0x0000000060000000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
| MD5 | e9646776a257094538913c147ba9c48a |
| SHA1 | de1a02d2c0c6ad6b10703bc586f34aa89af23020 |
| SHA256 | f5155e6a53c06a1bed7ab3bc5e2fd406c5d1f2c3fa922bb1ebb428a287cc992a |
| SHA512 | 7dd9677dc0f1f6e0470ee435c1ba06f796e734ded50a55c5de2f47197cdc569ad9c3cffba57adbe84459780e6fe0d9ac382ef4e25671212c83ca6d744298c54e |
memory/2576-28-0x000000007187D000-0x0000000071888000-memory.dmp
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
| MD5 | 0c6534dd068b511c50f9bac71b175020 |
| SHA1 | 25dfac73da9af8812c1bcb0fa2d7167ba4cc8bc5 |
| SHA256 | bfff7e6deda24751020aeabad5640973b51a874b1e5d290f901ceaa7a0a39042 |
| SHA512 | 1e90646d98beb7dd5bab0a07245befd04f224113d7fe31df1290ccb47f5909ebcb23b1c1cb262799f993b3c9b60062c9b66babdb3d7785aa54c63308dafd6f47 |
memory/2200-74-0x000000002F971000-0x000000002F972000-memory.dmp
memory/2200-75-0x000000005FFF0000-0x0000000060000000-memory.dmp
memory/2200-76-0x0000000073E9D000-0x0000000073EA8000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
| MD5 | e9646776a257094538913c147ba9c48a |
| SHA1 | de1a02d2c0c6ad6b10703bc586f34aa89af23020 |
| SHA256 | f5155e6a53c06a1bed7ab3bc5e2fd406c5d1f2c3fa922bb1ebb428a287cc992a |
| SHA512 | 7dd9677dc0f1f6e0470ee435c1ba06f796e734ded50a55c5de2f47197cdc569ad9c3cffba57adbe84459780e6fe0d9ac382ef4e25671212c83ca6d744298c54e |
memory/2200-82-0x0000000073E9D000-0x0000000073EA8000-memory.dmp
memory/2200-89-0x0000000073E9D000-0x0000000073EA8000-memory.dmp
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\UserCache.bin
| MD5 | afa56bb453dfe7dea83b7d7a5de901e0 |
| SHA1 | 0e37f845218f4f20de7f8612fbb3f3dcb4bbe226 |
| SHA256 | 11020ddb2b81b269ff48383642d50142ed9055b3f1c68b25c16463095305c318 |
| SHA512 | be0a5dee5223b3a3feac0630c79cca7558dcf29bae331693c02ed38174cc97156f9356e82772a2117c15d66ff3b206b8fb9c7a89174d2f056eda4291b2e08ab7 |
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
| MD5 | 865598db8bb93cacabade96e560c54b3 |
| SHA1 | bb495bb3b9b3bf352cf266fbfa3caa3665997fc2 |
| SHA256 | 324c65ce7e04f2e73551526dae08231a35a2ed74603313e65e736e1196386134 |
| SHA512 | f21050fc30a8979f8f404e064bdebe1df5edb540190cd77aefa1cfb086dfdc4267abe54c7305c0187eec1f39cf562b150d03f03d9c97b4e9bd4168b6d6e5da2a |
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
| MD5 | d6a779bdd55538ab9c7a43ac4e76e4c7 |
| SHA1 | 7b8b9df4f1487c57c903fe411bf388aee92e64fb |
| SHA256 | b4e9ae238a5aa1e0de20d6a73b935c29541f9e35070e81da6a3203eaed50bfeb |
| SHA512 | e36250393638acf60ab3de2df4fd48e1e0d512c66b37191866c2569c22f79392b34dcf87354794f708acc5ebe4322e5a07afb682b7a2e015a229abc2d3e63988 |
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\JavaScripts\glob.settings.js
| MD5 | 57f3d8f5bcc781fb4a36b750bdd0aeaa |
| SHA1 | e1819f851a49a59553a5c01859935c11a05ddca9 |
| SHA256 | 02e5a385198d6faa3538f414fa8c2e4859bf4e2e0ce6b922c4254f008d287f38 |
| SHA512 | 885f92ee8e1ffb2ffcef35dedf5f47c3a1e4e483e995db5fdb8e9309c009faa71ae05826de893f024d5942ff0460aae7d6390a2bb79cecf1b44cee23f1e99cd8 |
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\AdobeSysFnt09.lst
| MD5 | a3e82779d757fb4faf9cc73237c18b8a |
| SHA1 | ea034b8be607b5244f71e3611aea533aba490177 |
| SHA256 | d4c9d7a37ef7b1dfa3411ff02127df69b6aab8f3e08abd8dacdaae5fb9fe0d9a |
| SHA512 | b256f6f0e2566d86188ee56c9cf0e5ad28231a92cbea8368a178347ac75fa653f964340db541bddd7c7de7f66b918f2c51a4e8243b504b475c9ac09dd760c44f |
C:\Users\Admin\AppData\Local\Temp\Cab717A.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\Tar717D.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 741e98352291750af405b96d669f54fb |
| SHA1 | 2e1601e59f7f9f2d1d55c487f00878758421ed79 |
| SHA256 | b450ada404cd055021c4fa903544ca9b8365fd56e676c8816145176bb6379a65 |
| SHA512 | 22a5149f4c3ed3fc273a8986d0908e3caccf3fe0dc3ef8980ab83f7cf37c7ec469b5307895101cfd2af42c6c0c493f0cf42dbca16ac5f4f10fa3c9755b833fc1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e9f61ec2f53dc4f23b2db2aa813e82b |
| SHA1 | 8b978cddc3f4970dba8669ee05c3e09fd8cdd1e5 |
| SHA256 | f50b357a923a98729419c1e1af0bc8a99c71766bfabfb3f94009d3e9a3ac4e1c |
| SHA512 | 5000037a9db68530da6c28a15def275264265f045c959bb29b427aa9419011305055cb54526f3f1437cb4271036ff387c9bc10d12e8c8f821ea5c3f8ec241a21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c768adf86d18c12926a77dfef53bbef7 |
| SHA1 | 0e3ccd6c4731c2184846895728ae319cf951f59e |
| SHA256 | b624ba7b3aec755b477ab68b0ab374e42aaf5aabf417a22a09737522c8a29e99 |
| SHA512 | f8ab0facf287bc40cd01a27a50a66ae472c020f8383f8bb93dad1bcd6dab2608a8a194b1e89edfd16ad47aad87d4330402bb902fa1f8ea6590cd5a4633e3a32e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98d9c9e548eac503fe01f7c4c82c40d7 |
| SHA1 | 788168b53bea3ddc1b56ede2945b3c9efd7f74cb |
| SHA256 | 6bfcd5de8290caed0d9e24b2a500db82a9c31807f2c3179e127ec9ba5d78c587 |
| SHA512 | ce9cdb042d7dda147e2f4e2085beeb70a0de7a6e9528683d05ff56611f99dd56c3cd494b6db1ae1bcae67c8653ea7bb089f2c17924cb73c7f93f09691531cc1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b74dd1b23e0d2e81205090178b923834 |
| SHA1 | c1945f2f7e365d18c696338b7b40b907e500c8c4 |
| SHA256 | 235967a0167a275455f23a436522c58c9a48e3e46544bdf3f011bd7c4bfda16c |
| SHA512 | 4bb7ee4442d10e0fe3f09f32c0b0850e1a8995b69a507891a4863db8e72da69339ae167e5c9380ad5354525e0914b003d8a594713ffb230a90ef4dac0501108e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d144dba1a7afbe556d96752ba404e2de |
| SHA1 | 19506a8bda42c3ae749c275f59a84638dca5cbd6 |
| SHA256 | 1f6d64b2470b82cda53169ca22ed09b1a5cfc83de8dbd3c3f0f9c55c976b5a36 |
| SHA512 | 91e54e3cbaf1758653983e382b344359e73ce5056afdfd02af757f7d9fd3614996665c9ebd1a7da65a60cf22a86fb505a29b70d0c47659f8ddda221745d18aeb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec330747746ee2ba754a5a5dde49116a |
| SHA1 | f038e7474d47ec7eb1122b50804c962aeebaf3e9 |
| SHA256 | 10b25ef6c4fd59c6488e4f6303caa16573835e5eed23af873bdd660836dc1ed3 |
| SHA512 | eb7cabe8f0f483c3781d97337ab80d056f1cae44b83fde12958bc77bcd1bd630111bdbcfd1df18aa5592caa065c5d1422c3a1113b089360ae5f7a489850744fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32550dc37e161e5e187790963914b5db |
| SHA1 | fe1ca205635aeb6f22b0c17e4a28fb6e99bb6c3f |
| SHA256 | f6ea80757e8e54d008219abe6aaef5528550b15f5de8c0768d83684ace8f5056 |
| SHA512 | 5b853e3101a5bf324fface1e2049d43c18c9362766f014017fd47cba85889e51bbedf91667db02a8c2bf7b157164acdddc3b907f0a7b75234add2bff53370949 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5affb94481f9d4874e64df6b6dcf781c |
| SHA1 | 7d82cccdf5f9537ef094c01e615f4576c188e81f |
| SHA256 | 4567d74026a0d0015ec94f1f247835f332cd68176b7e9a6a4d708a5361618c91 |
| SHA512 | 3327468a1a0550426bdbccb7a1aaa30696e84c97824823e211674827e2eb859d9659422b64ae6ad4108654441abecb8ccbc80208c23287631c439db1c72a543b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e000c00b8591666be5f9f53243b422b7 |
| SHA1 | 0fb90791561e65f69bf84e7259e9abb4d05d60a1 |
| SHA256 | d1df32994626919c526f367adacedcf346d0068d86886deeb9e0e3214056fee8 |
| SHA512 | 1600a9a286897e58b88e582525180b5f7cfe50b0f952cfddb688c94bb74d06d4ab0f96f227bc4b919a38cf1d3ad509dcd1f69e6beafd2d5c21613b284b8a9fa1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c821a5e2cd9d49141a779a63645dfeb5 |
| SHA1 | 624b0fd3591542fdf21e4fa5f746834cfdd12c13 |
| SHA256 | 8c1d7453336f087f5ac2686b8722f3246cc370fd3b9118d033c0be5c18c32404 |
| SHA512 | f28a0ecff71aef17e6a5f4c559d8087f0f0722d0229ac77c6cd050b71e10971643abb54c9bed6f0e347a36a4b4e7043e095efd26e97cc535337c481273df73ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca6c7642ea3a2f026f5343adc6aa9f3f |
| SHA1 | 2cdec3f894d9baf58a759ebeeea3d91a14858340 |
| SHA256 | 6c1715b2c08afd8a26698595701e2a49c131cb40931908a353924497eea0cc54 |
| SHA512 | 95611150ab4d4ffd3dfbbe1f9fc2854f6661910971571488b016165c99261263eb58feb3392cb8809f7b5769040acb83060f091c2cea8a65a240251bd451aafa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e8ac1db1e3dc9706a7bd8cc1330a809 |
| SHA1 | dc47673dafe15a38d49ce5865f1371475195d664 |
| SHA256 | 732c52c6108ce54724236c89974fdcaf995f7164ee1bd61a168e642e3b59046c |
| SHA512 | 163b0ce4e80d3b84087942e5c90c354fb128258cbd951419d75342955b977ae6a31a51bf3ddd03f38630e9493b8ef82c26242ddfc7e352b74ac473326a13375f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e09f85a41b4e8612d3f6d0a47283f07d |
| SHA1 | 4eb7caf84b2438648634f336a63124ea8f2fb88a |
| SHA256 | c4013ddb1efc877f196519aa40fe72d22f07087fc7d1257f075745daca628c29 |
| SHA512 | c0ed3850dee3685154ff811a7bf30b34e7e65c46ccf800ee28e15eadb4825425ef675a5a18934e9bbdb6c6ec1ee146761f71f85599c731d67d5a1de28a9eeb60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eefcf0e2941e92f20a0ee181be9126b0 |
| SHA1 | 41e61b4b06ba4c204b78820af46566062b98db83 |
| SHA256 | 1facc0b64ea7d3bbc7823874b8b91e4e4698d88492623d6b74d5cf456035dec7 |
| SHA512 | efbfc646a1c33933ac93999e8664075168a27bb9488443f45157ee29cc9de178d7ffe909fd1b6f0f868864aaa076211c4c70957cef9c979b0ffc11c87d337bcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43ec66ab82d27bb9654793a32688108a |
| SHA1 | ac0459f1852288c4b75601182d651ecbcf660d9f |
| SHA256 | 6b3ad3c0b09c02b2a0c93cfba2716ab275f31ee76de2cb36bb865ecf6a0002c7 |
| SHA512 | c588cc2a24de4bd438b3423ac5fdcf981b6f3af8cf89c96cbe9290fc102dc3296e1734013caf01aae32acfd4076dd8ef56e328a314cbd8897b3f086263d22731 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80b717baeb5b1ff943a7675b92bca20f |
| SHA1 | e9aa0357a57c2991beae26c564d673c596a73a3a |
| SHA256 | 08d1a0ad50240f0fc6756731b716560c66b5c57d87ae7c6317b74f2b66144193 |
| SHA512 | 21106caab80b9c54adcdd84599f802b9be786582332cd5f52c471d79ab7a6eef7c7ceff86cdfe5b3b1f226a24dbf4c8e5f70874504b90ae667d41911b5c703d6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCB5UVUE\feds[1].js
| MD5 | 6233ac11501ad1a1719bbc47a48bf1c2 |
| SHA1 | bb6712250ceaeeade27937481b9e801e322bf7ad |
| SHA256 | d3719893c61ce1e42cfc7a5db64c4e7d0ca70e6e79a92ae11d939b6d410f3b30 |
| SHA512 | 67c22263c78ad0d2bb48a064483e1e44bcfa2bbcc3f014f6f6df04d036626be27acccf3e8e65adae3d72597ca2e2f3bedb73d3b20eef7d052802c5ba86e157f0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\04G0TJCH\headIE.fp-e8a6969dfe5989bedf8c33869d1ca113[1].js
| MD5 | e8a6969dfe5989bedf8c33869d1ca113 |
| SHA1 | 66e78c855b45f13a0162f9694be6eb8f917d68a5 |
| SHA256 | d4646f0f3644ae3f5757b129e9cd096ec629ca248b41cfa25fb9c965937cfebb |
| SHA512 | afd9d6c68effd4281ccf10af9b11097f417ec661718705243060b1e8bcf92935501a934d244bd825f0b7db4ca985e3afc10f90e6556282fe621db42fd2f5e874 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCB5UVUE\headPolyfills.fp-23a8eaa3e17b58312f2e9f6334f26b45[1].js
| MD5 | 23a8eaa3e17b58312f2e9f6334f26b45 |
| SHA1 | f5051941752eda187767b962da092b8595c7dedc |
| SHA256 | 4ff5952e522855198d43f03af9fc60e895770d9a200e0d68f1cdb8eff24be6a6 |
| SHA512 | a652a9300b750e182fecb5328ab93fcb4de5bb6a97c8c73fca56e1565d5febb2323b3fefbb53eae163c3c324433aaa12bbdbd02a9b5e60462f631abd1a030d45 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\04G0TJCH\main.standard.min[2].js
| MD5 | 6160e5b998841b43fa0486b52e2d47bd |
| SHA1 | f02883f1f521446dfe087d0588aefd92341c0a7b |
| SHA256 | 77400bce2c2fceacf883f1d7b717de61c4a4b2c339c715a631e7b1a2e7e8b9ee |
| SHA512 | 9535e251e9228d6c5f493f645c844845eba9fe4d11b80cd3969d43f7fe85cdbbed0df1ca2e57551c49d815db6ddce56ec14f6a1de85fd67c3d3d9595ad34cc6a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9IOZ64VQ\head.fp-f235d30c5d9c105e2f8a238c94a4e5b5[1].js
| MD5 | f235d30c5d9c105e2f8a238c94a4e5b5 |
| SHA1 | 52405ee07a6b31229442661aeccd9af8e3cbb461 |
| SHA256 | fdfaa035982a48262a80f69a1541d2c3502ee324682272c190e838721c318f56 |
| SHA512 | a573f933b03921c98fe5749006b8c04204e23d14455e9e8570fd2bf18d79dff4ce5ad2efbbbecfb70fc27fadc8fa64404c1072bc67e63c7ef438902c840cd8c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8fa7fd51f9c7fab65294bf892d48df64 |
| SHA1 | a4627e5288eaf9a21cd20b4ac282c9124ea6a6be |
| SHA256 | f0d027a6c3ae4edad8d4a397194464511d09136c490326dab3cf0b1e9a980e05 |
| SHA512 | 2f5f14992a62edee7a247421475f86f3c35d16d196025d5131d8f31fd05f26710471ff6705b50042847c85586806a23796ea17c70a86f66e8f1d412a0b8713c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77265f4d96d21cadba892eef646c2315 |
| SHA1 | d164a74170ea1c167f66cfcb324c28814298f6de |
| SHA256 | 08a1973a94091d17be5e7e20cca1e09af5c1f583caa2fd3c750a03ca0b6ff313 |
| SHA512 | e780fe6971e042c2c123df9e835f486348c0b76abe08586e394d2013f66dd3bbb0d85ee484eee59dbcff75da74378c6c60617b631e5e7b2e5607044a6ace752a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43f7fa79f60f09d4ad26ffb4bce8ba50 |
| SHA1 | 569d29b272525709a153afe7d70e0cad45974b9d |
| SHA256 | 5d0e87de977d7544667d19b20da4174c96e14af43840a86bec13808d0d2cc9ca |
| SHA512 | 5789373466bfba990465f83e08afa5323e00f1d2473e3ce7351adec06ff6da34bda74568696f574671ee31428d13ac2ac68acb068a3bb384ee354d5ec32f8e76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c207dd4d3a83080d346b408c6cd8339 |
| SHA1 | 05a64efe8e74a5d2c1c6df6078fefa14b57343ad |
| SHA256 | cb408a904ce678393ffcae7f7921f11990ffa1bb63757d40afc205d3aacfb829 |
| SHA512 | faabd2e7f1e1fd7785c1777ac1db5d10c21bfc5a3755e075a752075e32afcd3623fa1053459a58f33e2670c5ebef31754e265c0c961d631376e136384db66ee5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 745793ac3f8ca1b345b376cdf5014219 |
| SHA1 | 3e4baffef2aaa677a31206e09380cfc641f579de |
| SHA256 | f023aca547df092ff9131401ac8e1227eef99492705bd9042226074f4fc6e8c7 |
| SHA512 | 591c4e2ccb2e7df632dc5d33b853c79f8e1c5dd5ee45bc04f619b8be197321f9b066740c5129debb444a39e7553b4367fb9f4bf623d0f985e55566691cfdc13c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88a92b8111b57c289c94cf63b231f3f2 |
| SHA1 | df1cf11aa441a81dcee6dfef2393cfb1f88f76e3 |
| SHA256 | cb01d64d838c99ecea2fbaf636612293efac0dfdfd04610dcdd7eba69fe6bbf4 |
| SHA512 | 36a3e0feffd8edf1ad540a6a88ea37da02dd4c9de20e50b044bdcff96dca87f88a1c897565a548631cbacd37c372763a086344190ecefb21a64e2dd4cbedfbbb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 521e23f74bacad1ab8fc2afae9ecf710 |
| SHA1 | a41c5658f98a7e64481a6a38ecaed157899720ef |
| SHA256 | 70eca031c5652983cec7820ba4c53541754a5bd856aae8289a50ad8e766d59d7 |
| SHA512 | 246e33a9878719965ae48a98048f2cf36bc2e2d1070f966faaee9bf37a8bf1cc3737bad714bdd2e7f69fa08d9c11b16f119f3a102a089ddb5d04c2ffb60a0bce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3d9100695b4bc2c04d53439a1f0c950 |
| SHA1 | 3ea390e8b0b901d681dec7b6bf163ee85f516f3f |
| SHA256 | 271e1c2a488e3e0efd079a1b71578a6694c86b52c6c847198768ec49b2d18677 |
| SHA512 | f15a49c5fefc0c2fba37c894bb65d0a38c7ee826ac5c41abdb705a914118b197d964babec278e462c2a4cf667cc9c4460525e5d1b3b77269b9f128d2210ef7a6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N1ZD8WV6\publish.combined.fp-30eb7fbf1a18a0a2d7111ab3ad12edab[1].js
| MD5 | 30eb7fbf1a18a0a2d7111ab3ad12edab |
| SHA1 | cf389a0e9c9c82a14a94b19d098cf1bd8be649ae |
| SHA256 | 70ee17e11b13a8966dead9cd98cb1d67628acc0f011934c36f7cde780fd30daf |
| SHA512 | 8153316381f282aa283273787871c60535a8bcf20864b2307d2bc75d83cd3993093f93370c0acda1451da1c2d541fbf4969d98befa9cd31937757f47633c7224 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9IOZ64VQ\commerce.fp-4d3664284bc1f1d7844739a4f83f16f2[1].js
| MD5 | 4d3664284bc1f1d7844739a4f83f16f2 |
| SHA1 | 6f39968be52d27265d336605cc7e2deed2d3fe70 |
| SHA256 | 7e96c8962e6ba7661da45eb2f6b44e91e1148833e927ab70242fffad7128385f |
| SHA512 | 0c29263c31723f46ccbe162e14f94e8b326b6e19ebb9da7a4c746d794eb51c1d0aa194bae64deac0b6d25fb994c336870d82b854eda638b4ec4c4b408827a6d6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9IOZ64VQ\themethree.fp-041f03cf8fcb58244963649203146aa7[1].css
| MD5 | 041f03cf8fcb58244963649203146aa7 |
| SHA1 | 18362bcb7a4136075bb1617b27f3318acccf4912 |
| SHA256 | 9de10172c1043e0b4e0fdf8b242daf8362cb45ffc39efa3188ec8a3f18ee28cb |
| SHA512 | dd7cad044a08d587b0b51d9fdcfed220cf1936c1c01be2e7ccbd117acda864715eb740e4962b15979e665420d369b4d1f162223779d40e41d919ea6def3036a4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N1ZD8WV6\publish.combined.fp-ebde96dd3514a4937a5c5fe0b2f1f17e[1].css
| MD5 | ebde96dd3514a4937a5c5fe0b2f1f17e |
| SHA1 | a67bb70b2c37a8d9155ba3e928da669961bb5260 |
| SHA256 | 0f123aa738f509e55dd6bcd178c7b4b5438b8c1f6df6a28bf7e2ed8d03bd35cc |
| SHA512 | dbba7221db1336c7b22a7f4d660436c6aa60791093cb1a23664c4a91f4811c8a0656cffb9ed6a0db40dd2e8c6d79d32c41fd51b9f95870879f11abeebb3ed050 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCB5UVUE\imslib.min[1].js
| MD5 | 9ae016db11862befb1bb98d894829b5e |
| SHA1 | adf55e44ccbc370ae6f4b67f46765fa2b09fb1a3 |
| SHA256 | a2a36f4c0cd39f1082cc50e63ee76ef3c536d5d471c6642c44c9bfeaf73e84ec |
| SHA512 | 111ccc9a64264332573db4dfd2a85bb101a74aec11b8f0aa0d5eb795539c611751d083a0965771c780ed02afe65bd000ba5dc917b4be5e2383e2451abe8f4273 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9IOZ64VQ\commerce.fp-f2b3948abab366f4204973c474b0fa60[1].css
| MD5 | f2b3948abab366f4204973c474b0fa60 |
| SHA1 | 84943f7a8092c658d3726a08ad73a17641e695d4 |
| SHA256 | 150a1ab02e572a2bcbe57d4f55e797f67a14b4706de53b5269f6dcdcb778a903 |
| SHA512 | 2a6091f0b218ed7ada23c307a60958e8738ac4f46f1487471ffbbe4035309a834ffc59c8eac43442c2d429d0946d385e5c8c95bc7ef361005fe2e72d7915776a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ce4013c2da195d9d4a8bb09953f7a24 |
| SHA1 | 91a36a51fe2c9501072c0e0e77eedc967868fffd |
| SHA256 | e260e966fbc3a5a91a11d3dfcf00c888bd2408890ebdeafcb68fabbb4deb0dc6 |
| SHA512 | edc48fe6830584e7f5123af92d9a5f3670b7359965b1b46163e8af4d45f85434f83ccc1ebd22376cebc25d3999de26241d23d2855d6139e430561663ddfa768a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5fae0ea39c02ae76d502e866728c85d |
| SHA1 | 805053436887ea20beffddf12c3e380871334e11 |
| SHA256 | 3b464e4c8521fa68079f479e5982c9fdbbe29f9cd4d60696b06b7aa9ab114759 |
| SHA512 | de527f89316e7ed7e967683e901d845d5a8bd7afcda2ebd6f1b9105ff1a6945c5667d209c13e9ce36219f93832719d582f5cba494dbfdb47e3b3cf47433fdfde |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5bdcd81d71c4e5fb4bca117758db6b19 |
| SHA1 | 706268d0f57300d37e95f02d70f409946d4286f3 |
| SHA256 | d3f19879da006add7181264691346ffd00d7661c6141261dffc68543e065326c |
| SHA512 | 05ba4b2f922e44a5cc9fb126d4d57a1de767dcd779ada103bded946a3ff96f0ae26c393321155916c5008b8e462066cb6b3e2a065bc440fffc374796a606c340 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N1ZD8WV6\acrobat[1].svg
| MD5 | 325c8a2984f01a66681f42d5c7480dda |
| SHA1 | 5985d9bea1fe85a2ac2787231c919893e2ad2e3b |
| SHA256 | d1e12c899e29f48adf45b0e2dabdc1c3eea604ccc833701f8590e8116efc19b1 |
| SHA512 | af476346c9cc67746c4f78a657e75e896ac8a561d174ec2123d1295885ddf1fc5264b1b96529802fcc5acbf2b2417d6cd4877e39988ef293e8353ccd2ef93fab |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N1ZD8WV6\photoshop[1].svg
| MD5 | 8ca8f89d1be259c6426e2b49efa0754a |
| SHA1 | ea8f4a123d347cb904048f42b4eb1358914b1303 |
| SHA256 | 4e8a55358541d6acf03c0a25b1f708e1378093c7b79e331200ea23997071e127 |
| SHA512 | 2adb286a6e1aa146c7ca0a4d747c43d9712ff87587b790603a997dc9edc5689f43a0e94832e2eff86ee1ec6184569152478faa8884c1dce27ca3ffaa0f228b2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f8e4b513d6224295561ba7f18d67638 |
| SHA1 | f972ff32b42899b30f450ba2db30312bf4dece1f |
| SHA256 | 91da0f805e8adb91f75b73db1cbc447858cb8534b86a976b619b8b0ec45c47a1 |
| SHA512 | bdb543015267c371eedcdf309346ae1830bd465081f08286ab5df9ec69b7f0029e28dc296c2b008c68d73219fd57a6f3f4d96e25dc3b92fae7918da03bd793b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10fe336e16d2f72207e0efffba59dc1a |
| SHA1 | 224e4920446a1975195ba4061bda16d33c36b4f1 |
| SHA256 | 6687e36e9c6c7ff192ae84b24157c88fe3f5e11d4df9a43222fa384ac813f226 |
| SHA512 | 4dae7f9550b7b19aab1df178278daaf3089fae7131d25ca3d5de458f4fc8deb2bb849380ec63fb525900c5fce4d35bbcb3a774ad30504c46a612817ebdcbb67a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d4f7652fd9865a4a2e3240e79ada4c3 |
| SHA1 | a8805940e53101d884eb3f9c80fecd6e830eef55 |
| SHA256 | 2f17f6fea4643811831b06cd219aadabf79cf0945bdb48f9a21db17a24e4a0bf |
| SHA512 | 511217da13e5fbc30649341c9ac9745752b80350f646b23772d0222575480af4dac96c688ea192ae0d58bbaf02465e6ebfeb0c0cfce5f96c23814a8221c8ec85 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d33ec44460ca781ba135f35abfda6ae8 |
| SHA1 | 65eca4a336d353360583e872a3c91f704e4077fb |
| SHA256 | 93ef03a48c28f28a1e250dfa0f27c3b8c134549258cbf6017bd2dc7533b845b9 |
| SHA512 | df660a3d6916310933df59f265839cb8fbb711398163fa2096195b371c411f3ffe92c72bb606c1cd41cb959d7f531ea0135bea3024a7401d91647c1dc65bc49f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cce064ef939ab5d02b9577627cf34bce |
| SHA1 | 04e6ed31216fe22926d8331c8a015724dee16edf |
| SHA256 | df7415539b2f76795506df7fa4b12d45d3ae87b3085acb1f948fc4066699512d |
| SHA512 | 78a449fe1a25d66281933b5a8ab63294f5f7a4bc1b4d26f9a0fa6d5fb99b29f94c7616b72793e1bc45f703680177ac8bd4354aaefc9f7f701d4e2582b9206a15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d58c6ff2d981626d52a76bc9943bfdf7 |
| SHA1 | cd65ee42e49fbc7e8e4c93a57ec8e9df4b6c642d |
| SHA256 | 0f1659c54af8492e8d88824fc2cf6f72a527b45aafc8e32b1f1e7d56c5660cfa |
| SHA512 | 0c0bea9961d64b351a613ff893bdc1a89cc76f8897115b750fada8c2cd05d033e5fd4e475371bf0864a8a13230f4bf6a47c6aaad16763fd8cce6aa3ed67e646e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0df822a6f1c6dd79afa12932de39fe6a |
| SHA1 | 5aed29487382f72aa788c9fdd1c706d54f3d6151 |
| SHA256 | 530a226773516064b5591fcfced969de6f7d8b5fcd9cdd7de8886db36b12344a |
| SHA512 | 9fa102c4e1fa542a49ff508266473c6bfd070a51c3a84604e28eab420b9291979d71e9755f36743bde18b7e3ecbb7fad0c3a1107a7dc7c89b6d50837390dd520 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39776a8628f83202a503994578c8152c |
| SHA1 | 381ce33a37e9e78548455704584587b2352489a0 |
| SHA256 | 4cdbd6807399ff06a0f4ec26e5b2d1b5ced40ce06c0a221ecc5c78f861e95388 |
| SHA512 | 9b8ea1f1ce38d04f928e1d9bf4f5b134047c452cca784c02010fbf58d38723f60b1abd48fe2eb78814b82946d75a6770228e999c698bf4a854515134c75c5a08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10bfeb050ebf2fd5829fa5be94388924 |
| SHA1 | 2d21fb78c5d4b2d4c47a31902f4bb6260644a191 |
| SHA256 | 6c853701dc2b40abf07d4f824e0651751cda88a0124672b50ed876b3d2404268 |
| SHA512 | ce1331afcfd41d5072a31dd6219ed7a32d5217944834af19d47bf8060ca816cf82366cc3301cdb43082ebe588c67fe32bb7e06db5cca7499266baf4fad7bac1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 694c1f67ffc75075273fd059a4ab8e89 |
| SHA1 | 78ee7382c96927fb67b3788d4029e3d55d9b9629 |
| SHA256 | f95d0f207d3b4712ed657f79672f61ca5e7857f6a56333593086d97e811c3721 |
| SHA512 | c5a5ccc0b7b4ae9594196046c38dce05360ca924a7a97f7589c365a3371034c30adebf31af8103a53713af8a8b8aa529f7c6487e5d8d8f8bfd4a955e4d523d3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07f26af92f4492ad31462a1077fb8803 |
| SHA1 | 5c666ed551787aad4a3c979d3b53242282fcdc13 |
| SHA256 | 6c8822d99f9d0b1e303e90663b4650436c14b9e1e3c7b34398f08a5f8d2986e4 |
| SHA512 | b8059ac8905d3b24e4a6a8911098461ff4de08d53215b069b06d36eb231e4b514b969f4e3dac04e1c4c40cfdd39d7656f7d94b87572d84aa0cbbcfec988f7711 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ea925a693a6a0b065265dce8f25ca5a |
| SHA1 | 59ae3265c4e626e3680243bc1fbdf40c8e21c1c1 |
| SHA256 | 2a099d2e5b3df913396191f70cdd43be1b59fc25438a82500c0d60404387caf3 |
| SHA512 | f32c1adaa39eb9652220a42a4af96e9330c16a3bdd0853c70e0417e7eec71aa95c3fff73357b44251322ad4e5d99366834fab4d5f0975f4555e969f25b2b2ecb |
C:\Users\Admin\AppData\Local\Temp\~DFA979DFA66A798F13.TMP
| MD5 | 4174c407ca0145b09f115a7f0557815c |
| SHA1 | c349161c66a10dad804d9093a25c4c0e44e79940 |
| SHA256 | ee92c7d2d70f34a7431a6646e6ee7aafa7a3dd1610b80568c29d926f6626e9ee |
| SHA512 | a0a09bb775821a59450ec75119fdb1cc88a64321a49766162db0ddfe0c010129429dd8c968f14bdabe48db8604ee01b6acfd3f1b8b42cae767407a01f193ad4d |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{484EE704-6CF2-11EE-BACD-7200988DF339}.dat
| MD5 | eb12ee0bb387ea90130a27dd6e98680b |
| SHA1 | 1db29d17227691c3184cdc9b8b0b4ad11ab588d3 |
| SHA256 | fbcb7682f0b3c58f9ed3df3792afd04e87e940da70f449a7763abd6ae3491108 |
| SHA512 | e3a517131c7c52ab5fabf39070998fced3e28add91b8aaaf1c9054e4c58590694bec704ffb4ebf92db91a12ae12d31593b9e5c8cd31cd0c170e14c63581b0d74 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{07765EA0-4869-11EE-BEE3-62B3D3F2749B}.dat
| MD5 | 512053dfd274782cd63adcc6331c392c |
| SHA1 | f09f406c3e1eaeebb89679c922f1631d4f1442c3 |
| SHA256 | 6ed98a10a88398287f3d06d692d97682deb018fc3c23d8247a5e583c67289907 |
| SHA512 | af80143257bf933de8515258a1ddcedf244dd7ff948894c3ae9f46faebebaa0043d5c91c6811fb3e2695a8b1b57f8f7094b6ae80f45e7e9f4c5a3c9c280c9da4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ea925a693a6a0b065265dce8f25ca5a |
| SHA1 | 59ae3265c4e626e3680243bc1fbdf40c8e21c1c1 |
| SHA256 | 2a099d2e5b3df913396191f70cdd43be1b59fc25438a82500c0d60404387caf3 |
| SHA512 | f32c1adaa39eb9652220a42a4af96e9330c16a3bdd0853c70e0417e7eec71aa95c3fff73357b44251322ad4e5d99366834fab4d5f0975f4555e969f25b2b2ecb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7993146630b337592ed20d8f87e5f992 |
| SHA1 | 063b75cef37bcb95ff862cae6cf840679afdbe67 |
| SHA256 | 16ccc5ffdfdf072965a1f9223a51c8a24e2b4c6b6aef5a95fbaab661fbc8cbd0 |
| SHA512 | fcd7ea8fffa1047afd76bcc55a6d83b8d787265363d45ef5a93272ebb5c31c9885804f9d7a0e5af00a30a51864ee4aaa48b91eaa2df0b20a0f7f453b9b26a307 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e45891a22fcf7a79f195e13ac3f3317c |
| SHA1 | 4b360d2feef4359188ab902242d4c0ad62fcaf2d |
| SHA256 | bb5f092789092294d69f96bcfaccd359f5b8ddf53fd315870a7c11586a7d1899 |
| SHA512 | 6990b1de422f759473d7709457baa2a6b76706c001b214c5822fe918ff755cc6657561c01f662d7805adaf3c58de0742dc7be952c77b0b44e63e14752561a1fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ece3763703e6287ffb7655ad71bf540 |
| SHA1 | 8d4269ce8524bf4744b16f594c76897c62235c59 |
| SHA256 | c93d4e5961282b4d5fc2d2f9cebff1ae6fc85f8e88e99d4e43438f45be151c1c |
| SHA512 | 370da2d61c7a4316c9621082ee4a4dc7df957795933da4faf1d00e792aa64cd7dcbf90a92d94188591264550b49cb58a85693a5ea03df2fbc6bd7f3bf52ae076 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5332b8e1e3447bbc00cfa4acee80c34d |
| SHA1 | 883c8e71d50695372b1d97b8360b4804897ffbfe |
| SHA256 | 199b0b80274229d1593f288c1ebe89124f70cade26b6c2027090beb978f8e8cb |
| SHA512 | 8ba4f741247dd2a491f14c103b1f4c29891b7c3080f2f0c43717fbbef065288805e5b210bba29802a9107c429c119498d800f142fd14652c73279fe2e1c418c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59961fd5aa52c19800c27b10e386d130 |
| SHA1 | c094c95ccf768f65b835ef6d74afc4a9801a5bea |
| SHA256 | 69436744bef24585b6e2b06408da6e07239197c147d25a4a0f89035f996e2c3f |
| SHA512 | c4f78a60aab24f5ff18387a17c3e4bc7d1f78329e0fcf3189e14ecc00364ddf06205fc5b7d768d3c63111a650102268e6026643286dbdcb08cc74d7c0988c068 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3c107106acc91b1f566dcd4a15c9a8c |
| SHA1 | 657f8d786d5562506092c0bd878b4d9ba067f5b2 |
| SHA256 | f4a64b585c2d9f459bc8440257bc117ffdaca9f0ad7c8c4e6c3988f7b5dbdae7 |
| SHA512 | a5e606efac7993305dcac66be984ed88709e482cf8c6e16f8a92a9d03a71b4663419a1fdb540ee2ae4a2a3d446159db10471edddd63e7f2ef381b2f071bd13e8 |
\??\PIPE\srvsvc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4934881e61757b78c5b9f68b3c5c7d73 |
| SHA1 | acd42278f621ec3d46a7f8530bf872ed49ca2335 |
| SHA256 | b9d0193dfde7b69f68b9c47da3da1d7b2c3c5938f7087f26b39470a2445d44dc |
| SHA512 | c2ae3d1e5c9d950e4f7a1ffb58351ab7d065745bb222856e85440a5d24206673c2b28677949b387f5245f6a4e62953dc1d629cb7f1c5546e86212bc96b28b282 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbc414534a46257003ff5a0e49593f32 |
| SHA1 | dd3e72e163f3f8529775f91586f2a33e0c17a53a |
| SHA256 | dca8eb7af3dde5c1bcc20aeaf12a3815b3d1e3000226504efaf31f3500a40b05 |
| SHA512 | 2366c73511d5ca65bce9ef609babeb6245b466ab497cd3bdbd56c5c6736ae2513de86b1a06321fb99d6b5afa5582ea50ebbdfac63420d5b32bee0c7286933783 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0225578a8768f5d15c24db1d07cb41e7 |
| SHA1 | 8dae13e2d244c9ea76ec2d38ab8af710a4ed2262 |
| SHA256 | b80811ed378876c045533626a53e486b147640ee9f9847fe5cb300ca0985e936 |
| SHA512 | 29babe36c5dc1fc178c0c687a650e0db81b1a4671a93d4e29c99978e6f9e42adceab6c8d9e93ad0460c0c141671201005bfe8e06aeed0a90ea774fedd4e21e4d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae34e305836353c6e0674836afcbcce9 |
| SHA1 | 1a02acc4d36fa4fd50efb4031ec5f537fd4450a7 |
| SHA256 | 65787fe462f0fca05dd64503f5027ccceb8ddcf6c086e79d7b20944bdc7332df |
| SHA512 | f5dfce54ca18d99a6bd677b3cbfb868d586e565611cd0bf82c8a78e72573c587b4c0d612a4abb2a46eb76e1f566aedfbc7b874661dec5ec9da383d37ef6bcc9b |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{52124AC4-6CF2-11EE-BACD-7200988DF339}.dat
| MD5 | e923f9dc91f1bf8b9bcc21ddcc6eaac9 |
| SHA1 | 98910dbdcaa9359aa2d0ad9aefc39b8ce2d1f92b |
| SHA256 | 555b0cb8ea1ce669a4cc03c04ae8d082847b7d1431559d1b82b34b83c0f1c062 |
| SHA512 | 4ddc1e0f9dcc9198dcca2b4aaab0b97a0619c1a99e6ae4b549d5e10c167d6d007b175f6643101fe0df6216a42410936c6e96c436d74da5d2ec9907252f596e86 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{07765EA0-4869-11EE-BEE3-62B3D3F2749B}.dat
| MD5 | f37ac0c86521562e5204318f636bc2ce |
| SHA1 | 7dbf756d33e71c37cf788566998b1312ba2f0a7c |
| SHA256 | e37881305d926b3b2c8f28bcc67a0d6c0ef9b1be26d1c0cd7e58acd1811a0f02 |
| SHA512 | ab1f33cf22717fcfba12843164954b3cfe40203ed5f9ac32c4ba31a0d8f1e166a3a8f70d143b799ce40f7a21aae994fc27f16971978d0c69833b769e1b37321e |
\??\PIPE\srvsvc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1016-2999-0x000000002FE31000-0x000000002FE32000-memory.dmp
memory/1016-3001-0x000000007187D000-0x0000000071888000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 9ae0ddd1b4df0f4bf4e8129acd90050d |
| SHA1 | 55496f67d278738c51529944d54b7916a1dddbbb |
| SHA256 | 6f387a7452459b3649c100cb135122dd7dce042fcd67332687032e102af928be |
| SHA512 | 842a910dca87aaf7b22282800e19641e9d1b89f2b0107359a22c0d0eb928734f30f4931c9c2c833dd4aef5f6eac49b73e26a16aace110f090eb6be44ca51225c |
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRD0002.doc
| MD5 | 55dc7a414ce78d2c6ca4616d453e832b |
| SHA1 | b8f162349519b070d963721bee1f6d1cfde88218 |
| SHA256 | 6eb2f1c19fe9ee838b4a5b3907116cf3e3e111dee0e00c75a46097ee195959d5 |
| SHA512 | dc935fbbe8cb48bbfb4ac97b7c90d70fae83581caf516bcfd2f8666caf211a194d6ecc868874be7f6df099ffa0b13fff41ea20975017ce2309ab6bff018782c1 |
memory/1016-3035-0x000000007187D000-0x0000000071888000-memory.dmp
Analysis: behavioral9
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:41
Platform
win7-20230831-en
Max time kernel
122s
Max time network
130s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.ComponentModel.Primitives.dll",#1
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:42
Platform
win7-20230831-en
Max time kernel
120s
Max time network
127s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.Console.dll",#1
Network
Files
Analysis: behavioral18
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:42
Platform
win10v2004-20230915-en
Max time kernel
217s
Max time network
262s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.Data.Common.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.22.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.57.101.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:44
Platform
win10v2004-20230915-en
Max time kernel
137s
Max time network
252s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.Diagnostics.Tools.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.208.253.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.22.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:40
Platform
win10v2004-20230915-en
Max time kernel
130s
Max time network
310s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.Collections.NonGeneric.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:41
Platform
win10v2004-20230915-en
Max time kernel
122s
Max time network
307s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.Collections.Specialized.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:41
Platform
win7-20230831-en
Max time kernel
120s
Max time network
128s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.Data.Common.dll",#1
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:45
Platform
win7-20230831-en
Max time kernel
283s
Max time network
319s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.Diagnostics.Contracts.dll",#1
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:43
Platform
win7-20230831-en
Max time kernel
120s
Max time network
129s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.Diagnostics.StackTrace.dll",#1
Network
Files
Analysis: behavioral29
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:43
Platform
win7-20230831-en
Max time kernel
119s
Max time network
126s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.Diagnostics.TextWriterTraceListener.dll",#1
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:41
Platform
win7-20230831-en
Max time kernel
286s
Max time network
318s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.Collections.dll",#1
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:41
Platform
win7-20230831-en
Max time kernel
312s
Max time network
319s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.ComponentModel.dll",#1
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:42
Platform
win7-20230831-en
Max time kernel
294s
Max time network
320s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.Diagnostics.Process.dll",#1
Network
Files
Analysis: behavioral30
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:43
Platform
win10v2004-20230915-en
Max time kernel
273s
Max time network
281s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.Diagnostics.TextWriterTraceListener.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.148.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral21
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:42
Platform
win7-20230831-en
Max time kernel
304s
Max time network
318s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.Diagnostics.Debug.dll",#1
Network
Files
Analysis: behavioral26
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:42
Platform
win10v2004-20230915-en
Max time kernel
263s
Max time network
272s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.Diagnostics.Process.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.98.74.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.57.101.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
Files
Analysis: behavioral31
Detonation Overview
Submitted
2023-10-17 13:32
Reported
2023-10-17 13:45
Platform
win7-20230831-en
Max time kernel
359s
Max time network
402s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Venom 5 HVNC RAT v5.0.4\System.Diagnostics.Tools.dll",#1