Malware Analysis Report

2024-10-10 10:32

Sample ID 231104-xqlpksdb7w
Target Venom5-HVNC-Rat.rar
SHA256 883ed64083968eec69d6974ce6f58e5cce6d84319a71a439edcb4f0a06283b97
Tags
agilenet rat %group% asyncrat arrowrat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

883ed64083968eec69d6974ce6f58e5cce6d84319a71a439edcb4f0a06283b97

Threat Level: Known bad

The file Venom5-HVNC-Rat.rar was found to be: Known bad.

Malicious Activity Summary

agilenet rat %group% asyncrat arrowrat

AsyncRat

Asyncrat family

Async RAT payload

Arrowrat family

Async RAT payload

Obfuscated with Agile.Net obfuscator

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: MapViewOfSection

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-04 19:03

Signatures

Arrowrat family

arrowrat

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Asyncrat family

asyncrat

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-04 19:03

Reported

2023-11-04 19:34

Platform

win7-20231025-en

Max time kernel

1807s

Max time network

1818s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat.rar

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2168 wrote to memory of 2464 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 2168 wrote to memory of 2464 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 2168 wrote to memory of 2464 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat.rar

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat.rar

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-11-04 19:03

Reported

2023-11-04 19:34

Platform

win10-20231020-en

Max time kernel

1802s

Max time network

1588s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat.rar

Signatures

AsyncRat

rat asyncrat

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VenomRAT_HVNC.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\VenomRAT_HVNC.exe N/A
N/A N/A C:\Users\Admin\Desktop\VenomRAT_HVNC.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "14" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "864" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "755" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "376" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5af933cd510fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000939bffe30bd8330cbdbe0b29d43696df434a70ecef9b65edf8022b09dcb95a5a3bd1fb3710d777af83e1154c2e5a0ce135ac3d9d04a5c6e352ea C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "376" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "862" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 056c0bc5510fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz! C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1233f1c4510fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 049331c5510fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "124" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "782" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "865" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 507e1a2a840fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "864" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b16fcdc4510fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 856f19c8510fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3856 wrote to memory of 3536 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3856 wrote to memory of 3536 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3856 wrote to memory of 3536 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3856 wrote to memory of 2256 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3856 wrote to memory of 3536 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3856 wrote to memory of 3536 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3856 wrote to memory of 3536 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3856 wrote to memory of 3536 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3856 wrote to memory of 3536 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3856 wrote to memory of 3536 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3856 wrote to memory of 3536 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3856 wrote to memory of 2256 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3856 wrote to memory of 3536 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3856 wrote to memory of 2256 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3856 wrote to memory of 2256 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3856 wrote to memory of 2256 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3856 wrote to memory of 2256 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3856 wrote to memory of 3536 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3856 wrote to memory of 2256 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3856 wrote to memory of 2256 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3856 wrote to memory of 2256 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3856 wrote to memory of 2256 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat.rar

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat.rar"

C:\Users\Admin\Desktop\VenomRAT_HVNC.exe

"C:\Users\Admin\Desktop\VenomRAT_HVNC.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\VenomRAT_HVNC.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\Desktop\VenomRAT_HVNC.exe

"C:\Users\Admin\Desktop\VenomRAT_HVNC.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.2.85.104.in-addr.arpa udp
US 8.8.8.8:53 dotnet.microsoft.com udp
US 13.107.246.67:443 dotnet.microsoft.com tcp
US 13.107.246.67:443 dotnet.microsoft.com tcp
US 13.107.246.67:443 dotnet.microsoft.com tcp
US 13.107.246.67:443 dotnet.microsoft.com tcp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 67.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 target.microsoft.com udp
US 8.8.8.8:53 microsoftmscompoc.tt.omtrdc.net udp
US 8.8.8.8:53 js.monitor.azure.com udp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
US 13.107.246.67:443 js.monitor.azure.com tcp
US 13.107.246.67:443 js.monitor.azure.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
US 13.107.246.67:443 js.monitor.azure.com tcp
US 13.107.246.67:443 js.monitor.azure.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.67:443 wcpstatic.microsoft.com tcp
US 13.107.246.67:443 wcpstatic.microsoft.com tcp
US 13.107.246.67:443 wcpstatic.microsoft.com tcp
US 13.107.246.67:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 163.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 161.252.72.23.in-addr.arpa udp
US 66.235.152.126:443 microsoftmscompoc.tt.omtrdc.net tcp
US 66.235.152.126:443 microsoftmscompoc.tt.omtrdc.net tcp
US 13.107.246.67:443 wcpstatic.microsoft.com tcp
US 13.107.246.67:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 126.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 66.235.152.126:443 microsoftmscompoc.tt.omtrdc.net tcp
US 66.235.152.126:443 microsoftmscompoc.tt.omtrdc.net tcp
JP 40.79.189.59:443 browser.events.data.microsoft.com tcp
JP 40.79.189.59:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 w.usabilla.com udp
US 8.8.8.8:53 59.189.79.40.in-addr.arpa udp
IE 52.214.142.210:443 w.usabilla.com tcp
IE 52.214.142.210:443 w.usabilla.com tcp
US 8.8.8.8:53 westus2-0.in.applicationinsights.azure.com udp
US 20.9.155.150:443 westus2-0.in.applicationinsights.azure.com tcp
US 20.9.155.150:443 westus2-0.in.applicationinsights.azure.com tcp
JP 40.79.189.59:443 browser.events.data.microsoft.com tcp
JP 40.79.189.59:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 210.142.214.52.in-addr.arpa udp
IE 52.214.142.210:443 w.usabilla.com tcp
IE 52.214.142.210:443 w.usabilla.com tcp
US 8.8.8.8:53 150.155.9.20.in-addr.arpa udp
US 8.8.8.8:53 14.15.239.18.in-addr.arpa udp
US 20.9.155.150:443 westus2-0.in.applicationinsights.azure.com tcp
US 20.9.155.150:443 westus2-0.in.applicationinsights.azure.com tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 18.238.246.206:80 ocsp.r2m01.amazontrust.com tcp
US 18.238.246.206:80 ocsp.r2m01.amazontrust.com tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 80.41.65.18.in-addr.arpa udp
US 8.8.8.8:53 206.246.238.18.in-addr.arpa udp
US 8.8.8.8:53 d6tizftlrpuof.cloudfront.net udp
US 18.239.15.219:443 d6tizftlrpuof.cloudfront.net tcp
US 18.239.15.219:443 d6tizftlrpuof.cloudfront.net tcp
US 8.8.8.8:53 219.15.239.18.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
NL 104.110.240.59:443 www.bing.com tcp
NL 104.110.240.59:443 www.bing.com tcp
US 8.8.8.8:53 59.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 126.211.247.8.in-addr.arpa udp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\Desktop\packages\Vestris.ResourceLib.2.2.0-beta0004\lib\net35\Vestris.ResourceLib.xml

MD5 5d2dee455b4003b6624b6dd890edb279
SHA1 4cdb025c8c5935bfc49871fca80fc4a346acd579
SHA256 02b4fd6d46ffc9411e4688a5b088fbc7d34062024e1c93637535e093319c35b6
SHA512 90f0123b6300a2fe53b7da8b50253c5807950da96dd0010e2494cc9f14d339d7a131c9653f29a585c2647634537cfbc1a1d84debc33a1b96bf7f01b88eaedee9

C:\Users\Admin\Desktop\VenomRAT_HVNC.exe

MD5 5384c0396589430eeb3d1a2e05703e9a
SHA1 20da44da7639bbef2f6b5bfc21df7474cd1109af
SHA256 b4250aff983f1f588593baed1adb4797e6c1ab6225595ebd013b50348a57a459
SHA512 9bf613ee62b0e56af500dd88f572b2221ad6df63b0b4c0dcb0ef763efcebeac633a95f10dfce90f6cff038df2810681dd55dcdd272eb9f907c670cc2e4f7363a

C:\Users\Admin\Desktop\VenomRAT_HVNC.exe

MD5 5384c0396589430eeb3d1a2e05703e9a
SHA1 20da44da7639bbef2f6b5bfc21df7474cd1109af
SHA256 b4250aff983f1f588593baed1adb4797e6c1ab6225595ebd013b50348a57a459
SHA512 9bf613ee62b0e56af500dd88f572b2221ad6df63b0b4c0dcb0ef763efcebeac633a95f10dfce90f6cff038df2810681dd55dcdd272eb9f907c670cc2e4f7363a

C:\Users\Admin\Desktop\VenomRAT_HVNC.exe.config

MD5 fa21c166232c3b29f8d2d14557490c9c
SHA1 2cb1a7d4a204fc03bd6bd15aa9f431f3445a08de
SHA256 5c939c46f9d81cb75180c897feb5044176ed44cd0d51e076149bd82425e4ef44
SHA512 cca1dd276a093b62845e5a7652e778d07200b7158cb05a2b44e11e69ce8bc78020eeeb29d55a87a6b87a3fcc25b2883175850467002388a811abfe9945d58fd9

memory/880-305-0x0000027174020000-0x0000027174030000-memory.dmp

memory/880-321-0x0000027174840000-0x0000027174850000-memory.dmp

memory/880-340-0x0000027179820000-0x0000027179822000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 ed483e4ff1c7800e6411fc67e7b340e6
SHA1 22d7f07b65c28f01e10ce587d8bbbabe08946b31
SHA256 e9f3e8e39aafea14c382f25702a34a0be241fd6176447ce1825d77e3a7b0c56e
SHA512 0f03c84c1afc560f4cee704badabea7678980d5b064b223ebbf928aa693fdbac0d51999a510103c19e171258da4f18e69bd63d57b910c3e40116d0b09eb20008

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 ed483e4ff1c7800e6411fc67e7b340e6
SHA1 22d7f07b65c28f01e10ce587d8bbbabe08946b31
SHA256 e9f3e8e39aafea14c382f25702a34a0be241fd6176447ce1825d77e3a7b0c56e
SHA512 0f03c84c1afc560f4cee704badabea7678980d5b064b223ebbf928aa693fdbac0d51999a510103c19e171258da4f18e69bd63d57b910c3e40116d0b09eb20008

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 ed483e4ff1c7800e6411fc67e7b340e6
SHA1 22d7f07b65c28f01e10ce587d8bbbabe08946b31
SHA256 e9f3e8e39aafea14c382f25702a34a0be241fd6176447ce1825d77e3a7b0c56e
SHA512 0f03c84c1afc560f4cee704badabea7678980d5b064b223ebbf928aa693fdbac0d51999a510103c19e171258da4f18e69bd63d57b910c3e40116d0b09eb20008

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

MD5 8262786b4ec8108bec7e9f9b0da5ffc0
SHA1 22b15a618c8da4a9984f805c3b4bac9cc163b84b
SHA256 915989beb9e1e18509b8099062787906c1cd7d383020d0704495e87174a925bb
SHA512 f3faad14c1a5169edf2683bc3c47ce6bce12fd6f039c992e8d303dbc834a2accfeaaf82a5c3d62656270e1de06642ccfd24484c9c59b6cf73e5c77d37f0f66e5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

MD5 f256de8ec27d0fdbd34041f25e1d27b1
SHA1 333186c86a922c4945675d8a8cd6602e66196181
SHA256 b37192dff23edc2ddd3818e9d9661a00578f8526b6022eea6ee8405c7df22173
SHA512 4a59f0e0a2f85bc283a6da757092cab84606454c66809ee19f464369300789bb7cea10a33847229ea57f9765ea829e86cd45b865ffc61bf680675e9512b8ae73

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

MD5 8262786b4ec8108bec7e9f9b0da5ffc0
SHA1 22b15a618c8da4a9984f805c3b4bac9cc163b84b
SHA256 915989beb9e1e18509b8099062787906c1cd7d383020d0704495e87174a925bb
SHA512 f3faad14c1a5169edf2683bc3c47ce6bce12fd6f039c992e8d303dbc834a2accfeaaf82a5c3d62656270e1de06642ccfd24484c9c59b6cf73e5c77d37f0f66e5

C:\Users\Admin\Desktop\VenomRAT_HVNC.exe

MD5 5384c0396589430eeb3d1a2e05703e9a
SHA1 20da44da7639bbef2f6b5bfc21df7474cd1109af
SHA256 b4250aff983f1f588593baed1adb4797e6c1ab6225595ebd013b50348a57a459
SHA512 9bf613ee62b0e56af500dd88f572b2221ad6df63b0b4c0dcb0ef763efcebeac633a95f10dfce90f6cff038df2810681dd55dcdd272eb9f907c670cc2e4f7363a

memory/3536-379-0x0000023722440000-0x0000023722442000-memory.dmp

memory/3536-382-0x0000023722490000-0x0000023722492000-memory.dmp

memory/3536-384-0x00000237224B0000-0x00000237224B2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NZ4MYWJC\74-888e54[1].css

MD5 21d2e4bc29cc9ba690164f896a04c2f3
SHA1 b07f66e6b50916d4a636c2e91f633ac8f63e5b5d
SHA256 47e77d470102641070b066a5a73c34dbd14989f55a3d435efae0fdeaaff3ae6d
SHA512 8432b3b49c14ce2b2787c99f6b5c9d88cf147eb1308b13e01655b39b3677aff4010ec8549ab5100d31391df88a347c58e3b0f22211a48531f418b022b8f9ea11

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 ea9673a25d83b35edfc145023e07a6bc
SHA1 fe8eb2bb7bba90a7f3b26647427f441c8c119fcb
SHA256 11cf63a5fe890018388dfb9917d01cab0a9e09cb9b9339687adfc17505b319cd
SHA512 624c68e20f0b02b14db1d113c3dce93252790376f977ce27746c4e69ce7599ecc2bb7a24dfc75c04048495ece90106d0166c7ae1fa78eed78745fa8e35e883c3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 c87e3e3e85e9fa1e0735be57dd22393f
SHA1 837378d9d62d0c1a421d71406ba56a4de888fe5b
SHA256 8356c39c912b36241b02500efc201fa8376cf9f7d1a1ed3ae035846d8e5434d4
SHA512 503d0c4a69d936d5484e80034ef76defb637123e3c08bd4e0f0fb7861591bc1b5626046864da8d7db307e77ceadd0e45094fab342e69f4db1e50b0b84e1764c9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 2a05ba6fca90ff7712e1ae98d5a9677d
SHA1 087eef795f2aa53eb0df2d26204695005cde270d
SHA256 32b8cf01f4c47a1c807cd2d476f253c636d2d666478a49ad50425b543deefb23
SHA512 a10f4f30d3c319e148de6bc964e40c702e5feb1a2a40b1a0852f0918d9a079ba8c0b4de1ca13239795b7c4f10980ae1101a69407b8e35f7f97b9dce11169eda6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 2a05ba6fca90ff7712e1ae98d5a9677d
SHA1 087eef795f2aa53eb0df2d26204695005cde270d
SHA256 32b8cf01f4c47a1c807cd2d476f253c636d2d666478a49ad50425b543deefb23
SHA512 a10f4f30d3c319e148de6bc964e40c702e5feb1a2a40b1a0852f0918d9a079ba8c0b4de1ca13239795b7c4f10980ae1101a69407b8e35f7f97b9dce11169eda6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_AD319D6DA1A11BC83AC8B4E4D3638231

MD5 a7ad7ef68a8ac43f1f8176dd44654d14
SHA1 73912f2e55ca111cbe8e089909ffdf5186dd5920
SHA256 f0521147d251b2b707f6842e033879004c12558afd5b96aa4d9f95948202f800
SHA512 11da8f86985d8f5566785ae8f247fdd57bcabfccb7f6e33473990e02b6948c670514bc8bdc2fb904c54553588453aec05ffad9e5934f116b2731e7b7c5974a9b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_AD319D6DA1A11BC83AC8B4E4D3638231

MD5 1712511f8e39975c6cc7b12f166a3dc8
SHA1 d742e2b7f94980231adcd1e08e7bf6c9ac6ba1fd
SHA256 aac3590a9b36b10d19b7274ec2f1d9ac390b0f0152004f71a2b76261955160a2
SHA512 4befc35f3ac29435c2bf91aca465b428d66563cba99dbf3a13d418e5941c47d69b93eb4adb81b4cbe081d0e14aead2cec6744edeb3e63f483e075c1bc3d9ff7d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y7YYZ8TN\bootstrap-custom.min[1].css

MD5 8528842bea85406f603a32e9257794f9
SHA1 e2e8e6069ecfd81d9dd0ce2280848deeef6440ff
SHA256 b9c040c05bd17a24e909716c56c049c267e4973857e07b5db32cfb2d38d7a5fa
SHA512 32fb60ddc89023226cab651bf932ad35918665ee245f974caba7d5906fa07d050fd17dee07c3d845ad9230061772b820387e65b3433dd7592f054474803c8558

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NZ4MYWJC\ms.analytics-web-3.min[2].js

MD5 81a5a96150cc8e1fa6b4b7c70bf10ad6
SHA1 e30156e4218432a853e8e54be1a2d1e4a8886b6a
SHA256 732e08f80d9a49e06b34040cef1f3501d3528eccc8d0cb3057e5a1e8a762ee78
SHA512 4459e69c1dc80e70141850eab3cc65498c2ab20aa5643e5c7aa3074f47c5a731c136d6308fb623446840bdcc98db5ff0e1655bd14af0b74d0fd2aa343b557287

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\T2WO40G2\dotnet.microsoft[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y7YYZ8TN\analytics.min[1].js

MD5 b4a1847f1be996c08716d3b97456d657
SHA1 49113ee2989496eb1858a45ffaa319863d8ccd69
SHA256 8a80172a7d4c7c65ad596f52ecc105d61c0b2b60368277fb4729767f54fec06a
SHA512 b0e4ab27c1db23cbcd13bda3bf488293985d76de6c4f51b2be140c7ca8562a0b8280360b2e628a097f7e5fe94508759aca5bec037a1b3d7a73d2d7d16fb63b93

memory/2256-501-0x00000250FDC60000-0x00000250FDC62000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\T2WO40G2\dotnet.microsoft[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DI5CS8K2\at[1].js

MD5 6b56d2bd5139bc5c00f412cd917a3bac
SHA1 7ebb960a86d15ba09b075265c6c098b9cdafc624
SHA256 cd976ec1ad0e64056080f75bd5bb81cc61b544c8f535ca2ca630a7f4aa5fda5b
SHA512 e716effb9d5b6bd49394e972d7307da7068bb03d536b975e03781c3ac9425117cc27e6a24a7aaf71e56f59341dce179184c88c3d4533fae99379a1c1a9e9f222

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NZ4MYWJC\footer.min[1].js

MD5 8b0450a2954a4eb56111e546efa8818a
SHA1 1ee33b143f4170bed1d39d8526dc6b06454ddd03
SHA256 af5953d08ed8d4bc6b04c3a03024bfb38a85e4a9295055011b5ed6f7adb06e9e
SHA512 ba05f046c52f80cd8322ba4d91a7bdfe8f6f34d6954e30b8b57d7d42caa0a643661ffb051181126d1325bc536a3a88a644555708960d6a30d74a0f7fe42336eb

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SZB5C9HW\at-config.1.4.1[1].js

MD5 72dcd95e1872e4e7dd4debd9363a3f23
SHA1 73e8f9c4dd8812ebc9c54abed3e50b68f21ad7e3
SHA256 d83130d74d82a31e8a653378f0051d57ef560bd85406c85404c0f7bd9801b0bf
SHA512 12c49158f980c09b5cf39becea6506126c9077639991607c6066a9906d5be39eff6d8b4c844ab3dd398d17131f5e00638e52ad7e6a272ca38ea6f2e41efe00a3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DI5CS8K2\open-sans-v34-latin-600[1].woff2

MD5 603c99275486a11982874425a0bc0dd1
SHA1 ffeb62d105d2893d323574407b459fbae8cc90a6
SHA256 4ffc35ac4d5e3f1546a4c1a879f425f090ff3336e0fce31a39ae4973b5e8c127
SHA512 662dc53798ccda65ee972a1bb52959ca5f4c45066c1d500c2476c50ec537cb90a42d474d7dde2bec1ea8c312cc4a46e1d91ffb610130c2dc7914b65aef8a2615

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NZ4MYWJC\open-sans-v34-latin-regular[1].woff2

MD5 e43b535855a4ae53bd5b07a6eeb3bf67
SHA1 6507312d9491156036316484bf8dc41e8b52ddd9
SHA256 b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681
SHA512 955a4c3ea5df9d2255defc2c40555ac62eeafcc81f6fa688ba5e11a252b3ed59b4275e3e9a72c3f58e66be3a4d0e9952638932fa29eb9075463537910a8e0ce6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NZ4MYWJC\open-sans-v34-latin-700[1].woff2

MD5 e45478d4d6f15dafda1f25d9e0fb5fa1
SHA1 52cb490cd0ee4442ede034085cda9652b206f91c
SHA256 d1a17abb1a999842fe425e1a4ace9d90f9c18f3595c21a63d89f0611b90cfd72
SHA512 2ac423249ec837efa35b29705f55a326dee83f727e867269b86005cce144ca8d435f7412bb0bc9babdb9ae17419e4a0314b2923bee6a5acc96c9909e9eb48645

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\T2WO40G2\dotnet.microsoft[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

memory/2256-565-0x00000250FF710000-0x00000250FF810000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SZB5C9HW\cookie-consent.min[1].js

MD5 790e48cbeac7a60b178a4cfa23e3d6f8
SHA1 dd0ed5e152f4ec0848d1682246faa5db958545be
SHA256 732752b90aed5b25aca32d985593b45fce136244e81fd4f02c84921597c789fe
SHA512 1b568bf923c2819c8549d4d16449092e2e3f7a1b8cded89b43e18696429046c10db5f90a6662df156140963bc77fc9b4243089b28955a10e839dd0b000f1acf8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y7YYZ8TN\mwfmdl2-v3.54[1].woff

MD5 d0263dc03be4c393a90bda733c57d6db
SHA1 8a032b6deab53a33234c735133b48518f8643b92
SHA256 22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12
SHA512 9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SZB5C9HW\space-grotesk-v12-latin-700[1].woff2

MD5 514360ed1b78e71aabe58ecd08f36706
SHA1 1062c179ea2f74b5db67f9d7822c556ed25637dd
SHA256 751851e72654508ca07678c61bdacd91b772d725f531dd8a6f62e6f941e11ecc
SHA512 1827c1a0189570e775bdcd07657e720e0bb27c2157ff46307cba551eaa16822645e388321081eb13cae7f4d024038b5279cff897a4c86c0ecd4428e60a5dac5e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NZ4MYWJC\general.min[1].js

MD5 0a51551c9a5fe36e372fc39eb9bf0b3a
SHA1 6c76d69df786828afad990a0144b5d27d56e7863
SHA256 124fceae66250916650ffa507fc9c2773714f98580b7110f98d20103cd983794
SHA512 7c1e3542d04731f54ccb0888fd3b30c39e97e01e0980508bee856cf4725aad04e987a629ef23d95b8c264216f1b825c1c58920e34b79800bdcc22e761b85e388

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NZ4MYWJC\culture-selector.min[2].js

MD5 4147b3bfb0a145eec758f0cb7292cefb
SHA1 8e02467706ce768bc9e68fea2a8d01b49513d631
SHA256 8f6f064a7a80641e434afc35b14fd8a01acda68f2ac01097e7dbbf0623edeb20
SHA512 49a661a2009c172df348aa83b2342f5cfdeea58026710bf139f847c1d9e6728b20a865bb81a980492186b7dd210ed1202c01a38757edfe77a4efa4945cd82477

memory/3536-597-0x0000023737280000-0x0000023737282000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SZB5C9HW\main.min[1].js

MD5 3174cb57a45c6bff5d6eb36764578dab
SHA1 5e535db24d9dacce9856417271dfc2a55427ec7c
SHA256 d1786024efc496ddf468c58766768895ce472875f9cfdaf39a996ee69f7ebce2
SHA512 bb3a0e75630e691e15f6e34bbdf2a2b09c6a9edade2c3e49621a8fcf0e9715845c1b58db2210203a69220f125a3d052243f39d0120c83ad75487b81a9088fa48

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NZ4MYWJC\theme-toggle.min[1].js

MD5 b09e63dc3ce49bad46fb9a325135325b
SHA1 d8485770774dacccebd43e84175e4144f4e645dc
SHA256 ab16b3270188477d3a5907ad1d97d5c69cd5c71e5d0918bcfd0ffeb4273f815d
SHA512 23216d04853647c3677922f02ba62e18fbc4785b4be2548a7f66400afc541273ef2a11135617cb988d90e7bd40d9a8ca70c531e425fbbf7546d55ef49cfaf15c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DI5CS8K2\alert-info[1].svg

MD5 c7db49644f6bf1f50b3190ffba0516ed
SHA1 5bb312a0b6357ccb7e93158ac0f97b4e249e4696
SHA256 2d891fb5984d5f421055da7f5d7e4be525df4c973fdc4366057bc9dfd82ce281
SHA512 9b7f127443d517223a2a2cf6131a777f56aae3cd21dbcc1e87d847a0ad42e8c05a7f13347fec6d4df0582d486a57a9dc0d8121e6ca38371549f53e396cf6463a

memory/3536-603-0x00000237372A0000-0x00000237372A2000-memory.dmp

memory/3536-611-0x00000237372C0000-0x00000237372C2000-memory.dmp

memory/3536-614-0x00000237372E0000-0x00000237372E2000-memory.dmp

memory/3536-616-0x00000237372F0000-0x00000237372F2000-memory.dmp

memory/3536-626-0x0000023737500000-0x0000023737502000-memory.dmp

memory/3536-629-0x0000023737520000-0x0000023737522000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NZ4MYWJC\wcp-consent[1].js

MD5 5f524e20ce61f542125454baf867c47b
SHA1 7e9834fd30dcfd27532ce79165344a438c31d78b
SHA256 c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9
SHA512 224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SZB5C9HW\a2-598841[1].js

MD5 1a9b16e1a3ce074d6cab7b6844d49fad
SHA1 98db09786ab9b960ee250adabb301383566f4c1c
SHA256 d794f9bd321156a2a2bb02102ad0bdc09bdc8dedf71ec42683fa53c3725fdd72
SHA512 71a5cbb0b5c11ec80fe0d3ad751c3e7dd0b1fadf641f8c51a8c617048b6ccd80993018dca2e4eac28a2246725c326634eab165d6f3e9eb531aedc3f18fa8ba9a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SZB5C9HW\cda-tracker.min[1].js

MD5 a3827d5909344f41d270fc8475f7733c
SHA1 bb6cb83e4d2080ee02ea366699f487c7362d4934
SHA256 bcb1104af4aea1ba4be65f0e9669e2f5382df316635226ade340f6dc15f2866a
SHA512 5cbb021d1f0bf0b13583b966ed5bba971b770d3331f062beb2fd75b0d2d380c10bf62db64167f3e3b94f6f5bc05cb160e7d5dae8a5d85d99ed75181040764d18

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y7YYZ8TN\ai.2.min[1].js

MD5 393625d2cd565323f9ad9f264e6bdbc8
SHA1 0587dfce0dca45b29b882c0a8219ab74f880073d
SHA256 6c14d731b13bcdec4325028eb0d8d2cb0190b3b1e65e0fcb52907fe6f55c2707
SHA512 24f6a5e36377f5c552b296e9c8380aba8d445f10d35d0af5bf6ab19f857ba2c8c7fd130c2af5866534e1c130dfb9f88842a22f0ef15101377023cb6795ba882e

memory/3536-662-0x0000023733B90000-0x0000023733BB0000-memory.dmp

memory/3536-673-0x0000023738400000-0x0000023738500000-memory.dmp

memory/3536-684-0x0000023738970000-0x0000023738972000-memory.dmp

memory/3536-701-0x0000023738300000-0x0000023738400000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\C389FD106AACA95B265CC81A85B3522B_CF0A9AE2FF2173C0835A64A39EB71991

MD5 2af36a3f79fd6f06be7866fb129c7c85
SHA1 d61ac9b89aa6ce563f4563dc979f2831e7015de7
SHA256 3a2ca41eb3a6e104a4b83ca3d184929de40c6e4b237e172f4e40e0b1542848b3
SHA512 90b95584e599cf046ba83027e81ed9078946264b5703a6a06438e0532fdc35d1f0fbbd071189a20ecf3542e613e381508be29b5a6e31aa022f92857cedf85cbd

memory/2256-708-0x00000250FFF90000-0x00000250FFF92000-memory.dmp

memory/3536-704-0x0000023738730000-0x0000023738830000-memory.dmp

memory/2256-702-0x00000250FFF80000-0x00000250FFF82000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\C389FD106AACA95B265CC81A85B3522B_CF0A9AE2FF2173C0835A64A39EB71991

MD5 9673735ba17615d7924e3d2ca525ecef
SHA1 3ffb6687e77bcce8d6f7292bac1815e698e5ecf5
SHA256 81ee1192bbe247d8777c66ab8d0efe2606d83a2ed898251e6f62b8b5c0450f79
SHA512 8af3b627e6b654a2dc7d30775a02e178ddd040d0819f7e1c7e40302327ef5d506a3273012942531c5f06a62cbceabf11fabbaca05cd94b36ad49802a834f7092

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\T2WO40G2\dotnet.microsoft[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\C389FD106AACA95B265CC81A85B3522B_CF0A9AE2FF2173C0835A64A39EB71991

MD5 2af36a3f79fd6f06be7866fb129c7c85
SHA1 d61ac9b89aa6ce563f4563dc979f2831e7015de7
SHA256 3a2ca41eb3a6e104a4b83ca3d184929de40c6e4b237e172f4e40e0b1542848b3
SHA512 90b95584e599cf046ba83027e81ed9078946264b5703a6a06438e0532fdc35d1f0fbbd071189a20ecf3542e613e381508be29b5a6e31aa022f92857cedf85cbd

memory/3536-718-0x0000023737E10000-0x0000023737E30000-memory.dmp

memory/3536-721-0x0000023737E10000-0x0000023737E30000-memory.dmp

memory/2256-728-0x00000250FCD00000-0x00000250FCD20000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\T2WO40G2\dotnet.microsoft[1].xml

MD5 815c3b0000808c69605aa1e2efa20ae3
SHA1 9873a8a05bd964becec28b2b8e880865e6f6c301
SHA256 2c438a32d47dec340c7f6a2f68fc5f1bfb69a0d03d9a4fe2a78aba2909d1db3f
SHA512 3bed12f7d721d0c9b3d64a397bf2a167a4d5c66e23e942415fed0028e11d2de6d4bd37093abb30ec3966560c673179cb2062f97c75df88b4d44d2b35bb426684

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

memory/2256-754-0x00000248825E0000-0x00000248826E0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\T2WO40G2\dotnet.microsoft[1].xml

MD5 a1bf2dade959712ce0b6e4cf0132a1b3
SHA1 937f88c96b728af82f1af17d7a26ec2f8ff8de67
SHA256 071f27345adfe57ea6eec78f18e2efe4ce7d851630ae83215ed35f64f183cde7
SHA512 f914077d28686be95ec322da0f1a627d922c3129ae7ca5a7192da3780312d8feaf88e6b20ced9890205d9683c053f6c5795806f2ef0ad9ec88e14389c6816157

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 363eace0374b5737082d955b800b6c51
SHA1 5215cba47a7971b6ac919108772dd97501080c89
SHA256 7583c1a339bbca91e7168f3ee20cf11e45fc82bacc2ffd984eabdaa56a181d68
SHA512 865ef55375a8bb32ebe2ee3a09b3943d584d573fd11a144c99bb2572ff6c8189a3e31d1b578dd640d95b5e42b437873eb4797bd967dd9896ded1fb131c2a880e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 449254152e522b292d5430b584b24e73
SHA1 9b6b1ddc54efb480fde67d736fc9b9894c01c01f
SHA256 5bf02eefbd8b4d2f5fd674ade5d6826df6a00971bc4b0b755c63c14aba3dbf17
SHA512 de5d1d7664f4927337363bc5f1789c595f0b10dc6f10192075af5ef113e796402ac9e30e624bf1cd94fdb3d0efdcf346b3d64bae0f92b58c1336f5cbefec7ed6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\T2WO40G2\dotnet.microsoft[1].xml

MD5 a1bf2dade959712ce0b6e4cf0132a1b3
SHA1 937f88c96b728af82f1af17d7a26ec2f8ff8de67
SHA256 071f27345adfe57ea6eec78f18e2efe4ce7d851630ae83215ed35f64f183cde7
SHA512 f914077d28686be95ec322da0f1a627d922c3129ae7ca5a7192da3780312d8feaf88e6b20ced9890205d9683c053f6c5795806f2ef0ad9ec88e14389c6816157

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\T2WO40G2\dotnet.microsoft[1].xml

MD5 a1bf2dade959712ce0b6e4cf0132a1b3
SHA1 937f88c96b728af82f1af17d7a26ec2f8ff8de67
SHA256 071f27345adfe57ea6eec78f18e2efe4ce7d851630ae83215ed35f64f183cde7
SHA512 f914077d28686be95ec322da0f1a627d922c3129ae7ca5a7192da3780312d8feaf88e6b20ced9890205d9683c053f6c5795806f2ef0ad9ec88e14389c6816157

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 449254152e522b292d5430b584b24e73
SHA1 9b6b1ddc54efb480fde67d736fc9b9894c01c01f
SHA256 5bf02eefbd8b4d2f5fd674ade5d6826df6a00971bc4b0b755c63c14aba3dbf17
SHA512 de5d1d7664f4927337363bc5f1789c595f0b10dc6f10192075af5ef113e796402ac9e30e624bf1cd94fdb3d0efdcf346b3d64bae0f92b58c1336f5cbefec7ed6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 4cb263eee0b31af9fab9a9d913bb96a4
SHA1 5ccaf91f55051d1b49805e008efd88de18a24b1b
SHA256 abb007542e31c71c3c77a7cd96a7d393a002914a86ec233f4c70bc69611b0ea1
SHA512 4a303f0eb7da5ef979a5ad603e00efee24a9e8a70812d1d1208662f9c47af0e15a142adb65146017ec59ce19e60933c9613782726eabe4fbe4cd00630ae11c0d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 514001d8a10cc3d43bd9dc2d90529b70
SHA1 8ff7f9e9863325c363f658d054a337867f405164
SHA256 1a2c8a1cb58b7c8cb0582fb104ffccf92c4ec7a4fe0a6d6755820a46f866bcba
SHA512 e29d622b2e2073405f18191dd3be3a14426f801a874d9fe6b108797d72c60fbb770505e31bf4f46d5ba04118f66133de8468a6af83f3a39c9ff89ba394b872dd

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 f31734bf680bbfb0056bc9028aebcaaf
SHA1 d6954df5e71be624ec92974943382b6883b0eac3
SHA256 a761f69f6ea2ae7d5c59f69bbac0226ec59efea09fcfbaf1ea58fccf5c86d27b
SHA512 8777fbb90ddb29fd791c02ad4192242ec89346a029d61f10822f0afcc82d0c5a6d21cd7c609370ede1b4fcf5c34a7e8785fa1b5ba492b0e8d0d3736b1e0979b9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 f31734bf680bbfb0056bc9028aebcaaf
SHA1 d6954df5e71be624ec92974943382b6883b0eac3
SHA256 a761f69f6ea2ae7d5c59f69bbac0226ec59efea09fcfbaf1ea58fccf5c86d27b
SHA512 8777fbb90ddb29fd791c02ad4192242ec89346a029d61f10822f0afcc82d0c5a6d21cd7c609370ede1b4fcf5c34a7e8785fa1b5ba492b0e8d0d3736b1e0979b9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

MD5 80053b6895a18588a41839ea945c3b01
SHA1 93d4e124d27bac8ea0ba63899ef91e8c310b1547
SHA256 b99913371f073ff39302e218a154bf0ef6da7dddba12c4eaa1cdbbe170a3d88e
SHA512 06c8bf07e7bcb9104337cdbd7c910edcc9910136c3fa617a4c16c1cd96a2e0de3e5bd0312ec67fb7c40a56a82cfd09cdabada4f6867fe896aa166eb6556541ef

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

MD5 94847587413e4854b9cd0ea75bb37d57
SHA1 7e1588293e7c5c2ed41e7bcb0a8d35d5fd219ce6
SHA256 599b83381312281c840328f27c9b2939f99edf0c13ae9d14a0a075b8ab6cb801
SHA512 0d876a4985d0434807c8a55f034e9c6ae43f1e0c1bdf8eb3e61fce1df81e1d4661ae0ba50369b60ed64029e113bc6d004c9129d406f96a311dcb77a3ccfef21f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\3TW6LIOE\brand-dotnet[1].png

MD5 4c4b4a9bb2d54db883702f949dc6fbe1
SHA1 7229b5becebbc51925aa2e08341ddb4bfb53f7ad
SHA256 8fcf6f6cd575c0f8c643691765a7db2a4b3b104bfbff34646555f5ccffdb2895
SHA512 6f4243cc295442eaca7a9358b8eaebfb9dd75a95d67ed25fbb4fa82315ac8e1496fa6a7df59fe7c3eea7be0341c48c3e5ffd76a8c9f4fcb9e2d433d32cac1158

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\D03E46CD585BBE111C712E6577BC5F07_055C1277D03B1EDCAD9F85DFDC5303AE

MD5 43bbf47cd88a050b3568a396bc18b4ff
SHA1 d87f173eda57b8029336c34dc0c4d73a8040d99c
SHA256 1932ff380edf29dcd8771d3881d2a3a315f2af199c1e1932c10f7c8c30fe58d7
SHA512 65f6cd98299da1558da94849cd0360b51f66a8afe406983392f0206c2f46faafdd25cb0f7dd5b8a08fccca725a6e75db75f38690d1abe1d52f795306b9e77363

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\D03E46CD585BBE111C712E6577BC5F07_055C1277D03B1EDCAD9F85DFDC5303AE

MD5 13772a01d74961f881c5c683fc9835c5
SHA1 954b731781dc533df677de10656f7eddbadf8fee
SHA256 9b7c8cb2952ec03e67ce2ad7052ca9d934fbdccb340ead189f4d4ec8167a670e
SHA512 5f3581935299473e538a16eaedca4a85a6004650e8992426b612ea8c7d2cd3eb0f09ba783082a5c4c8832e956facd2b0b27feab08035e6ba431c572db7b44b0b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\D03E46CD585BBE111C712E6577BC5F07_055C1277D03B1EDCAD9F85DFDC5303AE

MD5 43bbf47cd88a050b3568a396bc18b4ff
SHA1 d87f173eda57b8029336c34dc0c4d73a8040d99c
SHA256 1932ff380edf29dcd8771d3881d2a3a315f2af199c1e1932c10f7c8c30fe58d7
SHA512 65f6cd98299da1558da94849cd0360b51f66a8afe406983392f0206c2f46faafdd25cb0f7dd5b8a08fccca725a6e75db75f38690d1abe1d52f795306b9e77363

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\T2WO40G2\dotnet.microsoft[1].xml

MD5 35e59fcbc894a2c42f19318247cc9688
SHA1 b29db1a9d1bbc86d83b5fe510d8decdb7a33433c
SHA256 fda4440587ae2243bb1651041e480a22764e4f962a1b6c3f5e22b2176f69dcfd
SHA512 f7dedcf3f3f7de316c3a6b0a3a4eba2f220a7ce1887079f0199edda8a616999c8b4c44dc2c0580359546a04db9e009e9b95bff9986a5465863b919aa1faff86c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SZB5C9HW\microsoft-net-button-bd8edd6aee4a2cdd05bc7f6ed668f1d6[1].png

MD5 bd8edd6aee4a2cdd05bc7f6ed668f1d6
SHA1 c40d632f8a7000a0ab0dae9d6b5109fca259cf98
SHA256 9a784125893b64586eeacfbf714aaf1e4704807f5b6baaa23db4920e27212653
SHA512 c708134c14acea7371e913ba75f948fcfcab0976cfb89460ad98a8e79afc2f252f66f4749bab9d61d34b821ac550b1c97ff07d5248ce0859947fd1697a822cae

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\T2WO40G2\dotnet.microsoft[1].xml

MD5 e8669ae82b1357f010b10743a1204cf0
SHA1 94aecc76030b1a2414298bfb61e1f2360aca6035
SHA256 79d13d351319984c4f798de89d4574047d3dc8591b3fa97534c8a1658708af09
SHA512 993edeec64568f8e6842e453915e9589cb9403ffaf03d0bc88c0d9d9cb2fcd24cb313ac86a5acb389e2a3ca14f68a8e0c90ddd1fa2b3fac931d8cb6beba1cbf0

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TCMH1DO0\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\CAA1MT91\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral3

Detonation Overview

Submitted

2023-11-04 19:03

Reported

2023-11-04 19:34

Platform

win10v2004-20231023-en

Max time kernel

1812s

Max time network

1161s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat.rar

Signatures

AsyncRat

rat asyncrat

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat.rar

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\" -spe -an -ai#7zMap3071:110:7zEvent13366

C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe

"C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 126.177.238.8.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 131.109.69.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\packages\Vestris.ResourceLib.2.2.0-beta0004\lib\net35\Vestris.ResourceLib.xml

MD5 5d2dee455b4003b6624b6dd890edb279
SHA1 4cdb025c8c5935bfc49871fca80fc4a346acd579
SHA256 02b4fd6d46ffc9411e4688a5b088fbc7d34062024e1c93637535e093319c35b6
SHA512 90f0123b6300a2fe53b7da8b50253c5807950da96dd0010e2494cc9f14d339d7a131c9653f29a585c2647634537cfbc1a1d84debc33a1b96bf7f01b88eaedee9

C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe

MD5 5384c0396589430eeb3d1a2e05703e9a
SHA1 20da44da7639bbef2f6b5bfc21df7474cd1109af
SHA256 b4250aff983f1f588593baed1adb4797e6c1ab6225595ebd013b50348a57a459
SHA512 9bf613ee62b0e56af500dd88f572b2221ad6df63b0b4c0dcb0ef763efcebeac633a95f10dfce90f6cff038df2810681dd55dcdd272eb9f907c670cc2e4f7363a

C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe

MD5 5384c0396589430eeb3d1a2e05703e9a
SHA1 20da44da7639bbef2f6b5bfc21df7474cd1109af
SHA256 b4250aff983f1f588593baed1adb4797e6c1ab6225595ebd013b50348a57a459
SHA512 9bf613ee62b0e56af500dd88f572b2221ad6df63b0b4c0dcb0ef763efcebeac633a95f10dfce90f6cff038df2810681dd55dcdd272eb9f907c670cc2e4f7363a

C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\VenomRAT_HVNC.exe.config

MD5 fa21c166232c3b29f8d2d14557490c9c
SHA1 2cb1a7d4a204fc03bd6bd15aa9f431f3445a08de
SHA256 5c939c46f9d81cb75180c897feb5044176ed44cd0d51e076149bd82425e4ef44
SHA512 cca1dd276a093b62845e5a7652e778d07200b7158cb05a2b44e11e69ce8bc78020eeeb29d55a87a6b87a3fcc25b2883175850467002388a811abfe9945d58fd9

memory/1908-305-0x0000000074920000-0x00000000750D0000-memory.dmp

memory/1908-306-0x0000000000230000-0x00000000012CA000-memory.dmp

memory/1908-307-0x00000000063D0000-0x0000000006974000-memory.dmp

memory/1908-308-0x0000000005CC0000-0x0000000005D52000-memory.dmp

memory/1908-309-0x0000000005C60000-0x0000000005C72000-memory.dmp

memory/1908-310-0x0000000005FB0000-0x0000000005FC0000-memory.dmp

memory/1908-311-0x0000000005D90000-0x0000000005D9A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\Guna.UI2.dll

MD5 0188fce753516183a41c4d146e337778
SHA1 eb0f5324e8dd08a181d4bdfc1d90543077b2ee67
SHA256 ee4449bccf826cbc56c13087d54a1a69fd42464d437ce8f355ac6afb61df6829
SHA512 b3aafc9a80eec37556f4e60ab23579dd7d42c060b3ca2064d6d0c16901b54500503750868bef651a01401551551e372ac9fd459029c5d0efdd2aa385384916fc

memory/1908-315-0x0000000006980000-0x0000000006B90000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\Guna.UI2.dll

MD5 0188fce753516183a41c4d146e337778
SHA1 eb0f5324e8dd08a181d4bdfc1d90543077b2ee67
SHA256 ee4449bccf826cbc56c13087d54a1a69fd42464d437ce8f355ac6afb61df6829
SHA512 b3aafc9a80eec37556f4e60ab23579dd7d42c060b3ca2064d6d0c16901b54500503750868bef651a01401551551e372ac9fd459029c5d0efdd2aa385384916fc

C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\Guna.UI2.dll

MD5 0188fce753516183a41c4d146e337778
SHA1 eb0f5324e8dd08a181d4bdfc1d90543077b2ee67
SHA256 ee4449bccf826cbc56c13087d54a1a69fd42464d437ce8f355ac6afb61df6829
SHA512 b3aafc9a80eec37556f4e60ab23579dd7d42c060b3ca2064d6d0c16901b54500503750868bef651a01401551551e372ac9fd459029c5d0efdd2aa385384916fc

C:\Users\Admin\AppData\Local\Temp\ce5561ca-8be2-48c6-aded-c0fd7a17d1be\AgileDotNetRT.dll

MD5 14ff402962ad21b78ae0b4c43cd1f194
SHA1 f8a510eb26666e875a5bdd1cadad40602763ad72
SHA256 fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b
SHA512 daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b

C:\Users\Admin\AppData\Local\Temp\ce5561ca-8be2-48c6-aded-c0fd7a17d1be\AgileDotNetRT.dll

MD5 14ff402962ad21b78ae0b4c43cd1f194
SHA1 f8a510eb26666e875a5bdd1cadad40602763ad72
SHA256 fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b
SHA512 daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b

memory/1908-323-0x0000000073330000-0x00000000733B9000-memory.dmp

memory/1908-324-0x0000000005FB0000-0x0000000005FC0000-memory.dmp

memory/1908-325-0x0000000074920000-0x00000000750D0000-memory.dmp

memory/1908-326-0x0000000005FB0000-0x0000000005FC0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\cGeoIp.dll

MD5 6d6e172e7965d1250a4a6f8a0513aa9f
SHA1 b0fd4f64e837f48682874251c93258ee2cbcad2b
SHA256 d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0
SHA512 35daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155

C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\cGeoIp.dll

MD5 6d6e172e7965d1250a4a6f8a0513aa9f
SHA1 b0fd4f64e837f48682874251c93258ee2cbcad2b
SHA256 d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0
SHA512 35daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155

C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\cGeoIp.dll

MD5 6d6e172e7965d1250a4a6f8a0513aa9f
SHA1 b0fd4f64e837f48682874251c93258ee2cbcad2b
SHA256 d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0
SHA512 35daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155

memory/1908-330-0x000000000BD90000-0x000000000BFE2000-memory.dmp

memory/1908-331-0x0000000005FB0000-0x0000000005FC0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\ServerCertificate.p12

MD5 9eb35831c5fc4c2faa95c0490da1fd97
SHA1 e9bd2d635feb0ed64b64d20b3443e479cd1778bc
SHA256 676b682456910aec732f9061663309d79b1bd84a8956492881fb45d757a8427f
SHA512 4ce36d18b4c06c7af205413dd155741dfa5de7a5a0058283b54fc5fd09d89323a93d21d0205a252d3f0fe70f30dec8a9133b519c113b2f975c73c0d20a144ab3

memory/1908-335-0x0000000005FB0000-0x0000000005FC0000-memory.dmp

memory/1908-336-0x0000000005FB0000-0x0000000005FC0000-memory.dmp

C:\Users\Admin\AppData\Local\VenomRAT_HVNC\VenomRAT_HVNC.exe_Url_ykbwqcpqeruz2gzfhzscfzoue1rvl2gs\5.0.4.0\user.config

MD5 b5763604c0fac9db744369988d8dc4d5
SHA1 1093595809be379a8112206e7bf7ce01d43e7f59
SHA256 124d4c2e09f12760def84a0e725944533405b41bc2f2fc481fb74c10fe7ba36a
SHA512 d475c1a8877347d9498280fa6080f9bdb8738a33b5030aea9e04a5ab9dd6e68e42f01d129667f51974fce5942ba1b0dda95d87490e1f387645df97dd3afa860c

C:\Users\Admin\AppData\Local\VenomRAT_HVNC\VenomRAT_HVNC.exe_Url_ykbwqcpqeruz2gzfhzscfzoue1rvl2gs\5.0.4.0\user.config

MD5 bcc5c03a535e667be5f555ecebd9e8ba
SHA1 200469a59924edfb906706caf83d1780bc4c6c18
SHA256 19fb41c1060c72be295baab9c6a564601d8461401f3f24315eead171c441e231
SHA512 547b2407dcdae631c79cb9894f8bf972f89929b9c6879a523ade0a73d4959f059565aab804e12aa98fbbbe3397e62f98705bed16ddd56b519793a28959b25ab5