remcos | hxxps://docs[.]google[.]com/uc?export=download&id=1knVxlCl_7QAzDj0fWkdfW_hSHkNmZNk0

Analysis

max time kernel
149s
max time network
145s
platform
windows10-1703_x64
resource
win10-20240404-es
resource tags

arch:x64arch:x86image:win10-20240404-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
05/08/2024, 13:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://docs.google.com/uc?export=download&id=1knVxlCl_7QAzDj0fWkdfW_hSHkNmZNk0

Score

10^/10

remcos fuertes discovery persistence rat

Malware Config

Extracted

Family

remcos

Botnet

FUERTES

higlkgligliygligly.con-ip.com:1666

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-VQ2QTP
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Signatures

Remcos
Remcos is a closed-source remote control and surveillance software.
rat remcos

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Windows\CurrentVersion\Run\Noopa = "C:\\Users\\Admin\\Documents\\NoopdaLTD\\noopaUpdater.exe\uff00"	DOCUMENTO DE SOPORTE JUNIO.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DOCUMENTO DE SOPORTE JUNIO.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DOCUMENTO DE SOPORTE JUNIO.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133673374329312617"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1380	chrome.exe
1380	chrome.exe
924	chrome.exe
924	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1852	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1380	chrome.exe
1380	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
1852	OpenWith.exe
1852	OpenWith.exe
1852	OpenWith.exe
1852	OpenWith.exe
1852	OpenWith.exe
1852	OpenWith.exe
1852	OpenWith.exe
1852	OpenWith.exe
1852	OpenWith.exe
1852	OpenWith.exe
1852	OpenWith.exe
1852	OpenWith.exe
1852	OpenWith.exe
1852	OpenWith.exe
1852	OpenWith.exe
4128	DOCUMENTO DE SOPORTE JUNIO.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 1260	1380	chrome.exe	73
PID 1380 wrote to memory of 1260	1380	chrome.exe	73
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 2532	1380	chrome.exe	76
PID 1380 wrote to memory of 2532	1380	chrome.exe	76
PID 1380 wrote to memory of 4604	1380	chrome.exe	77
PID 1380 wrote to memory of 4604	1380	chrome.exe	77
PID 1380 wrote to memory of 4604	1380	chrome.exe	77
PID 1380 wrote to memory of 4604	1380	chrome.exe	77
PID 1380 wrote to memory of 4604	1380	chrome.exe	77
PID 1380 wrote to memory of 4604	1380	chrome.exe	77
PID 1380 wrote to memory of 4604	1380	chrome.exe	77
PID 1380 wrote to memory of 4604	1380	chrome.exe	77
PID 1380 wrote to memory of 4604	1380	chrome.exe	77
PID 1380 wrote to memory of 4604	1380	chrome.exe	77
PID 1380 wrote to memory of 4604	1380	chrome.exe	77
PID 1380 wrote to memory of 4604	1380	chrome.exe	77
PID 1380 wrote to memory of 4604	1380	chrome.exe	77
PID 1380 wrote to memory of 4604	1380	chrome.exe	77
PID 1380 wrote to memory of 4604	1380	chrome.exe	77
PID 1380 wrote to memory of 4604	1380	chrome.exe	77
PID 1380 wrote to memory of 4604	1380	chrome.exe	77
PID 1380 wrote to memory of 4604	1380	chrome.exe	77
PID 1380 wrote to memory of 4604	1380	chrome.exe	77
PID 1380 wrote to memory of 4604	1380	chrome.exe	77
PID 1380 wrote to memory of 4604	1380	chrome.exe	77
PID 1380 wrote to memory of 4604	1380	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://docs.google.com/uc?export=download&id=1knVxlCl_7QAzDj0fWkdfW_hSHkNmZNk0
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xb0,0xa8,0xd4,0xac,0xd8,0x7ff83b899758,0x7ff83b899768,0x7ff83b899778
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1824,i,1468856297063766692,11808350085733870172,131072 /prefetch:2
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1824,i,1468856297063766692,11808350085733870172,131072 /prefetch:8
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1824,i,1468856297063766692,11808350085733870172,131072 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2836 --field-trial-handle=1824,i,1468856297063766692,11808350085733870172,131072 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2844 --field-trial-handle=1824,i,1468856297063766692,11808350085733870172,131072 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4404 --field-trial-handle=1824,i,1468856297063766692,11808350085733870172,131072 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1824,i,1468856297063766692,11808350085733870172,131072 /prefetch:8
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4352 --field-trial-handle=1824,i,1468856297063766692,11808350085733870172,131072 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1824,i,1468856297063766692,11808350085733870172,131072 /prefetch:8
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3340 --field-trial-handle=1824,i,1468856297063766692,11808350085733870172,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:924

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4760

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1852

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2128

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\DOCUMENTO DE SOPORTE JUNIO.tar"
1⤵
PID:3516
- C:\Users\Admin\AppData\Local\Temp\7zOCBD46778\DOCUMENTO DE SOPORTE JUNIO.exe
  "C:\Users\Admin\AppData\Local\Temp\7zOCBD46778\DOCUMENTO DE SOPORTE JUNIO.exe"
  2⤵
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  PID:1236
- - C:\Users\Admin\AppData\Local\Temp\7zOCBD46778\DOCUMENTO DE SOPORTE JUNIO.exe
    "C:\Users\Admin\AppData\Local\Temp\7zOCBD46778\DOCUMENTO DE SOPORTE JUNIO.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\remcos\logs.dat

Filesize
226B

MD5
98ebaf7c16aff69d1209c54b6c103b24

SHA1
276097e9035dae6d98ba64657a809975019cb395

SHA256
0e3c48bc4ccfe1a17df68549ad045538a56407a0d05fa79e9dc12b2dee338bda

SHA512
427efa7616a52d3b8173c4a8e8abd16c548c01657bef8481581db1313c3c7e8213bf140752e4070e54f523af225e5f1e042c2f871391da07216b37a06bda04c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\6fac5a6e-b382-40e2-b8d0-f85d0c5c38b0.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
879B

MD5
08ec42f7cd958f5f0377e20b44af23de

SHA1
405fb16deb25207555f961905dc5725ff765372f

SHA256
4bb75e99fe7b52c64070663c5929a2f71e4d4b8ee02611cb3909e4bf4b99bb65

SHA512
0eaef7e6db16163a76bcd145114bda8ce0e1a0ac827dc802f4b90e25a808c3691b5e37ac68aa1c0e7b7138f3a26988b6f04d510abcd7646bf54dbb3929192bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
7864dae5b8056382bf01489b49bf4237

SHA1
a898312ca998fb61d77379fbc114eaaa98fb84ed

SHA256
98a9cacb92440281df7cd7718c838261b87447a338c799f6dca498c1248dd422

SHA512
7f42c048214a2acfd8e3f77a0104e8c2d61af9cb5c515fbfd91c2d7134cb458ca9ac191adfe87f3062685ba79f41d16820c6dc182ede0aadadf6d3ff7cea3dc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7e954f2498868a03b2aec526d33f8610

SHA1
dd3809faba71958e1e7e89ff7f23a63870b63464

SHA256
03fb6033c122d9c89f543a9b8a36229bfb952bff2efe02a0a7b2cd1f1083626c

SHA512
d18442a4209b6f2b5b8ac2871eebf997c3051c0eece0511c07fec34e75b73d22433c642c6914350d170aea79c9ca3991429baca5d4f1c267c812eef15459c2f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8dfe490b615fcd50e388a68ef094d5cc

SHA1
711435611561d3eba26c8e711f06892dc14152bf

SHA256
5abc21840331fa1743f93824a9d9ebdd9070e683e10ee2fded7918ea4903e1bc

SHA512
7e6e91ff6d399cd44b36a53f2912b730056a6a9183f6406200d7d611f2dc73900ea41c3cfd25700daa857be19c1d40636151539b22146a90efd4c57985d48933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e8a2d23178216481f1518906c2e566cf

SHA1
5cd29526d61e77f4ad361bd1a548ad19c2f9ceec

SHA256
cf3a4d83a17d0c817fc06cd4e2676f84c3af0ebc38dc3518ec686299c1b7b6e8

SHA512
266d07a764fa28d212c75b02aec181d8a3570a20bbb7abd44b0d5c9cf3e4e72e6c47f53b655270880c9a8e33617b04d5c47d87fc5e357e7b3a107676e9b063e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
268KB

MD5
5cf72d931fb18e79ec5fbb1cf7b2b04c

SHA1
70d6819969e40cc1325ffb13062bbc270debf399

SHA256
1f56266968f5c6c94eb777d61d3e9aaa3c85f2f91219051a664589b2e213f8bb

SHA512
88ea7a82626848954e023963b719d44852a25ad2a9f8b695b015563ef9f12abffd671e6b6e5c49149411286e6bdaba8e92f72a8f17365df0549dce31330d2a52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
db0acb3a61ffe395e6eca7eb478e7385

SHA1
d542758a94ab9113f08a2de52754d1542f3d2604

SHA256
bcf6406cf7c152d5966367d654252e80862eac855d61410fb27f0383497f2737

SHA512
b027dfb5926bc1d246fbd0e9eeaa40ecd35fff80580752a572c97aedf72621ac14ece5e7df97e0426a66045c748fc5f26cf1219f669602cb3fa640aff97ae388

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e04e.TMP

Filesize
102KB

MD5
b9f3a722a130bff9e0c6b6dd6e46adf4

SHA1
a95e69e20b68d833641a594dbba1d60e91fc9db9

SHA256
b05603fdd79270d613dc155775a740b3e5b1b735e8e7ce0c92f419df7e8f9a3b

SHA512
d4f9a7b2736ce7a5255c774c8cf4990aa2fb49d1c1ea3e0c07faef8945652338a4d4399ae3dff0811b4bbb9069875b0157b1549845669a01268980fd6bb23dd1

Download Submit
C:\Users\Admin\Downloads\DOCUMENTO DE SOPORTE JUNIO.tar

Filesize
1007KB

MD5
afafcc0a01352ebd1d812d1df727946e

SHA1
62810f3eb5cef1adab205a1e99da87263dcaa703

SHA256
1881cdac2fd73d5b7e4422fdf2d2ff7388747daf53eaa8782361c3aa0987c583

SHA512
d93fc0ff8a9a8bc2b18000df6cb41dc0a159fb1df3ed0232536a29a0411224f2d7acc3db2b067c1fca28826c7303fc727ada70b913d1aa38eb81aa1fabb56019

Download Submit
memory/1236-82-0x0000000000400000-0x000000000099B000-memory.dmp

Filesize
5.6MB

Download
memory/4128-85-0x00000000000D0000-0x0000000000152000-memory.dmp

Filesize
520KB

Download
memory/4128-89-0x00000000000D0000-0x0000000000152000-memory.dmp

Filesize
520KB

Download
memory/4128-88-0x00000000000D0000-0x0000000000152000-memory.dmp

Filesize
520KB

Download
memory/4128-84-0x00000000000D0000-0x0000000000152000-memory.dmp

Filesize
520KB

Download
memory/4128-108-0x00000000000D0000-0x0000000000152000-memory.dmp

Filesize
520KB

Download
memory/4128-109-0x00000000000D0000-0x0000000000152000-memory.dmp

Filesize
520KB

Download
memory/4128-83-0x00000000000D0000-0x0000000000152000-memory.dmp

Filesize
520KB

Download
memory/4128-114-0x00000000000D0000-0x0000000000152000-memory.dmp

Filesize
520KB

Download
memory/4128-115-0x00000000000D0000-0x0000000000152000-memory.dmp

Filesize
520KB

Download
memory/4128-123-0x00000000000D0000-0x0000000000152000-memory.dmp

Filesize
520KB

Download
memory/4128-124-0x00000000000D0000-0x0000000000152000-memory.dmp

Filesize
520KB

Download