njrat | hxxps://playit[.]gg

Resubmissions

17/07/2023, 10:06

230717-l5ap3sbh9s 8

16/07/2023, 21:42

230716-1kr6ysgg98 10

16/07/2023, 21:17

230716-z49dxahf31 10

Analysis

max time kernel
491s
max time network
496s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
16/07/2023, 21:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://playit.gg

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

dllsys.duckdns.org:3202

Mutex

3b570ffeeb3d34249b9a5ce0ee58a328

Attributes

reg_key
3b570ffeeb3d34249b9a5ce0ee58a328
splitter
svchost

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat
Downloads MZ/PE file

Modifies Windows Firewall 1 TTPs 1 IoCs

evasion

Modify Existing Service

T1031

pid	Process
8084	netsh.exe

Executes dropped EXE 10 IoCs

pid	Process
2964	playit-0.9.3-signed.exe
5744	Remcos Professional Cracked By Alcatraz3222.exe
5780	taskhost.exe
7916	remcos_agent.exe
7656	remcos_agent.exe
1796	remcos_agent.exe
6448	playit-0.9.3-signed.exe
5608	Remcos Professional Cracked By Alcatraz3222.exe
6124	taskhost.exe
1768	remcos_agent.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
5744	Remcos Professional Cracked By Alcatraz3222.exe
5608	Remcos Professional Cracked By Alcatraz3222.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 6880 set thread context of 5780	6880	Remcos Professional Cracked By Alcatraz3222.exe	228
PID 6256 set thread context of 6124	6256	Remcos Professional Cracked By Alcatraz3222.exe	264

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 4 IoCs

pid	pid_target	Process	procid_target
7012	7916	WerFault.exe	233
3988	7656	WerFault.exe	237
2644	1796	WerFault.exe	240
4848	1768	WerFault.exe	265

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133340158664231760"	chrome.exe

Modifies registry class 47 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Remcos Professional Cracked By Alcatraz3222.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Remcos Professional Cracked By Alcatraz3222.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Remcos Professional Cracked By Alcatraz3222.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Remcos Professional Cracked By Alcatraz3222.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Remcos Professional Cracked By Alcatraz3222.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	Remcos Professional Cracked By Alcatraz3222.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	Remcos Professional Cracked By Alcatraz3222.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Remcos Professional Cracked By Alcatraz3222.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Remcos Professional Cracked By Alcatraz3222.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Remcos Professional Cracked By Alcatraz3222.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Remcos Professional Cracked By Alcatraz3222.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlot = "7"	Remcos Professional Cracked By Alcatraz3222.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy	Remcos Professional Cracked By Alcatraz3222.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	Remcos Professional Cracked By Alcatraz3222.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0c00000050000000a66a63283d95d211b5d600c04fd918d00b0000007800000030f125b7ef471a10a5f102608c9eebac0e00000090000000	Remcos Professional Cracked By Alcatraz3222.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Remcos Professional Cracked By Alcatraz3222.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy	Remcos Professional Cracked By Alcatraz3222.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Remcos Professional Cracked By Alcatraz3222.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	Remcos Professional Cracked By Alcatraz3222.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	Remcos Professional Cracked By Alcatraz3222.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Remcos Professional Cracked By Alcatraz3222.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Remcos Professional Cracked By Alcatraz3222.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	Remcos Professional Cracked By Alcatraz3222.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	Remcos Professional Cracked By Alcatraz3222.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Remcos Professional Cracked By Alcatraz3222.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	Remcos Professional Cracked By Alcatraz3222.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Remcos Professional Cracked By Alcatraz3222.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Remcos Professional Cracked By Alcatraz3222.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	Remcos Professional Cracked By Alcatraz3222.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Remcos Professional Cracked By Alcatraz3222.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Remcos Professional Cracked By Alcatraz3222.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	Remcos Professional Cracked By Alcatraz3222.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Remcos Professional Cracked By Alcatraz3222.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Remcos Professional Cracked By Alcatraz3222.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Remcos Professional Cracked By Alcatraz3222.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	Remcos Professional Cracked By Alcatraz3222.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	Remcos Professional Cracked By Alcatraz3222.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0	Remcos Professional Cracked By Alcatraz3222.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\NodeSlot = "6"	Remcos Professional Cracked By Alcatraz3222.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Remcos Professional Cracked By Alcatraz3222.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	Remcos Professional Cracked By Alcatraz3222.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Remcos Professional Cracked By Alcatraz3222.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Remcos Professional Cracked By Alcatraz3222.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings	Remcos Professional Cracked By Alcatraz3222.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Remcos Professional Cracked By Alcatraz3222.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	Remcos Professional Cracked By Alcatraz3222.exe

Suspicious behavior: EnumeratesProcesses 49 IoCs

pid	Process
3812	chrome.exe
3812	chrome.exe
4256	msedge.exe
4256	msedge.exe
4928	msedge.exe
4928	msedge.exe
5824	identity_helper.exe
5824	identity_helper.exe
5856	chrome.exe
5856	chrome.exe
6880	Remcos Professional Cracked By Alcatraz3222.exe
6880	Remcos Professional Cracked By Alcatraz3222.exe
5744	Remcos Professional Cracked By Alcatraz3222.exe
5744	Remcos Professional Cracked By Alcatraz3222.exe
5744	Remcos Professional Cracked By Alcatraz3222.exe
5744	Remcos Professional Cracked By Alcatraz3222.exe
6880	Remcos Professional Cracked By Alcatraz3222.exe
6880	Remcos Professional Cracked By Alcatraz3222.exe
6880	Remcos Professional Cracked By Alcatraz3222.exe
5780	taskhost.exe
5780	taskhost.exe
5780	taskhost.exe
5780	taskhost.exe
5780	taskhost.exe
5780	taskhost.exe
5780	taskhost.exe
5780	taskhost.exe
5780	taskhost.exe
5780	taskhost.exe
5780	taskhost.exe
5780	taskhost.exe
5780	taskhost.exe
5780	taskhost.exe
5780	taskhost.exe
5780	taskhost.exe
5780	taskhost.exe
6908	msedge.exe
6908	msedge.exe
4940	msedge.exe
4940	msedge.exe
6256	Remcos Professional Cracked By Alcatraz3222.exe
6256	Remcos Professional Cracked By Alcatraz3222.exe
5608	Remcos Professional Cracked By Alcatraz3222.exe
5608	Remcos Professional Cracked By Alcatraz3222.exe
5608	Remcos Professional Cracked By Alcatraz3222.exe
5608	Remcos Professional Cracked By Alcatraz3222.exe
6256	Remcos Professional Cracked By Alcatraz3222.exe
6256	Remcos Professional Cracked By Alcatraz3222.exe
6256	Remcos Professional Cracked By Alcatraz3222.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
5744	Remcos Professional Cracked By Alcatraz3222.exe
5780	taskhost.exe
5608	Remcos Professional Cracked By Alcatraz3222.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 60 IoCs

pid	Process
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
4928	msedge.exe
4928	msedge.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
4940	msedge.exe
4940	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe
Token: SeShutdownPrivilege	3812	chrome.exe
Token: SeCreatePagefilePrivilege	3812	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
3812	chrome.exe
3812	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
5744	Remcos Professional Cracked By Alcatraz3222.exe
5744	Remcos Professional Cracked By Alcatraz3222.exe
5608	Remcos Professional Cracked By Alcatraz3222.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3812 wrote to memory of 4924	3812	chrome.exe	84
PID 3812 wrote to memory of 4924	3812	chrome.exe	84
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 2484	3812	chrome.exe	88
PID 3812 wrote to memory of 1516	3812	chrome.exe	89
PID 3812 wrote to memory of 1516	3812	chrome.exe	89
PID 3812 wrote to memory of 1636	3812	chrome.exe	90
PID 3812 wrote to memory of 1636	3812	chrome.exe	90
PID 3812 wrote to memory of 1636	3812	chrome.exe	90
PID 3812 wrote to memory of 1636	3812	chrome.exe	90
PID 3812 wrote to memory of 1636	3812	chrome.exe	90
PID 3812 wrote to memory of 1636	3812	chrome.exe	90
PID 3812 wrote to memory of 1636	3812	chrome.exe	90
PID 3812 wrote to memory of 1636	3812	chrome.exe	90
PID 3812 wrote to memory of 1636	3812	chrome.exe	90
PID 3812 wrote to memory of 1636	3812	chrome.exe	90
PID 3812 wrote to memory of 1636	3812	chrome.exe	90
PID 3812 wrote to memory of 1636	3812	chrome.exe	90
PID 3812 wrote to memory of 1636	3812	chrome.exe	90
PID 3812 wrote to memory of 1636	3812	chrome.exe	90
PID 3812 wrote to memory of 1636	3812	chrome.exe	90
PID 3812 wrote to memory of 1636	3812	chrome.exe	90
PID 3812 wrote to memory of 1636	3812	chrome.exe	90
PID 3812 wrote to memory of 1636	3812	chrome.exe	90
PID 3812 wrote to memory of 1636	3812	chrome.exe	90
PID 3812 wrote to memory of 1636	3812	chrome.exe	90
PID 3812 wrote to memory of 1636	3812	chrome.exe	90
PID 3812 wrote to memory of 1636	3812	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://playit.gg
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8d7a9758,0x7ffd8d7a9768,0x7ffd8d7a9778
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1284 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:2
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:8
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2864 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:8
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:8
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5152 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5436 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:8
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5572 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3240 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:8
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5760 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5748 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:8
  2⤵
  PID:4576
- C:\Users\Admin\Downloads\playit-0.9.3-signed.exe
  "C:\Users\Admin\Downloads\playit-0.9.3-signed.exe"
  2⤵
  - Executes dropped EXE
  PID:2964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://playit.gg/claim/91ff928999
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:4928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd7e8246f8,0x7ffd7e824708,0x7ffd7e824718
      4⤵
      PID:3008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,17796268645664220655,6549122079152353388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,17796268645664220655,6549122079152353388,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
      4⤵
      PID:5008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,17796268645664220655,6549122079152353388,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
      4⤵
      PID:1720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17796268645664220655,6549122079152353388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
      4⤵
      PID:3800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17796268645664220655,6549122079152353388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
      4⤵
      PID:2364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,17796268645664220655,6549122079152353388,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5084 /prefetch:8
      4⤵
      PID:5576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,17796268645664220655,6549122079152353388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
      4⤵
      PID:5660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,17796268645664220655,6549122079152353388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5116 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4576 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6052 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:8
  2⤵
  PID:5652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5636 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:8
  2⤵
  PID:5656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6148 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:8
  2⤵
  PID:5580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5248 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6440 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:8
  2⤵
  PID:5916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5128 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5696 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:8
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6116 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6364 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:8
  2⤵
  PID:5548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6328 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:8
  2⤵
  PID:5564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6356 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:8
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6392 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6656 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6628 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6652 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:8
  2⤵
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5072 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=4408 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6448 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6176 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=4572 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4680 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6820 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=6764 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6792 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7020 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7384 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7392 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7676 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:6216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7736 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:6208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=3376 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:6556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=7988 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:6664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8344 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:6756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=8480 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:6864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8500 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:6856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=8876 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:7084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=8856 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:7076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=9124 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:6424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=9244 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:6432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=9232 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:6576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=9620 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:6740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9756 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:8
  2⤵
  PID:7324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=9988 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:7380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=9908 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:7464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=10072 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:7496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=10224 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:7680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=10328 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:7872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=10580 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:7972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=10508 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:7964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=10500 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:7956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=10492 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:7948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=10480 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:7940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=7692 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:7792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=10588 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=11652 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:6164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=9924 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=8884 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:6708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=11480 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=11524 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:6612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3324 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=3668 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:7556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=11664 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:8
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10172 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:8
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=2516 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:6704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=4692 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:7452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=8504 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10284 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 --field-trial-handle=1876,i,5899679362038787351,5336824964318714367,131072 /prefetch:8
  2⤵
  PID:7004

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5236

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:6060

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4880

C:\Users\Admin\Desktop\Remcos Professional Cracked By Alcatraz3222\Remcos Professional Cracked By Alcatraz3222.exe
"C:\Users\Admin\Desktop\Remcos Professional Cracked By Alcatraz3222\Remcos Professional Cracked By Alcatraz3222.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
PID:6880
- C:\Users\Admin\AppData\Local\Temp\Remcos Professional Cracked By Alcatraz3222.exe
  "C:\Users\Admin\AppData\Local\Temp\Remcos Professional Cracked By Alcatraz3222.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5744
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c copy "C:/Users/Admin/Desktop/Remcos Professional Cracked By Alcatraz3222/Remcos Professional Cracked By Alcatraz3222.exe" "%temp%\Profile Remcos\Update_Lock_Remcos.exe" /Y
  2⤵
  PID:5880
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c reg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /t REG_SZ /d "%temp%\Profile Remcos\Update_Lock_Remcos.exe.lnk" /f
  2⤵
  PID:5204
- - C:\Windows\SysWOW64\reg.exe
    reg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Profile Remcos\Update_Lock_Remcos.exe.lnk" /f
    3⤵
    PID:2176
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c echo [zoneTransfer]ZoneID = 2 > %temp%\Profile Remcos\Update_Lock_Remcos.exe:Zone.Identifier
  2⤵
  PID:3236
- C:\Users\Admin\AppData\Local\Temp\taskhost.exe
  "C:\Users\Admin\AppData\Local\Temp\taskhost.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  PID:5780
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\taskhost.exe" "taskhost.exe" ENABLE
    3⤵
    - Modifies Windows Firewall
    PID:8084

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:1220

C:\Users\Admin\Desktop\remcos_agent.exe
"C:\Users\Admin\Desktop\remcos_agent.exe"
1⤵
- Executes dropped EXE
PID:7916
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 528
  2⤵
  - Program crash
  PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 7916 -ip 7916
1⤵
PID:5916

C:\Users\Admin\Desktop\remcos_agent.exe
"C:\Users\Admin\Desktop\remcos_agent.exe"
1⤵
- Executes dropped EXE
PID:7656
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 488
  2⤵
  - Program crash
  PID:3988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 7656 -ip 7656
1⤵
PID:4524

C:\Users\Admin\Desktop\remcos_agent.exe
"C:\Users\Admin\Desktop\remcos_agent.exe"
1⤵
- Executes dropped EXE
PID:1796
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 488
  2⤵
  - Program crash
  PID:2644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1796 -ip 1796
1⤵
PID:6780

C:\Users\Admin\Downloads\playit-0.9.3-signed.exe
"C:\Users\Admin\Downloads\playit-0.9.3-signed.exe"
1⤵
- Executes dropped EXE
PID:6448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://playit.gg/login/verify-account/260464
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:4940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7e8246f8,0x7ffd7e824708,0x7ffd7e824718
    3⤵
    PID:6344
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,2355014369055319869,17045902276689503198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,2355014369055319869,17045902276689503198,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
    3⤵
    PID:6904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,2355014369055319869,17045902276689503198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
    3⤵
    PID:2776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2355014369055319869,17045902276689503198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
    3⤵
    PID:6012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2355014369055319869,17045902276689503198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
    3⤵
    PID:332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6552

C:\Users\Admin\Desktop\Remcos Professional Cracked By Alcatraz3222\Remcos Professional Cracked By Alcatraz3222.exe
"C:\Users\Admin\Desktop\Remcos Professional Cracked By Alcatraz3222\Remcos Professional Cracked By Alcatraz3222.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
PID:6256
- C:\Users\Admin\AppData\Local\Temp\Remcos Professional Cracked By Alcatraz3222.exe
  "C:\Users\Admin\AppData\Local\Temp\Remcos Professional Cracked By Alcatraz3222.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5608
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c copy "C:/Users/Admin/Desktop/Remcos Professional Cracked By Alcatraz3222/Remcos Professional Cracked By Alcatraz3222.exe" "%temp%\Profile Remcos\Update_Lock_Remcos.exe" /Y
  2⤵
  PID:452
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c reg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /t REG_SZ /d "%temp%\Profile Remcos\Update_Lock_Remcos.exe.lnk" /f
  2⤵
  PID:5476
- - C:\Windows\SysWOW64\reg.exe
    reg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Profile Remcos\Update_Lock_Remcos.exe.lnk" /f
    3⤵
    PID:7704
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c echo [zoneTransfer]ZoneID = 2 > %temp%\Profile Remcos\Update_Lock_Remcos.exe:Zone.Identifier
  2⤵
  PID:7732
- C:\Users\Admin\AppData\Local\Temp\taskhost.exe
  "C:\Users\Admin\AppData\Local\Temp\taskhost.exe"
  2⤵
  - Executes dropped EXE
  PID:6124

C:\Users\Admin\Desktop\remcos_agent.exe
"C:\Users\Admin\Desktop\remcos_agent.exe"
1⤵
- Executes dropped EXE
PID:1768
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 512
  2⤵
  - Program crash
  PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1768 -ip 1768
1⤵
PID:3280

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
20KB

MD5
eb10db7dd8f95867a80d9f039b60e515

SHA1
85fa59d762b93963a4bd849cf744b949fd92092c

SHA256
6eb792397b610366288be96c856024ed5ab2776ae5d9f917811c0fc7ed236ffb

SHA512
b191929caf80fa063acb08854f692490c28044cc87da81e415dea853443dd4de0ebd684fcf5852363f09f09e14c0910db54b67099defb232bacf3addf0ae3ada

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
27KB

MD5
b5303c458b0c8434aae2857517198bfc

SHA1
14d23d4ae588d0926ede0cc6b67762fd98a801d6

SHA256
f3e21bc2d40bd55d102f896016bd84b4664de41a2f62a5405975a206b8082863

SHA512
3075730223d16a0c9f46e80566e0ece2fd38f1145ad17f8cf0c12b274321e206ff2efe5fafbe6314c4543720f608d0ce86399bcee67233e4771407245dc0df7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
42KB

MD5
229294aae46bddcab5cbe6e6fd182186

SHA1
59fe76207f13ce0c5488ff6f8c40cbc84116d3e7

SHA256
448b01d4629c8af3d16875463ee708bdb149840541e9b422cc8a7c7b5b021225

SHA512
c2766ec4bb7911ee6e5583694f5bd9cc3452403fb47e86d662506e452d8ead000252f850db6eedbb5fca8c201a467a0d8d01f2568305fd7e5600531019efc4ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
48KB

MD5
3f496739e406e2d66b6fd33b5d799ec2

SHA1
8ccea3c14aeddd75131b7f1428873b7817699e92

SHA256
8d6c3fb2cabb8479789c6593a92ccd35ae52f9b53b5340f8b2c3015ed1492d23

SHA512
20f81c3accddec1a98f11f5e51c34f5813c8e5dece31ee99bee89b14a0c10318aaa6432fabe0e0302d196a2613516c10829a507fb9561f516f2fc85176caef65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
151KB

MD5
be4dccbe54eea47a0ad5d7bb60a3c17d

SHA1
1979128e8ba1517d85f5e4ee505abf486c51557c

SHA256
52bbd916956b4ed8b9d71d1784e4008b207814ec506203326fb36052f3451adb

SHA512
7f7b2964cbeca667d4c26a208be85ab5cb77bb0817318fa3b9045643475ad50b0686427f71588ce52f340df9d030a979b12282da36d9cecd02e86962ff21741f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
54KB

MD5
661a50756bda6ef8a634f92b43b81fdb

SHA1
9f22cb3fddb22933bd6b1a9affaff57646105cd6

SHA256
9ce18e60b8c9a312d4a2064a8f2c1b1fa6cd5c3ea260bf0617266755115d4058

SHA512
3fa412dea07401ab30453fdf0303ecce7e876b7ac269c7ecb77fb7b79219f2ece82b4ea84e5c9975de507e1596edef05a34fa95157d6e7e65799c7a94fcf5e0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
55KB

MD5
fba312478200b967723bf53e7f3defd6

SHA1
9ca9337ef4ead1686095143032f5fc6de54f207a

SHA256
28aa216fa4a1167ddaabd4cf981c541cfd3873cef069ed59a63f54b333af9769

SHA512
6e16c58cfa6381c30e26fbf17e61b64861c166280f0bfa2edbb85488e8cfe5ed56d34472be9fba10628a143eb9bc720db7d33f83e84a492bea9c8af3be4d5fce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d

Filesize
19KB

MD5
49943bc015e9713f646c021a2f9a7f48

SHA1
7bcd637eb823b04c425775fa8c914e8b8f2ac2a5

SHA256
f6e0b13ad81727a0d9317a3049fd06ecf2c473060e9d6e4f8eb564a1d82ad289

SHA512
2203c2dbe9482b0b351a3f70ea0ba9f63dcc87a66d4a4db63a060dd7dd04cb73a73bced407d57c2bcf26cf7ed78b18c7555c87b22db9bd744cb6491cd040305d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
e6a93d0856ca4f96f7f4f945015bf90c

SHA1
efae3a2df14fb71650fceaac8102e6e65d649e80

SHA256
fe7a5d7db0753ad20afb6c4c9288d216c8689556e8697d46f593f522f9abd786

SHA512
bff7e1c01ae291bc99b5ffc377bb7a9b8a5d7ef3ec74038739075c4f7b495845834dfa49a680163076627118c9f26ba8288dcccceaf557d5c32ffb6185e2ac98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2219836efb1470dce202c719e9390662

SHA1
f01776f8b42123f8ffb5a5a7fe32aab73f36925c

SHA256
0976b4ca0268a084c2d77c6d895a7d9e38a4adf753756b24b1aa2e795a48510e

SHA512
23db48f256deb9332d06e2fbb4ce5744f96fcd95c7866ba4deacf927d5b32f87649a2e60947f644eb67a4c4986fa74368df73a390e6d849018ee349b7b2547a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
ca3c33f4b511747ba4650556f92aefd2

SHA1
3bb81967de80cc0f9b49fb0876a04164d3a1c9ee

SHA256
a3ae42b630eecd6f9f55ac747593630d2ca134fd81c7675a4686cec434b68b9e

SHA512
71b3ffbab3846ec6b187b235a3a963e3e7f63a0060c0e005b49b9ac93ce46873b970d7f810258a8f7eadc20b66761c5af9eb14f524373e957feb264d78b89e15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
46982a9f91749cc91f4e1d84a75703dd

SHA1
71baebec5fdad1348ae781b36688dce05e56cc6f

SHA256
c2604c468fc578da1cdd3d66a0f4315a57db9dd85c9fa99f1125b4b76aece662

SHA512
b2d90936e049ea8a7f3b772d7c099d5b4af30ee20f11c31cd5a4c8a1c77a1f957c3d354b12461f21ca55f7b0e51ab7c7e72a775a6a5e7910b7d0b01deee2a888

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2559714bc1fee44ad659cf65cee171ee

SHA1
4091e029a9f5ac047d0caee620d15a3368a000bc

SHA256
b4fb83e66c7ea3d48f7d011932e250945e5e1ff2152923f6cb529b4a631812fa

SHA512
e7640d539364220fb49288f469c4baa38fc75bc31f153189ee7a53e91a34d5d7e5f7ee455aa1f781f420bb31b63f7c3a29d8c5ab867862a13802e4360de1e657

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
a3dba4adda82c44e6a008ea59c2184ce

SHA1
2af0a1dd33fbb56964543f8e51dbaeec55ab57d1

SHA256
80725c13693a5e3d682704a20a2281a26a012c0dac5a9a901a1909f847b57018

SHA512
189397b5ad6bc73b62f0ee3a14bbbc1923cef222c27b10e8f90703328180a458c0525a9f1895f27c1a880eccf6e7a214315a4af5c74cd79ded1dea0b7104c330

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
b1599020f7897685afa0534a086b5b78

SHA1
39dc66bde08d0d16e9e18da4e7cb4bd815878b28

SHA256
f7b3b57e1b7a1c8ea0f671833e5462040c3a3549c776663c48466446ad0a2db5

SHA512
154bb2571a2d074a492e11ab70e0a33de377017a047619c052e062d5b7ab2afa9dfff80391fc52d28bcd3c1c399338779b4a7ab8eb1a98d9e38b2177cdf4ed61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
0986d4d8f7255dff994a096df2a3294a

SHA1
20a78acee9b9bd4319e6a19e53ab7ab7f1a78000

SHA256
26f514de0418fd7dbe94c5efb44840837ac92f18414dc0ddd4df39b7064743b9

SHA512
22b82bedde582f185531a429383dbc801a4e54ccf5e82a828f51a8dc10b56229eae0287e0c0eebd94addb68669bd80148e7a8a93e88aa61ef07a3378449e18ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
43f1b568dc5fbcaf15b767d7aafbe92e

SHA1
94778e29d06abf8d93419b8a1805efc86d28321a

SHA256
d5c6e6904dc1b8e3272e5e3583620642b6e37df2f9197cd6f5745ac801cbd908

SHA512
639fb7b77b02ccceb370222078ab13e9d2ba6149dfe84fbfe5443ee1ac9c78481d6cbd14597c60806265a2d14dff7e87b3eb4a62068fa37991abd2a64ab11171

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f6784ba6b7fa73adacbf494189e50915

SHA1
547372177209e19581001e1ad65a3833c9c9b31d

SHA256
3941d2c1cb40b6533e2fc8f9836ac8735ec5980da7aefe7e09ff79921582d5c2

SHA512
2b360f4c4bc695787f6b9aa106e469dc61337592721792e7e537c752f000346544e8a419c9be5bdfd45c0892b68d0fabb62410e795cabab8e05e46321931f2ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
1db395cec3add2b7f95fea3769dc9274

SHA1
4a368d4e8e55c7aa4e4f5b9d3160aea2d956e620

SHA256
08a160d62179a4cd850d4ecc6540d717f6a7277ffa20df6a9c71ad055324d65f

SHA512
7c663dcfb8a1e1deba11e51fefc4f6bef129f49e8e573aa128e1899e9a93d3ab8c2aceae905d97682187a038e2d29948e5d644803b54a297942b15689d2bcc22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
c389d98ce12146987c7049cb6bda88a7

SHA1
cd42cc336368ccd9ee9838b38806fb27afe006b0

SHA256
48333fe29ed7dbd1bff072cdfd0f3f3d48cbeee14de118f9bb611f5632f491a4

SHA512
702f6dbe5075f0a3950e0ee95d6539249baecb9b845b70882463a1c9207075751a662151074012d946fb3e0a32243cea0d4cc20596080ef645e8d4199b949e14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
29eb5146eb200eb1aadc6fc798f19bf1

SHA1
9a6fc8b06836578d330f7e256dcba3f4a50087ca

SHA256
3697ea9775d48f9afab5da1a0985a9375a05212b5e5f7d13849b74eb3745873d

SHA512
b4d08a7124fb746564b4df560d568f97fb7a7bc832161631e7cc4bb8038a3ea10e77f51a4e07322522f6099aef2a5b220092fd568b4d147e7d81739a39129805

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
983a7e8d5a8387a94fffa470d6e9acd7

SHA1
3377c78ccfd4c6fdd2e22e3cb8f919cbdf8ddd43

SHA256
16d0c945e772ed5f6eb73b0177e99183e38d4c28579fe56223a07bb2611efb1b

SHA512
45161746368960d5210861eca9a439fbd7155072ec63367f08bbcab6ef56a6d98acab672b9c8065d3212ff4f96dd7e58b7dc73f6d19ddd36df26f61db2101b3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
ad7e02edc61d18b6f8f54ecfe1430b2e

SHA1
e9f8a15cfe5ba533c0ef596be47a89c2ba734291

SHA256
44bee9aa4287c7acd6221234ec3e0d9fe1edb3b15d80a0210bb83f025b8e822b

SHA512
c2457330f5388a355acd56f255df94387bcb10231406ca5b71eeb987a502a182b22d370f117255f429e0e9dd4e0873e86c18fc536c39317805d9f0d190d567b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
6be55bfb6a7fe7f5a20a322e975acba8

SHA1
21885f18068368c1220a2c6d9f79dae09586a250

SHA256
7ea9eefe5cc812089cf42f8759823d6efbf15d8c924770b4b47b4869deea19c8

SHA512
5905c82bcca0db04a3764e805b92167ccfd48f078c2775771b18bfa6ea859ffe07968ec4b7a9cbb626026a573989d97afc2021e211221141ed483fbb305d0993

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
778a69c32e01053dc378ab31af5affcd

SHA1
87d8ab0ef6bc912a1986047c8141b23a44e647a3

SHA256
1b3abb7a005a0726a3076fe3cd1aff896a1737762b54bb3a3bb4c42503cc5d1d

SHA512
52a3fc166fb6aaebbb1ee34a09bc7163de8b21cba85ec3796209fdf6c5686359c5dab902a13ffb7c793fda7e581a6dfc82fb7056fb9db35dafb33847541443dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
355216c143d4a3d40c5e6100acbb6384

SHA1
df652ab103b01a35af0d7ce5d61565085b7754be

SHA256
29e9801dd3f91711403c1ed331f9fe83fce306ac0648922994a4a89c8546b267

SHA512
9751ca348ba7bd47dffed448dab0131d067eaaf11db569536ad81e7b71d462e6bb011a06f1c8ab5d948906351fdbeadcaaf5ff7a97b932b9083bae38f2281683

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e67e9c665447eb8622072d5878675a94

SHA1
c19893df7eca7f6c5ca4241a5ea5f25b4894b723

SHA256
cb2bbbddcead50f89a6a13b0880f573e4024b6af8f76d993e17a8e4517cf5856

SHA512
f94d9e0f170cf19328dcf325cebc7f45690b95c5ca084f7655641d680f55d8c6e42d17e680d965a2f45d1dd57338af10344d90e14ad3c748b75b73d5fc3d4f72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0e39b9f2005ac3547904c249072ff75d

SHA1
aed0894eb01bf32988dc152e5db99bf996539328

SHA256
5032d7c015f87529e3fda6e3d69316cf881eb4722f69269f923bc31000da35d0

SHA512
344fef6de7ebda3efed976308c9c152704bbd2aa613b4574d340f538dae85701062d668b2a76dfe75f68823400dc7974570249799def5d0abd5ebb135ce22571

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
27218c5e6215dadba492e9e949a6b823

SHA1
8a5aa3f10853d31f822bfc3a84d47bd40fec6d9a

SHA256
d1875b5e96a8ac65421022aa59e4665ae07f64b246958bac7d5875736b6e8f5c

SHA512
20514c9e301556445090447dd76122be9c16e657cdc100835f72a130af6b65657c6b92a1ab41b951e4fac79979e3c709d32d3686234c51820811157f107ede0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2094777d82befd2636de841582db6cb6

SHA1
9d96502d64de51ce19dc0d41ff46be3e99fb11ab

SHA256
3e8b1751092272ee4b277af7a8af81384e3185479746e7fecf6ef133c843744c

SHA512
88e06fd9e907b0ca0584215ec239ccc58aa4da3ef6fccad4f48142c7dbfea7162fbea2946c48d69d5ae76d6deb470db9400e4d3da663e4d857fbe337b90bcc9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fb327fe02e6fae231a872cd55d1d0b8f

SHA1
780b47d15b8391aeb49600d8576d065d23ad779b

SHA256
cdfe313561b7bc885b87f492bb796a63fed6cf2a6fc7a7ec9b039181601bafb1

SHA512
cfc21334a3472b58a723467331f5a29a3a08213f5cf973b295db8883ebb2cc15bbd0ceb201e50ed785c6308971c8404b58f0028a541ef9da958b51271f1d84f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2a94e709b6cc029871f02a5395f16fa2

SHA1
adc2c11034cf54103784735dd34af35296b9b478

SHA256
f6a0c3df8120f791587701afc68dbb954aad552c7ec097eb8c06ad68a1312b89

SHA512
b8b27be79277c8f0cb065b14401ac5bdc958ed08000b3304c4090ce02dcc1466227006b9acf737adad55bd40b5b2a1ddbc6f4493409825e4d6c42aa0e1cef001

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2d796f1b510500b128a07573eb2a3f9a

SHA1
51f1e53b8646af0c9ed7a5d71f3e2b1613208faa

SHA256
c1a3d70c15347acea2cd9a668217818e53df059f0f30a394f765b8778362b4bd

SHA512
4a70770a0ef88fc2cd78f842ee49365f881351576ceef2b2fbb74625eb43e8ebeec2bd1cc059f4ea6fbbd65498a7f31801853424f86a24d975573e4b26a45549

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4e5a1f6a2eb5b8b14652b53fcb61c8c3

SHA1
bdc0ed6401134f577dc2b8465204635c27b44679

SHA256
55febb55225bfa2a15711aa89e66da4a44345e318ea969f1cdbc6a6d080481a6

SHA512
a4db3152a1d83f8f9c2fdf80ca4e4d180ff2ff7ec58c5986d9fc9702cb73761765aef82bd373e8d8a13156b95b0b757126a86a751678eef5fe6b8671e33c80e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3357e2767c7a628ba7877a11732bd889

SHA1
832d82dfe976509c983d97e3b241ee25fd1d7172

SHA256
8d7cf499083df7ba213e2db5e0cee0f475423c1f05625c372fecf1c4652335af

SHA512
9fd94cb068018d49cb406318c6c0b98d3a58761e6e8f4ed71ce4eb21635bd24893c0e46aacc5a38e479b3a035ac9cd5506220e9e61e5c4babeecca71cb382f31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
cbe08892d0cc105d3d9ab77260f16ebd

SHA1
92453fd62e76a8c90ae562c60daf02af8010003d

SHA256
c505f6134f74b151655c2959768e58a161244ccb4e29fa2ffc3862790e0aba7f

SHA512
f099974f871235e5cd37d0a2a8794a7ce441e749977c2f8bb530c13a5ead5122754b77c3752860e9ce336748dbbb941877ee32eb61d342e6ab252a0a29a0a009

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3c02bceda31dc13db20d8c0960c5bd85

SHA1
8c4301029207b4a0b2334ace313f38caeaa261ed

SHA256
d069c321070abc0d0942f2fcffaa38fa95809c5aedd1f86f496564e272f60c3d

SHA512
2ff90ed0155cf8406075c128c84212ea252c12c43e82a6f17a3bb7bb2445736b4c4ebd26be482b40b5761341a7335d58e8b6ecd9c60a815355f862cd064063da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c60c938fab9a3813f147c2e7c5c37b7f

SHA1
5b67ac65764b148c868fecab64c2cb1734d2c10a

SHA256
a608930496dcb96f9a0ff765d176395cfd70a2e86842c66d19de2f233e2221f4

SHA512
112ef0df6623a8e5c0bff60626daf4e6584030abfb6974e708b4b1138c992b559b7aa1f39fe109bafc473cf56341c1325c7085f368140a26b7761123b216a03d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Search Logos\logo

Filesize
46KB

MD5
ed88dd4ef13c9614f7d5b705ab4d5fdc

SHA1
65ce17caa146f5d02bd9bddcbd71f6325233abba

SHA256
92e29c4f3514c4aa8ce21d46e12608c22e882c2eb5c542b4664b69efdda0afb1

SHA512
9701b6df71a181a492be7c86ee8d61cb07c56ef1e381f49f52ab151542a7fe20e0b095ee00c7742bead0e5bd6aa983e91757ca2615c7fa57bdda5bcc484fbdb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
f7367104207f02a0ec1d405522062e82

SHA1
a6b50716ebe733ed39f15f79467967cd8e8360a8

SHA256
9c1b0ea2c6ec2f392a9e0148b83966eeedd90b8d62407bc7431cf7e403539ad9

SHA512
b6f5a5230d0c25e4664622f70c232507eecb7be7ab7ffb6cef5b2efa07bd3b2d4d55bfbeec8a08018112149f27904f30df29cdfa02aef4008a647d96d54a6050

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
63adf112fee7fb044d21a0c1429da1a6

SHA1
220072d492790eb7a13cf7d5c2c190f0de5f901f

SHA256
41db3242a30776d32b0700f95f66261a7b5abf828a86744ed56a809994ddf328

SHA512
84bbcaf8bc741ed81fe89dce7200a2ae8808a4e4ba970b332fd9937e42e1f3312ebeffabc18156365fe65cc240f7a0650f9ef491a2a5b7819551ef1c98fb569b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
9b5deae4b85b887fd96a0d77c13f0aa6

SHA1
d0bd6178067a89eb8c974d8106f1781eca12f9da

SHA256
081a651865e0a6153fbf7b012787b0df645d8a0bc1cd797528d60ce6f1521e6c

SHA512
87cc604aedb2c10593d172d2a1fc08552636c3bb114b22f4fed37ee12f9b39fc6343de6d0e91934c8cf154cc3e841af1a1474570eb0c90cda48c6ac47b18b6fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
8ae1cfd981399346d1f794e853e7735a

SHA1
db160e67c61e3e0a4f6b99624d0fab1a174f9a40

SHA256
344dab365bdf688a04aba490c5736a952c5588501ee317cdeb49b8015f335dd2

SHA512
f419591302ee6642dc292768c58d2f84a3d331440ce2b2981a13eafa0da376827f92f718825eccaba574266edd0b41a70a80ef8eb1a4b47d19b23b37f7c38d84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
43f7f4352278fc2e716a7dcd528c3d1b

SHA1
e99fd7429b380a623fec23a46d69ce5ee3da312f

SHA256
3b0df629bcff4aad24fe14fe0b313219e132fc5d026d715900327eb6d1100547

SHA512
a82cc59352b1852ec552b737bfbbd703c8d1c495d2cfd953ea20ab7fa2d854ca563babf33079471812e8d51849165c447f48a007723e3b5a42fe3bf4679a6608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
3a6fe3287d9213a88f3a8dd6e313d64f

SHA1
2e15ceb0ec48820d37493d5df244f31dbb5ef461

SHA256
a4556d63d5a823543e1fdb49ed72e1dce939bf73cf42373d2f035198de07b5fe

SHA512
112f34ea842af163d050a9c8010da2ff24cb870e873f22e08d473d7fe70371ce429e01ef97903d70513e74221bc1a6ee1c17d03c78f46bbc27dc3368715a462a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
5be1e29d7b0d47c94e2787124e355db9

SHA1
9f952448397e0645091a3b0f67cd0bee98034ccf

SHA256
aa878dcccc5672a006d7764e5c94d40276e579f54c05467116ca3790b07aabfe

SHA512
83de62502cff20a975a146c6a059a4103715673681510f09a9996cdde38e85e1437bd80d6f3da981827fc66d5990144eae613736fe6b76ccf3c92e41371ccaa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
116KB

MD5
a8198af1afe0d3c86df3b38224eb1a85

SHA1
d3c42597acda03801c105d1612fe61eb59ab79d5

SHA256
58ab8623a00d25f92fa24bea4dbab0f68614f39c396dd8ed0149e877fb2b26db

SHA512
787facd7c366a87a2af5e637935d745ecc16afe2f473d284fb4017b160ce011a6b79554953716023cc734103454b3bf54b42f7d5027712c0026b3bb1e60d77c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
120KB

MD5
0934ab7ee6eb5bc3b0686be1b46b3738

SHA1
0b81c2ba3d43863620d0e2b0eb012aeea8d8006c

SHA256
c975b044660cce790be7bb6dff56c11618ac632aba8b10b531d4cafaee337857

SHA512
230f050bb20ad028e27adaa9949cb873a0a5d2d622ef9e406e8f2d074dfa1d4885d24988d3d07996469f8856166ee5b867c382e282db389bafdc36337e92ea50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
121KB

MD5
9688077347cac0051992ee0403c2fe1b

SHA1
1cbc00305da10e1691333bc9840b7006291aa0de

SHA256
11c65b28e97270fdeebc7c1e6d827483ee4f124082a156b5f57d949fc658b5b1

SHA512
9fed7dcf43af3d597f197f0b77cb720793579ec130ab0ed147f3dd8f63a9ad6cfd3f12b16db40646e19b53c2008134b47b2ffb901320c9a775a81d4540461bad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
121KB

MD5
b705b863534dfcefdb7d01cf9581dc91

SHA1
b274a7b58b8843e565441ec1592e2532709f99d1

SHA256
0cc0f4d9d2bb19223d76f7e0dd42944fdf9e1ba545897928bf29fbc534b41cea

SHA512
09f0f79b546dbd48813a13b14cd3133344c19b9e7134c51c030de739429546880d5eb66a2f7f2a0c3dc5ca2ba71ddc0723167705b2dd07e7b69ed9c4af583bb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe585cf0.TMP

Filesize
114KB

MD5
f0fff9ece738bbe5c8116ce28760c9b8

SHA1
2488805e05e01f37a6caeda280bab2aeb2e6a3db

SHA256
cf8697d189482e13d615cd0f26426982e5255a92f9cf3e9a6b2b92c179385fe1

SHA512
0bd99dbe59a8fcac4ecb915b2f75f92230563a9f73d9c2d1ff12d606fac15a960df9268321941c41d1dc1fa416baadfc6f3a30cad2d884b5f7ab2dc82a67002f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4fc1a6a29099c2a8880133ad2ea9aed7

SHA1
4e1ee1085117b0ae793e8f9483819402413c4d6b

SHA256
216696ed5ce9c1fa1603525eff1d2ca235b26bd35b632a1da096a18f433b7c6a

SHA512
d567db7ffb9e2e029082f80f8ccf986f5b4874de28b42db8a4c2400f88a35b7e4a57f67ddbe1145cf5cdf3f9ac03e86fb4d8b03c97b2894a9ce51ef9e18fbd4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a3d482fa9a67c45570eea0479fc029d4

SHA1
6a6c333f00f901f2e4bacf1c99fbcb3b68dbeb04

SHA256
2f24738db39300243f76284f05a1ff044089a4841373c9e0f1fad6a17d32add5

SHA512
78dd2c0a4cdf95d890c4463bf3439030c891fef25fad60dd76b46a331cccb3016b6e306048342161ca265ccba25f1935515e246f5261a08e5852a5489696eb15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3423d7e71b832850019e032730997f69

SHA1
bbc91ba3960fb8f7f2d5a190e6585010675d9061

SHA256
53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

SHA512
03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1d308af5-1604-4687-a554-515a7db69166.tmp

Filesize
6KB

MD5
21aab10acac0fc9adab0d635fe1e5092

SHA1
2462803d46c1f01ef73d440c50c10b69087af3e2

SHA256
fc50849132e0c527d8023dc55ff170c8bae0287822f35fad701fa0aed51d433b

SHA512
3032a71ae70ac0b495e4d94563dc70723810a73741fd5b8035567de098f4a98dd2808a01abe9150e57e7f8c60367fa1f036887614237dbae8ba93d50dd339d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\71ac2c44-fb41-424c-8053-b2d97eed790e.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
a4444c6009d796cb617f34924fc493fb

SHA1
fdad50f982324691b0dda0ee4b09de43bb325ade

SHA256
bf5f49fd694ae77ea37e08b66092d16fbd9f0ee849103fd096135a2faa1f904b

SHA512
86c5843841b2b083e05e8df4996a8ae3e9372c0b644ba10889c414f744165e708120ea1f850dd0ba71553a621d5f6be60c27fa754841bc5c518d4c1e551a21ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
80b1c7043ab35f0208d235edf9906748

SHA1
735a346cf774736f7be8c26c74a18670d9dd4774

SHA256
c7fc4fb539de4ef1ceb90cc4bf2c19aca3f8ec3563d9c7b48437e0e883e19110

SHA512
ed594fec6bb1cdd5f883e3d2fe1335b11d2c9a527bcd34b17203312d4430dd66ab3069639e572f59e6dc9e82e36b10da187602366f9d7d76a0e7f7f6b5b8a047

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f54e1062c36e8a69e9d2e0c271bb162e

SHA1
bf772f81b13bf0716fa28e1938d34d645b4e5e82

SHA256
63aec4fdec4a44c1de9bc3b3120f404965121b236d888f96c88bfd3cf5d48b6a

SHA512
e76dd99c7f5ccc7786d8598bdb55ad92cf939365a3cd61cdf49cde47c9c90ffad3c03448eafe5597eb0106e61b55b7d91da7486de5ad71a8d2d3ebf377383552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d8376505d80380a3f3fe7a6058ee7e15

SHA1
09ea14854809291e00a6242834e6f44b0b07a8a7

SHA256
d1f3370547ba52aef64d958bc5587e9e54435a3e3b91a178076aa98311afe712

SHA512
6568d1172f13dd7957a5e3fde980d55f83ef922f98933290559dd2cfd11ddcb94e02b753d6efbcfcb58c53c8b8d2118c587654107599576cf59e746e9a2b8000

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6478d8bf0f47c982c7a78d64ba41da3f

SHA1
20888b01d0c5f147053b53e485ddddc39073ac8e

SHA256
4f1981fcb1c9614b835a0338583e5a4616c42138e8f5df6a14af19ddfa04fa89

SHA512
a8b6da8a52b34ce54ffbced41b6f507e5f510df0f6d1382e14121cf7502173dc11f0c5752d64d80e42a6f9a1c3a10278da07a14eea3572d894e6587ef04b7850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9072c10b482e3be033f2e8f76d88a7bd

SHA1
1fa8a963ba1ace4d90089c9d42bccd082316e4b3

SHA256
c2142befbb9180492b2d4ddf49d4a84f84fb6130a3d391b1c5393ec203d11c36

SHA512
18111297efa70bec905af7637ab78d982873de1002f60f4c1f7c7e9ed79ec34edb964d884d6f78b3b878c52b7eb3447eb059c324c4e8e46290531b702a35a19b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
abd65d08d82c49029498834da40c7576

SHA1
7e75eaa5666383f4844fd7ca1a2e7d9e4ef502c9

SHA256
a4e576ea63453d3a0ce9d81beaf08023e9cd0723b8142a14a883ff1ea21d2b96

SHA512
47a3c461fa71987a2ffe01e785278d4af2b12e5816497e6295fac43314dc234ee9de2fcf05997600469724308086991dc36f34da016b04f896258f3c6f1bf2a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
47ab3c2b143ad709adfaca16946528b5

SHA1
18574357ec5a8b8fb9d08cb7a610f656f504eb60

SHA256
e1c13cf6c5a824cd403b883d4091d75c4daab1ad85592ae568bc0583e992d04f

SHA512
4327978c8f7ea4b0b12e78e6c65fcaf74b99445a45766f9bf4c85e0280df032781184a37e55851b8ae39bc881acf54e3e50d18b927c6f06a9003cae6309c12fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
48c123490f621b1e63691db42e0ef0a1

SHA1
cafa8a1c0f0607bd5ea98865ab34d0e6a5bf4571

SHA256
cbaf1a44976794869f6be64579b1377ed4cb88b3e9259ebd2ee73ed1e7c90ded

SHA512
77ca86addde42d45692218239f0697adf6e4b7875f5bae5075fba81781a58c1459900c5639999320f8dd572032185e91f733666e9537fca853dd6525f137bae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn75C0.tmp

Filesize
1024KB

MD5
f12357af0507426acf2793383dd1a2eb

SHA1
efec83c9e74fbe710bf07b4976834b1f0559192c

SHA256
b81c294b3979a0e76574b1756fb0daa49114d3980fc630b7531500d7ea70c7ff

SHA512
2f3a84190a9ebfa19efc27381ab70ac3133a37dce9e348e78477d2ddf93c0c3c16ba5ae1ef95ed0a76acb3a8be90bba1fa6dd4cf76d7188dac21c0e4af3278fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn75C2.tmp

Filesize
1024KB

MD5
8c0c57ea0f2654dd809606f740714b4b

SHA1
322c0025f554657826c24685cad38c3f053779f0

SHA256
9255573ad148dbe687c0114f87ce6672fade008783cc7d95549320d6e4bf074d

SHA512
325ca9b3c9d090873d843fb623583fa39e6fa66609f32a0a812db8dab29afe710b056bd59edbfe020aab61d84844e65caeeb6338bc18a9b482405fea01f668e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db

Filesize
1024KB

MD5
a8d0c69aee8e931edd00578a13077fba

SHA1
6285873c04bf66f43fed0d7caff3afde34e827a8

SHA256
6f5803b2ff1b71d3c9554e3467f33d028070982bffd0dd492aa34fee69e0300e

SHA512
5aa40e6bbb55352ddf054b011de7a3fcffc347c0b787934480db8a21fbc762d31d8d72adb22a8835f865b4f6b6ec7d44eafe718247b7b6332fdfeb2a21f81ad8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
7KB

MD5
c9be088129501027f478eb93923ec052

SHA1
1159621373338d75bb58f86c894b89d441774135

SHA256
e39dca2dab79991659c080f3553a9f801d0c7e438f77d50e19c6dbb6cc267fac

SHA512
7e9394859fb05173c34b814ae55c0fbd8e724b0073bb39c3444f9ea306c01d6eeb52e22501fd582bc347da184b745c6cf8ec8e386ee129ae3a79d87e3fac29ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\BuilderProfiles\DefaultProfile.ini

Filesize
421B

MD5
871ce2495cbd84b9ac6f9cf31088216e

SHA1
7257ee171630119ed3d068ad7b03d841c6bc378f

SHA256
a7106e0155fe9711402a9e063df9ef5822e46caf761ae75b1ad49d67f6198370

SHA512
5cbe1fa1030b56e212447c0616619053ca651eff23ebcb5f44c259412579e6b65663b333ed704f290fcf58526fb1651e0c040b561c52fe4ceae365c4530a2ef8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Remcos Professional Cracked By Alcatraz3222.exe

Filesize
17.4MB

MD5
c3c21fa4c2186deb641455482ab0d3aa

SHA1
2f4b49e8383e073ccb965943ce970de403412567

SHA256
4ea203509d0fdff3e31f976413c546ca3d36133bc708e9a1301860961cc3a8d9

SHA512
31db2963f1bd49f7b4a6ee38e54940d20120d6c05ef7bf34ec97eb93051bee6d5428e9e1271e4ae8f5544b824188ac7278315e2e2c27be302a312eebbf8c3fb7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
7793567610b08dd235298d419508d0f8

SHA1
34c3b6db64c387fe7e1cf90826cfebb8c5d91d21

SHA256
b9fd3e21adefdefac27bd949c6ecdbac9d2f4e29820dbe0fbe4586fa00fcd5f9

SHA512
c133a7cf73f4a08385e1e6147a6f544c6405177265680c65b2401a19627f6f93d0717a8b37f8af352d9ef8eb83110598ac09642d21953ff94aa18352c6a6ac1d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
d41e7d848c96ca28980a11901a095154

SHA1
a331f13b4fc03326da7fc94ce64f9e655f956a40

SHA256
b75d55bdd46d53195f4f0ed13a047c3941570496858f49a63a6428c149bfda98

SHA512
7215383d95d3ac48c17c5dd48b9359ce62b2f16d35a1183cfaa9b31a3d1dfd8de7524bb353f09ab223cae3d03f14fbeda14aa0358d78bec77aad35e754fcb5f8

Download Submit
C:\Users\Admin\Desktop\Remcos Professional Cracked By Alcatraz3222\Remcos_Settings.ini

Filesize
881B

MD5
a3468935e33e361cf94f4721ed4cb66d

SHA1
c3b19ca8382534b2179940cabede8c6c952a9c06

SHA256
b374af58c24b6085f64f979dab434643da39d0267a27975f396473327dc98c7d

SHA512
c1caa0b9637a46187d54b2952db204182fad5a5324574949ce4db13bdb17624ccd8b3228eb9b2bcfe5851add2c5d2f586945e7264b1d1cd02d91acf1fd81583a

Download Submit
C:\Users\Admin\Downloads\Remcos-Professional-Cracked-By-Alcatraz3222-master.zip.crdownload

Filesize
17.3MB

MD5
94aabe33b1c788d3407703b7be909861

SHA1
59b02e42522f06b3128edebf67e369aca31ee39e

SHA256
a901e9357fd930774796430dbfbf9d77a35584b50ab478f69a482bf212f75792

SHA512
62d3e2d361d0f03885747a83c81ca1e1e73dc03a44f88a8cd7975086a0d3205765b86a743eea844a2f7841f0c49d3fb88be999bf41141ed9a086a087228e1f71

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 667038.crdownload

Filesize
13.1MB

MD5
da0750733bf36c61222eefaba4805dcb

SHA1
304e90d123300e646b768f1f358e59ba506b7dce

SHA256
c9ff8f05cdde137cb0e1e386184a42d4889988c4cfd235fd3340fe545f5e06ac

SHA512
f9a8e89f294257f785388e237a6da1f363f8d78af7c9b473d67261b99526224eb84598eacbba17f01a9f2eb2f6fea0740f7e37df92891df8fa39a33820287454

Download Submit
C:\Users\Admin\Downloads\playit-0.9.3-signed.exe

Filesize
13.1MB

MD5
da0750733bf36c61222eefaba4805dcb

SHA1
304e90d123300e646b768f1f358e59ba506b7dce

SHA256
c9ff8f05cdde137cb0e1e386184a42d4889988c4cfd235fd3340fe545f5e06ac

SHA512
f9a8e89f294257f785388e237a6da1f363f8d78af7c9b473d67261b99526224eb84598eacbba17f01a9f2eb2f6fea0740f7e37df92891df8fa39a33820287454

Download Submit
C:\Users\Admin\Downloads\playit-0.9.3-signed.exe

Filesize
13.1MB

MD5
da0750733bf36c61222eefaba4805dcb

SHA1
304e90d123300e646b768f1f358e59ba506b7dce

SHA256
c9ff8f05cdde137cb0e1e386184a42d4889988c4cfd235fd3340fe545f5e06ac

SHA512
f9a8e89f294257f785388e237a6da1f363f8d78af7c9b473d67261b99526224eb84598eacbba17f01a9f2eb2f6fea0740f7e37df92891df8fa39a33820287454

Download Submit
memory/2964-1576-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1684-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1829-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-420-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1816-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1560-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1798-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1157-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1777-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1773-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1769-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1758-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1421-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1459-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1485-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1713-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1691-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1688-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1833-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1602-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1671-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-514-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-569-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-588-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-599-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-658-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-796-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-856-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1618-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-983-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1009-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1916-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1033-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1050-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1629-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1075-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1643-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1650-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/2964-1528-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/5608-2065-0x0000000002FB0000-0x0000000002FB1000-memory.dmp

Filesize
4KB

Download
memory/5608-2067-0x0000000000400000-0x0000000002991000-memory.dmp

Filesize
37.6MB

Download
memory/5608-2060-0x0000000002B70000-0x0000000002B71000-memory.dmp

Filesize
4KB

Download
memory/5608-2062-0x0000000000400000-0x0000000002991000-memory.dmp

Filesize
37.6MB

Download
memory/5608-2061-0x0000000002F80000-0x0000000002F81000-memory.dmp

Filesize
4KB

Download
memory/5608-2063-0x0000000002F90000-0x0000000002F91000-memory.dmp

Filesize
4KB

Download
memory/5608-2059-0x0000000002B60000-0x0000000002B61000-memory.dmp

Filesize
4KB

Download
memory/5608-2058-0x0000000002B50000-0x0000000002B51000-memory.dmp

Filesize
4KB

Download
memory/5608-2057-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/5608-2064-0x0000000002FA0000-0x0000000002FA1000-memory.dmp

Filesize
4KB

Download
memory/5608-2071-0x00000000047C0000-0x00000000047C1000-memory.dmp

Filesize
4KB

Download
memory/5608-2083-0x0000000000400000-0x0000000002991000-memory.dmp

Filesize
37.6MB

Download
memory/5608-2084-0x0000000008B50000-0x0000000008B51000-memory.dmp

Filesize
4KB

Download
memory/5608-2085-0x0000000000400000-0x0000000002991000-memory.dmp

Filesize
37.6MB

Download
memory/5608-2092-0x00000000047C0000-0x00000000047C1000-memory.dmp

Filesize
4KB

Download
memory/5608-2107-0x0000000008B50000-0x0000000008B51000-memory.dmp

Filesize
4KB

Download
memory/5744-1611-0x0000000008CA0000-0x0000000008CA1000-memory.dmp

Filesize
4KB

Download
memory/5744-1612-0x0000000004B50000-0x0000000004B51000-memory.dmp

Filesize
4KB

Download
memory/5744-1627-0x0000000008CA0000-0x0000000008CA1000-memory.dmp

Filesize
4KB

Download
memory/5744-1584-0x0000000004890000-0x0000000004891000-memory.dmp

Filesize
4KB

Download
memory/5744-1913-0x0000000000400000-0x0000000002991000-memory.dmp

Filesize
37.6MB

Download
memory/5744-1585-0x0000000000400000-0x0000000002991000-memory.dmp

Filesize
37.6MB

Download
memory/5744-1586-0x00000000048A0000-0x00000000048A1000-memory.dmp

Filesize
4KB

Download
memory/5744-1587-0x00000000048B0000-0x00000000048B1000-memory.dmp

Filesize
4KB

Download
memory/5744-1589-0x0000000000400000-0x0000000002991000-memory.dmp

Filesize
37.6MB

Download
memory/5744-1581-0x0000000002F80000-0x0000000002F81000-memory.dmp

Filesize
4KB

Download
memory/5744-1580-0x0000000002F70000-0x0000000002F71000-memory.dmp

Filesize
4KB

Download
memory/5744-1610-0x0000000000400000-0x0000000002991000-memory.dmp

Filesize
37.6MB

Download
memory/5744-1608-0x0000000000400000-0x0000000002991000-memory.dmp

Filesize
37.6MB

Download
memory/5744-1583-0x0000000004880000-0x0000000004881000-memory.dmp

Filesize
4KB

Download
memory/5744-1582-0x0000000004870000-0x0000000004871000-memory.dmp

Filesize
4KB

Download
memory/5744-1579-0x0000000002F50000-0x0000000002F51000-memory.dmp

Filesize
4KB

Download
memory/5744-1594-0x0000000004B50000-0x0000000004B51000-memory.dmp

Filesize
4KB

Download
memory/5780-1607-0x0000000074660000-0x0000000074E10000-memory.dmp

Filesize
7.7MB

Download
memory/5780-1631-0x0000000004B20000-0x0000000004B30000-memory.dmp

Filesize
64KB

Download
memory/5780-1603-0x00000000001F0000-0x00000000001FE000-memory.dmp

Filesize
56KB

Download
memory/5780-1606-0x0000000005050000-0x00000000055F4000-memory.dmp

Filesize
5.6MB

Download
memory/5780-1622-0x0000000074660000-0x0000000074E10000-memory.dmp

Filesize
7.7MB

Download
memory/5780-1623-0x0000000004B20000-0x0000000004B30000-memory.dmp

Filesize
64KB

Download
memory/5780-1624-0x0000000004BE0000-0x0000000004C72000-memory.dmp

Filesize
584KB

Download
memory/5780-1626-0x0000000004BB0000-0x0000000004BBA000-memory.dmp

Filesize
40KB

Download
memory/6124-2082-0x0000000074660000-0x0000000074E10000-memory.dmp

Filesize
7.7MB

Download
memory/6124-2091-0x0000000074660000-0x0000000074E10000-memory.dmp

Filesize
7.7MB

Download
memory/6256-2074-0x0000000074660000-0x0000000074E10000-memory.dmp

Filesize
7.7MB

Download
memory/6256-2075-0x0000000006890000-0x00000000068A0000-memory.dmp

Filesize
64KB

Download
memory/6256-2104-0x0000000074660000-0x0000000074E10000-memory.dmp

Filesize
7.7MB

Download
memory/6256-2047-0x0000000006890000-0x00000000068A0000-memory.dmp

Filesize
64KB

Download
memory/6256-2046-0x0000000074660000-0x0000000074E10000-memory.dmp

Filesize
7.7MB

Download
memory/6448-2030-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/6448-2045-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/6448-2088-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/6448-2069-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/6880-1591-0x00000000043D0000-0x00000000043E0000-memory.dmp

Filesize
64KB

Download
memory/6880-1562-0x0000000000EB0000-0x000000000205E000-memory.dmp

Filesize
17.7MB

Download
memory/6880-1578-0x0000000074660000-0x0000000074E10000-memory.dmp

Filesize
7.7MB

Download
memory/6880-1619-0x0000000074660000-0x0000000074E10000-memory.dmp

Filesize
7.7MB

Download
memory/6880-1561-0x0000000074660000-0x0000000074E10000-memory.dmp

Filesize
7.7MB

Download
memory/6880-1564-0x00000000043D0000-0x00000000043E0000-memory.dmp

Filesize
64KB

Download
memory/6880-1563-0x0000000006A50000-0x0000000006AEC000-memory.dmp

Filesize
624KB

Download