asyncrat | hxxps://www[.]upload[.]ee/files/14979141/Venom_HVNC_5[.]0[.]6_By_ESCANOR[.]rar[.]html

Analysis

max time kernel
215s
max time network
217s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
28-02-2023 13:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.upload.ee/files/14979141/Venom_HVNC_5.0.6_By_ESCANOR.rar.html

Score

10^/10

asyncrat elysiumstealer evasion rat stealer themida trojan

Malware Config

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
ElysiumStealer
ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.
stealer elysiumstealer

ElysiumStealer Support DLL 4 IoCs

Processes:

resource	yara_rule
behavioral1/files/0x0007000000023055-430.dat	elysiumstealer_dll
behavioral1/files/0x0007000000023055-464.dat	elysiumstealer_dll
behavioral1/files/0x0007000000023055-465.dat	elysiumstealer_dll
behavioral1/files/0x0007000000023055-589.dat	elysiumstealer_dll

Async RAT payload 10 IoCs

rat

Processes:

resource	yara_rule
behavioral1/memory/5328-421-0x0000000000F40000-0x00000000031A4000-memory.dmp	asyncrat
behavioral1/memory/5328-423-0x0000000000F40000-0x00000000031A4000-memory.dmp	asyncrat
behavioral1/memory/5328-454-0x0000000000F40000-0x00000000031A4000-memory.dmp	asyncrat
behavioral1/memory/5832-456-0x0000000000F40000-0x00000000031A4000-memory.dmp	asyncrat
behavioral1/memory/5832-460-0x0000000000F40000-0x00000000031A4000-memory.dmp	asyncrat
behavioral1/memory/5832-461-0x0000000000F40000-0x00000000031A4000-memory.dmp	asyncrat
behavioral1/memory/5832-469-0x0000000000F40000-0x00000000031A4000-memory.dmp	asyncrat
behavioral1/memory/4772-585-0x0000000000970000-0x0000000002BD4000-memory.dmp	asyncrat
behavioral1/memory/4772-586-0x0000000000970000-0x0000000002BD4000-memory.dmp	asyncrat
behavioral1/memory/4772-596-0x0000000000970000-0x0000000002BD4000-memory.dmp	asyncrat

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 3 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

Venom RAT + HVNC By Escanorrt.exeVenom RAT + HVNC By Escanorrt.exeVenom RAT + HVNC By Escanorrt.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Venom RAT + HVNC By Escanorrt.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Venom RAT + HVNC By Escanorrt.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Venom RAT + HVNC By Escanorrt.exe

Checks BIOS information in registry 2 TTPs 6 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Venom RAT + HVNC By Escanorrt.exeVenom RAT + HVNC By Escanorrt.exeVenom RAT + HVNC By Escanorrt.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Venom RAT + HVNC By Escanorrt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Venom RAT + HVNC By Escanorrt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Venom RAT + HVNC By Escanorrt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Venom RAT + HVNC By Escanorrt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Venom RAT + HVNC By Escanorrt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Venom RAT + HVNC By Escanorrt.exe

Executes dropped EXE 3 IoCs

Processes:

Venom RAT + HVNC By Escanorrt.exeVenom RAT + HVNC By Escanorrt.exeVenom RAT + HVNC By Escanorrt.exe

pid	Process
5328	Venom RAT + HVNC By Escanorrt.exe
5832	Venom RAT + HVNC By Escanorrt.exe
4772	Venom RAT + HVNC By Escanorrt.exe

Loads dropped DLL 3 IoCs

Processes:

Venom RAT + HVNC By Escanorrt.exeVenom RAT + HVNC By Escanorrt.exeVenom RAT + HVNC By Escanorrt.exe

pid	Process
5328	Venom RAT + HVNC By Escanorrt.exe
5832	Venom RAT + HVNC By Escanorrt.exe
4772	Venom RAT + HVNC By Escanorrt.exe

Themida packer 14 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
behavioral1/files/0x000600000002302a-413.dat	themida
behavioral1/files/0x000600000002302a-414.dat	themida
behavioral1/memory/5328-421-0x0000000000F40000-0x00000000031A4000-memory.dmp	themida
behavioral1/memory/5328-423-0x0000000000F40000-0x00000000031A4000-memory.dmp	themida
behavioral1/memory/5328-454-0x0000000000F40000-0x00000000031A4000-memory.dmp	themida
behavioral1/files/0x000600000002302a-455.dat	themida
behavioral1/memory/5832-460-0x0000000000F40000-0x00000000031A4000-memory.dmp	themida
behavioral1/memory/5832-461-0x0000000000F40000-0x00000000031A4000-memory.dmp	themida
behavioral1/memory/5832-469-0x0000000000F40000-0x00000000031A4000-memory.dmp	themida
behavioral1/files/0x000700000002307d-579.dat	themida
behavioral1/files/0x000700000002307d-580.dat	themida
behavioral1/memory/4772-585-0x0000000000970000-0x0000000002BD4000-memory.dmp	themida
behavioral1/memory/4772-586-0x0000000000970000-0x0000000002BD4000-memory.dmp	themida
behavioral1/memory/4772-596-0x0000000000970000-0x0000000002BD4000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 3 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

Venom RAT + HVNC By Escanorrt.exeVenom RAT + HVNC By Escanorrt.exeVenom RAT + HVNC By Escanorrt.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Venom RAT + HVNC By Escanorrt.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Venom RAT + HVNC By Escanorrt.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Venom RAT + HVNC By Escanorrt.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

Processes:

Venom RAT + HVNC By Escanorrt.exeVenom RAT + HVNC By Escanorrt.exeVenom RAT + HVNC By Escanorrt.exe

pid	Process
5328	Venom RAT + HVNC By Escanorrt.exe
5832	Venom RAT + HVNC By Escanorrt.exe
4772	Venom RAT + HVNC By Escanorrt.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133220692322322130"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid	Process
1320	chrome.exe
1320	chrome.exe
5324	chrome.exe
5324	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

chrome.exe

pid	Process
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	Process
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

Processes:

chrome.exe7zG.exe7zG.exe

pid	Process
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
2864	7zG.exe
2716	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	Process
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	Process	procid_target
PID 1320 wrote to memory of 2720	1320	chrome.exe	85
PID 1320 wrote to memory of 2720	1320	chrome.exe	85
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 4648	1320	chrome.exe	86
PID 1320 wrote to memory of 1572	1320	chrome.exe	87
PID 1320 wrote to memory of 1572	1320	chrome.exe	87
PID 1320 wrote to memory of 212	1320	chrome.exe	88
PID 1320 wrote to memory of 212	1320	chrome.exe	88
PID 1320 wrote to memory of 212	1320	chrome.exe	88
PID 1320 wrote to memory of 212	1320	chrome.exe	88
PID 1320 wrote to memory of 212	1320	chrome.exe	88
PID 1320 wrote to memory of 212	1320	chrome.exe	88
PID 1320 wrote to memory of 212	1320	chrome.exe	88
PID 1320 wrote to memory of 212	1320	chrome.exe	88
PID 1320 wrote to memory of 212	1320	chrome.exe	88
PID 1320 wrote to memory of 212	1320	chrome.exe	88
PID 1320 wrote to memory of 212	1320	chrome.exe	88
PID 1320 wrote to memory of 212	1320	chrome.exe	88
PID 1320 wrote to memory of 212	1320	chrome.exe	88
PID 1320 wrote to memory of 212	1320	chrome.exe	88
PID 1320 wrote to memory of 212	1320	chrome.exe	88
PID 1320 wrote to memory of 212	1320	chrome.exe	88
PID 1320 wrote to memory of 212	1320	chrome.exe	88
PID 1320 wrote to memory of 212	1320	chrome.exe	88
PID 1320 wrote to memory of 212	1320	chrome.exe	88
PID 1320 wrote to memory of 212	1320	chrome.exe	88
PID 1320 wrote to memory of 212	1320	chrome.exe	88
PID 1320 wrote to memory of 212	1320	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.upload.ee/files/14979141/Venom_HVNC_5.0.6_By_ESCANOR.rar.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90cb79758,0x7ff90cb79768,0x7ff90cb79778
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1804,i,13664675892317203812,3656138293037479493,131072 /prefetch:2
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1804,i,13664675892317203812,3656138293037479493,131072 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1804,i,13664675892317203812,3656138293037479493,131072 /prefetch:8
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1804,i,13664675892317203812,3656138293037479493,131072 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1804,i,13664675892317203812,3656138293037479493,131072 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4428 --field-trial-handle=1804,i,13664675892317203812,3656138293037479493,131072 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3828 --field-trial-handle=1804,i,13664675892317203812,3656138293037479493,131072 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4696 --field-trial-handle=1804,i,13664675892317203812,3656138293037479493,131072 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3292 --field-trial-handle=1804,i,13664675892317203812,3656138293037479493,131072 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4920 --field-trial-handle=1804,i,13664675892317203812,3656138293037479493,131072 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4516 --field-trial-handle=1804,i,13664675892317203812,3656138293037479493,131072 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5320 --field-trial-handle=1804,i,13664675892317203812,3656138293037479493,131072 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7584 --field-trial-handle=1804,i,13664675892317203812,3656138293037479493,131072 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6840 --field-trial-handle=1804,i,13664675892317203812,3656138293037479493,131072 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3112 --field-trial-handle=1804,i,13664675892317203812,3656138293037479493,131072 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6372 --field-trial-handle=1804,i,13664675892317203812,3656138293037479493,131072 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=928 --field-trial-handle=1804,i,13664675892317203812,3656138293037479493,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5324

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3596

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3676

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Venom_HVNC_5.0.6_By_ESCANOR\" -spe -an -ai#7zMap29104:116:7zEvent21950
1⤵
- Suspicious use of FindShellTrayWindow
PID:2864

C:\Users\Admin\Downloads\Venom_HVNC_5.0.6_By_ESCANOR\Venom RAT + HVNC By Escanorrt.exe
"C:\Users\Admin\Downloads\Venom_HVNC_5.0.6_By_ESCANOR\Venom RAT + HVNC By Escanorrt.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:5328

C:\Users\Admin\Downloads\Venom_HVNC_5.0.6_By_ESCANOR\Venom RAT + HVNC By Escanorrt.exe
"C:\Users\Admin\Downloads\Venom_HVNC_5.0.6_By_ESCANOR\Venom RAT + HVNC By Escanorrt.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:5832

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Venom_HVNC_5.0.6_By_ESCANORl\" -spe -an -ai#7zMap21949:118:7zEvent21775
1⤵
- Suspicious use of FindShellTrayWindow
PID:2716

C:\Users\Admin\Downloads\Venom_HVNC_5.0.6_By_ESCANORl\Venom RAT + HVNC By Escanorrt.exe
"C:\Users\Admin\Downloads\Venom_HVNC_5.0.6_By_ESCANORl\Venom RAT + HVNC By Escanorrt.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:4772

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
45KB

MD5
91451d1ec57ce1bc7c4c8ca7bddec42f

SHA1
45745a127deca1d09ce6b76ad6fc61098a40d488

SHA256
acbf223b98dddada08e0b403986fc5f7bfd8c360d6c63cd50cafc3fc5540979d

SHA512
e037ef6778fae0dbbc1b3e06b7b1a19af6d29d57fb856bebd40197f35be3da9474159aed9367db4265bdc690fffbf27fb90970d4e7d60c566c1e965808d580d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
68KB

MD5
6318bc9aa273303d451a1f0b31f6b935

SHA1
8f34d2473be6a36d19b1751c46302bb015aa059a

SHA256
c04861a20dca62b98677da7e96440b0e402e9a1aa91541b6e5eeed792c1db54f

SHA512
2ba9e602a5fa16da65533ffdb965c4eb5443d4ca7afeba89ffc03b8a52b07c11f44535b1cc391d040d2a6d7a6c9e7cee76f34aeb0e80518780da474f13e58d85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
8c9d3e07e3ec8dca47dfac406ce094af

SHA1
63f67bcad4b653632188248c003d12ef6709d7c4

SHA256
3042762b9ff9e44631ac552dce1866590064bc6f3fead74820ddc49f3332ddce

SHA512
83956ff560300167f736cb87055229eae688eb4ee86e52fb93764e8ef720987952cbcbb5fe468d47a96b199824392f466b8d2810f9f605df6e62b8adaa3b10b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e7bf8aa340a47fa9d7bde38cf49dbd1f

SHA1
82e26df1327c8fd94945121d8adbfe12a09b6093

SHA256
6b1bba667c323070b809a93fc94dad68518d07bb3a4441c6be9ecdd07cae2000

SHA512
eff885c675546314dc2faa44f8f5764607c8a31ad1a3d855a6fba08d21860de2cc81e24f7fd509d9fadab0366397b32f8fb5d32c4fde7c1c632f5d01a72a728f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3410bf63a89c6158e72891ebb50ca7db

SHA1
e5e96d881e9b362e6de6805438aa846df10c1093

SHA256
68814196ccb05e4ac931f90123c2aab157f1d6b223ad95f801b5ba0249d5b325

SHA512
347157e87fd78a0d0bc96a885bcea7031559e41bea7e42ef6c4918665ba85902b9278eaf3c1c9afc39da88e1ab16097dab9f2e5e1762cf972ca737df5b628d48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4252c04ab30c73223a9e9ff107e94d72

SHA1
1f32dcf29df5cac94e92470a3bc2d382a565a906

SHA256
1f8067a43db0afaa7213a5eddd85ff10b7ea7b1c802bd0a8e51e83729e100154

SHA512
3f1f8ae1ac1f6fb0d41191037d99f703a096202736f57f3b8098eabbb50155a6782f06fd12ab5d64f119b3aaa672b65d1245371eaf243b0512c46d3d5e17c792

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e29d4672886d3719272be0ccc40ef6fa

SHA1
f5e66203a70015de928c920d20d1cd88d8d1e25b

SHA256
c2a16579552fba8457ca443c646c5e5bed530ff2f74f82a4d7148ebe595697c6

SHA512
53fcbaf8ded2e60ab6f1d8a3cfe9e1eb7b4d9b8318c73ed3a614f499b2ae2193f389aa81cec0554e07f98fdd6efd3320ad8f90871b88e54b7ad3c6e3a5fa7d84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
14682fbe7ccc896095d4e79026a951bc

SHA1
89104573a397a9016a7098122e829a2fcaa6094b

SHA256
5694c8477b373b85b7820644ee6289fe06963a6fc0bd16537a302f2d3be17603

SHA512
c625c946ea50c29f1bbd1abbd2f8e05dbc108fdf8aa8e54ceed20d8a8eaad612120d10a0a8e1713409e1b4e90be3f5b2b047485f54c19bf9cb7dac62b291e24b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
270310e33b88059e63461b2b4b8ab7ac

SHA1
dafdaae91880c1fb5fd866c3deaefbd44fab7ffd

SHA256
7d947019cc2c1213318d0fcc1721580dbe84138d0538ed166ff75c319a8d02e5

SHA512
a34eae0d26be8453caccd5f39099e943110526ec13eff36a91fe3a3ef8e0b7eddb13851c701115cd16701c099fb9b9dec94575b08a32106263749ce71adf6e9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
a78368c6f0c1fb5a65b007a6ace8881b

SHA1
0ef9adb14ac72db35030bfaa86432fa66b423f47

SHA256
17a8592f6cebfcc8ee213f662d7aae9cf25a577e458b5b20d67248f48795c742

SHA512
56d0cfb87d8530aacd470ea350f7d632fde4e753d1d7d069d48bfa872bafe2d36d6b7a4bef6ef99a64e99c015a6a1e271153252066d4056ad0b8edfeeb4cad27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
141KB

MD5
e70ed64466ae5a5264f6d73032b6ba1a

SHA1
cb8dc0187c339764da961edf22f83b1a9283df56

SHA256
07606c49265116e1fccc8eaf10daa5a5413d53d3a7bb8cf5c5515b574669491f

SHA512
47330153198c07764d79907557037f5b89e8756b0ee03a06e3e8e530e85218104e357b819f664342d6330403cfd513f2e40232382dff5b5c8db888e1b63b01c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
141KB

MD5
232a3ba7f62c171c160aaca81e451bf2

SHA1
b8a136bc133954be734df892cf82af53db788890

SHA256
a020b664b5fe2aee9c1139c565ffba9bdd37f7d728ce8d88ff441649985ba657

SHA512
c9915c82bbe27585310650ad213e9873d20e272f5af77eb1ddc6bfaa5f7dd0a82aea44a9bda663d667f4a74599f1f6ac7e77aa2ddb9b74587d4b48ecb72a48fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Venom RAT + HVNC By Escanorrt.exe.log

Filesize
1KB

MD5
d4d42aa296717dda420bdba78227bdfb

SHA1
4412b57da559dfa087b966a504e672d6ae21ef7b

SHA256
951326c55c1b0714cbe483cc3617a343412d05f260c7aa89f30c00dacc0d46fb

SHA512
687d534ff3b9c9d71bef415f319c46cffc153f510efe009934dbf53edbe9aa5e40bdfa6d30409ec6f943707ffdb673ae182355f0f81fc6ddfe51ae54050ba3b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\NativePRo.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\NativePRo.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\NativePRo.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\NativePRo.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\Downloads\Venom_HVNC_5.0.6_By_ESCANOR

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\Downloads\Venom_HVNC_5.0.6_By_ESCANOR.rar

Filesize
27.2MB

MD5
450ccc1e03c3494f9dc4943b514a5a48

SHA1
cae7560db93ccfbe4f94aaeef2500d9fe7167924

SHA256
62af9c3bca0fee8b633a99699adbe0f97183a5797d9fd2e857c0fcde8603c826

SHA512
e87222764a583b4fb52c174292575524549dcbbc5dbb26ef95aa5fe9e10a6e72bf9e3801727b24e59c72f6449ed48e113af27ebd2332b96bb30140de7690fb8f

Download Submit
C:\Users\Admin\Downloads\Venom_HVNC_5.0.6_By_ESCANOR\7z.exe

Filesize
436KB

MD5
3e797119e0fd64297cb82794b8d68edd

SHA1
a67d3b35743f6ca383673a3848b8c97ec164cc0d

SHA256
c7245e21a7553d9e52d434002a401c77a7ca7d0f245f2311b0ddf16f8f946c6f

SHA512
1378c54a3a1c5bd73c04e787d218f245024625003d689379013f1343c7f9e6282d670c3d68edce6006629ca90cddd27ac3f53f640f96c4936bbff319658caef8

Download Submit
C:\Users\Admin\Downloads\Venom_HVNC_5.0.6_By_ESCANOR\Venom RAT + HVNC By Escanorrt.exe

Filesize
20.5MB

MD5
b5262cd8a118dbb8d0ae396eec46a2f5

SHA1
f1bbb1a1a37697f226d4050d60bb8be7cef04131

SHA256
790995dff1c63dfe04d013dac053022891f36b1dc4ca755972911a38d17ac0f2

SHA512
0c4a7e695423bd37d31e8d65bbf382eb0c4687f97702767da9205510c777fbfc35e8f8bec3b38abad63001b6204ffdadfb6975026e259a33e8b2f102d759cf1b

Download Submit
C:\Users\Admin\Downloads\Venom_HVNC_5.0.6_By_ESCANOR\Venom RAT + HVNC By Escanorrt.exe

Filesize
20.5MB

MD5
b5262cd8a118dbb8d0ae396eec46a2f5

SHA1
f1bbb1a1a37697f226d4050d60bb8be7cef04131

SHA256
790995dff1c63dfe04d013dac053022891f36b1dc4ca755972911a38d17ac0f2

SHA512
0c4a7e695423bd37d31e8d65bbf382eb0c4687f97702767da9205510c777fbfc35e8f8bec3b38abad63001b6204ffdadfb6975026e259a33e8b2f102d759cf1b

Download Submit
C:\Users\Admin\Downloads\Venom_HVNC_5.0.6_By_ESCANOR\Venom RAT + HVNC By Escanorrt.exe

Filesize
20.5MB

MD5
b5262cd8a118dbb8d0ae396eec46a2f5

SHA1
f1bbb1a1a37697f226d4050d60bb8be7cef04131

SHA256
790995dff1c63dfe04d013dac053022891f36b1dc4ca755972911a38d17ac0f2

SHA512
0c4a7e695423bd37d31e8d65bbf382eb0c4687f97702767da9205510c777fbfc35e8f8bec3b38abad63001b6204ffdadfb6975026e259a33e8b2f102d759cf1b

Download Submit
C:\Users\Admin\Downloads\Venom_HVNC_5.0.6_By_ESCANOR\Venom RAT + HVNC By Escanorrt.exe.config

Filesize
2KB

MD5
fa21c166232c3b29f8d2d14557490c9c

SHA1
2cb1a7d4a204fc03bd6bd15aa9f431f3445a08de

SHA256
5c939c46f9d81cb75180c897feb5044176ed44cd0d51e076149bd82425e4ef44

SHA512
cca1dd276a093b62845e5a7652e778d07200b7158cb05a2b44e11e69ce8bc78020eeeb29d55a87a6b87a3fcc25b2883175850467002388a811abfe9945d58fd9

Download Submit
C:\Users\Admin\Downloads\Venom_HVNC_5.0.6_By_ESCANORl\Venom RAT + HVNC By Escanorrt.exe

Filesize
20.5MB

MD5
b5262cd8a118dbb8d0ae396eec46a2f5

SHA1
f1bbb1a1a37697f226d4050d60bb8be7cef04131

SHA256
790995dff1c63dfe04d013dac053022891f36b1dc4ca755972911a38d17ac0f2

SHA512
0c4a7e695423bd37d31e8d65bbf382eb0c4687f97702767da9205510c777fbfc35e8f8bec3b38abad63001b6204ffdadfb6975026e259a33e8b2f102d759cf1b

Download Submit
C:\Users\Admin\Downloads\Venom_HVNC_5.0.6_By_ESCANORl\Venom RAT + HVNC By Escanorrt.exe

Filesize
20.5MB

MD5
b5262cd8a118dbb8d0ae396eec46a2f5

SHA1
f1bbb1a1a37697f226d4050d60bb8be7cef04131

SHA256
790995dff1c63dfe04d013dac053022891f36b1dc4ca755972911a38d17ac0f2

SHA512
0c4a7e695423bd37d31e8d65bbf382eb0c4687f97702767da9205510c777fbfc35e8f8bec3b38abad63001b6204ffdadfb6975026e259a33e8b2f102d759cf1b

Download Submit
C:\Users\Admin\Downloads\Venom_HVNC_5.0.6_By_ESCANORl\Venom RAT + HVNC By Escanorrt.exe.config

Filesize
2KB

MD5
fa21c166232c3b29f8d2d14557490c9c

SHA1
2cb1a7d4a204fc03bd6bd15aa9f431f3445a08de

SHA256
5c939c46f9d81cb75180c897feb5044176ed44cd0d51e076149bd82425e4ef44

SHA512
cca1dd276a093b62845e5a7652e778d07200b7158cb05a2b44e11e69ce8bc78020eeeb29d55a87a6b87a3fcc25b2883175850467002388a811abfe9945d58fd9

Download Submit
\??\pipe\crashpad_1320_HXYLMGYADYAVJNYK

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4648-136-0x00007FF928440000-0x00007FF928441000-memory.dmp

Filesize
4KB

Download
memory/4772-596-0x0000000000970000-0x0000000002BD4000-memory.dmp

Filesize
34.4MB

Download
memory/4772-581-0x0000000000970000-0x0000000002BD4000-memory.dmp

Filesize
34.4MB

Download
memory/4772-587-0x0000000005400000-0x0000000005410000-memory.dmp

Filesize
64KB

Download
memory/4772-585-0x0000000000970000-0x0000000002BD4000-memory.dmp

Filesize
34.4MB

Download
memory/4772-586-0x0000000000970000-0x0000000002BD4000-memory.dmp

Filesize
34.4MB

Download
memory/4772-590-0x0000000005400000-0x0000000005410000-memory.dmp

Filesize
64KB

Download
memory/5324-484-0x0000025CBED00000-0x0000025CBED01000-memory.dmp

Filesize
4KB

Download
memory/5324-485-0x0000025CBED00000-0x0000025CBED01000-memory.dmp

Filesize
4KB

Download
memory/5324-483-0x0000025CBED00000-0x0000025CBED01000-memory.dmp

Filesize
4KB

Download
memory/5324-482-0x0000025CBED00000-0x0000025CBED01000-memory.dmp

Filesize
4KB

Download
memory/5324-481-0x0000025CBED00000-0x0000025CBED01000-memory.dmp

Filesize
4KB

Download
memory/5324-473-0x0000025CBED00000-0x0000025CBED01000-memory.dmp

Filesize
4KB

Download
memory/5324-474-0x0000025CBED00000-0x0000025CBED01000-memory.dmp

Filesize
4KB

Download
memory/5324-475-0x0000025CBED00000-0x0000025CBED01000-memory.dmp

Filesize
4KB

Download
memory/5324-480-0x0000025CBED00000-0x0000025CBED01000-memory.dmp

Filesize
4KB

Download
memory/5324-479-0x0000025CBED00000-0x0000025CBED01000-memory.dmp

Filesize
4KB

Download
memory/5328-421-0x0000000000F40000-0x00000000031A4000-memory.dmp

Filesize
34.4MB

Download
memory/5328-426-0x0000000000F40000-0x00000000031A4000-memory.dmp

Filesize
34.4MB

Download
memory/5328-415-0x0000000000F40000-0x00000000031A4000-memory.dmp

Filesize
34.4MB

Download
memory/5328-423-0x0000000000F40000-0x00000000031A4000-memory.dmp

Filesize
34.4MB

Download
memory/5328-425-0x0000000007E60000-0x0000000007E70000-memory.dmp

Filesize
64KB

Download
memory/5328-428-0x0000000007E60000-0x0000000007E70000-memory.dmp

Filesize
64KB

Download
memory/5328-433-0x0000000008600000-0x0000000008BA4000-memory.dmp

Filesize
5.6MB

Download
memory/5328-454-0x0000000000F40000-0x00000000031A4000-memory.dmp

Filesize
34.4MB

Download
memory/5328-450-0x0000000009430000-0x000000000946C000-memory.dmp

Filesize
240KB

Download
memory/5328-449-0x00000000085D0000-0x00000000085E2000-memory.dmp

Filesize
72KB

Download
memory/5328-434-0x0000000007F80000-0x0000000008012000-memory.dmp

Filesize
584KB

Download
memory/5832-456-0x0000000000F40000-0x00000000031A4000-memory.dmp

Filesize
34.4MB

Download
memory/5832-460-0x0000000000F40000-0x00000000031A4000-memory.dmp

Filesize
34.4MB

Download
memory/5832-469-0x0000000000F40000-0x00000000031A4000-memory.dmp

Filesize
34.4MB

Download
memory/5832-461-0x0000000000F40000-0x00000000031A4000-memory.dmp

Filesize
34.4MB

Download
memory/5832-462-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/5832-466-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download