remcos | hxxps://docs[.]google[.]com/uc?export=download&id=1S-XQKOJp_meXrxsjBMYp9A5dVRT2nhBR

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28-09-2024 04:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://docs.google.com/uc?export=download&id=1S-XQKOJp_meXrxsjBMYp9A5dVRT2nhBR

Score

10^/10

remcos zoletadaa discovery persistence rat

Malware Config

Extracted

Family

remcos

Botnet

ZOLETADAA

andreslopezpu1458.con-ip.com:1667

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-GWGDJF
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Signatures

Remcos
Remcos is a closed-source remote control and surveillance software.
rat remcos

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OculusAvast = "C:\\Users\\Admin\\Music\\AvastUpdater\\AvastOculus.exe"	PORTAFOLIO DE CARTERA TRANSACCIONAL ACH.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PORTAFOLIO DE CARTERA TRANSACCIONAL ACH.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PORTAFOLIO DE CARTERA TRANSACCIONAL ACH.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133719712031810025"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4784	chrome.exe
4784	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4784	chrome.exe
4784	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeRestorePrivilege	4780	7zG.exe
Token: 35	4780	7zG.exe
Token: SeSecurityPrivilege	4780	7zG.exe
Token: SeSecurityPrivilege	4780	7zG.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4780	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
936	PORTAFOLIO DE CARTERA TRANSACCIONAL ACH.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4784 wrote to memory of 4436	4784	chrome.exe	82
PID 4784 wrote to memory of 4436	4784	chrome.exe	82
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 3952	4784	chrome.exe	83
PID 4784 wrote to memory of 4728	4784	chrome.exe	84
PID 4784 wrote to memory of 4728	4784	chrome.exe	84
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85
PID 4784 wrote to memory of 3256	4784	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://docs.google.com/uc?export=download&id=1S-XQKOJp_meXrxsjBMYp9A5dVRT2nhBR
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa2405cc40,0x7ffa2405cc4c,0x7ffa2405cc58
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,7889654121678095182,6352604204289236055,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,7889654121678095182,6352604204289236055,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,7889654121678095182,6352604204289236055,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2532 /prefetch:8
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,7889654121678095182,6352604204289236055,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,7889654121678095182,6352604204289236055,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4600,i,7889654121678095182,6352604204289236055,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4876,i,7889654121678095182,6352604204289236055,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5200,i,7889654121678095182,6352604204289236055,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4360

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4552

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1784

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1540

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap6388:140:7zEvent15934
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4780

C:\Users\Admin\AppData\Local\Temp\Temp1_PORTAFOLIO DE CARTERA TRANSACCIONAL ACH.zip\PORTAFOLIO DE CARTERA TRANSACCIONAL ACH.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_PORTAFOLIO DE CARTERA TRANSACCIONAL ACH.zip\PORTAFOLIO DE CARTERA TRANSACCIONAL ACH.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:452
- C:\Users\Admin\AppData\Local\Temp\Temp1_PORTAFOLIO DE CARTERA TRANSACCIONAL ACH.zip\PORTAFOLIO DE CARTERA TRANSACCIONAL ACH.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_PORTAFOLIO DE CARTERA TRANSACCIONAL ACH.zip\PORTAFOLIO DE CARTERA TRANSACCIONAL ACH.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\remcos\logs.dat

Filesize
200B

MD5
da251f06f922e281f2b07cdb671add0a

SHA1
c884d534e14babb32270a8ad3fa217149668d41b

SHA256
735cb7e171831c2d48ccc3111759b5ef01797c216e72fe19b24047ca39ccb509

SHA512
7c7e9bec89ea3bb01d106b12ce419528422b8574d2a7799ad160c7f4c6a4b43816a63548cbbda19f6f1d0e12b7d8d91ada845f268de3cb7b968630834b239b2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
84d27f5afc0acb6e577fb0e6c26673c6

SHA1
d61101f795f2a6bf59b26ef78c7830ba6e7b4f55

SHA256
0068b4bc056b5da48c3a766d2f6bb46a131c270e761537ed980ff2853a14ccf0

SHA512
350562c2a4d4cd4f4353bd1ae1c36b1c828f9e4b4a9cb4cefab9866d61f621742a2c9e197470db64e66031114e873aa7d4563bfec026435b764a9dab9b82d03b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
dbfb5b7e145902eb1cb29da72cde897d

SHA1
634c74ac97fae1d99f949323d501025aa019414b

SHA256
fd53d71c15c5c5d68fab48334ccd35f533562beb21ee30bf15457f7a95ea95f2

SHA512
6ee6074f2448a43e198bc14529dd78e2393c8230c7167686ce94b02e5eef4dc47a93c90ef57e1af93a24a72c930fd6b492ad52c21be51e8e8f3c205c72b7dc51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
7c3a10ff331f65c2145763a840505a9f

SHA1
0b6d57cde2ad9fd1d77a3a48c3caadf9dbbb3099

SHA256
5d59b1734e9025f2adcfab449307385c7ac6198e96c4432030dc3c7ccf276a53

SHA512
eb6eeb304a208fe1600041215b62dd6c879a1c187aa28bcd677c98517a2704e678bdf0143caa24694a258d84a1bc801f4386ba4df731cb17a085eea3e87a1702

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8021b59c77b3ff1622f05a1f0e54892b

SHA1
5a10bb61c116d29df034aa9d50ccf302b10b14de

SHA256
4e8c3ff1ff4c3f3fc562ef980a29454f3f6db90d0c97dbff112b903f38b35cb4

SHA512
efb614afaf247151d9643ae1fc8065a7ed9c6ad681151a1573ee764fd7810a9fb6d2f045519fa716ef4627d800eff8cbb0a162fcdfe3c02418f569f35e9cc695

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8cdffb3be13c953c95485e5589a458a5

SHA1
9df12da244234c490c574ca309e3953edd26391d

SHA256
f2ceb2f9cb69f7953a6bc339508c8caa028bc3d4375722f1d7cdd5dff29198d8

SHA512
1f6178c89185a38e3e6a9a149bb904c91ca5c0ee7af507926f44ec7253e378fb69ca720f9fb0b01766b30fdc4fa759bd63502be2c414cae01d8faa5bc64e2e6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e2dc9cc8e75bd6f5659784034b072382

SHA1
e0598b4e0748d26b4c0677dc7c1e12069c8142a2

SHA256
dc892c06ecd168a0d6307048ed5008375b5e09664da685fd8d0e0d2a15e42a4d

SHA512
ae5b13016f47396f9a171183bf01afffc8014b003566a3a8df7d66632062bc926a9d58588d04a416ceda90b06bf29e002671149b5ee525a50afb76a7bd867e47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7788dfaaa337976e0c0400c2bb8f0804

SHA1
ca770fcff1c9eb8049a1b953e2169f074dfe40d9

SHA256
95bc3a7227b3e5c3d244b11054026fe4b3e39c0207dbf9f5c434a8079dd53790

SHA512
02e58f33c67b7c202147b14811f3c8eacb8c131c5da2014648d01998c655dd9a131024deb9ddd7411a945410435782a3c815fd2b55880d3a0218edddaf065f69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7ce0240c765337af3f54be98108746b4

SHA1
cc573f85b23299e76298f8f9f47a7dd213633c52

SHA256
30380083839fa5bc8825d45b98c44c58ab2325cce73bb56c6ab4be47e67c7270

SHA512
e28017f0827a2856eb87f67cb53bbdf98808e7854b4973f4d00f694c7bb45b0642fd98865128d0185fa47e0b6e58aec354098cdd11f70341a359e608a9cb7c4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
adfc70c80d6d7c09fa66a4bb2a42d1aa

SHA1
0c4ef57563ae009c9781466efc3ba46211b8da26

SHA256
d92a1c478298bde5316ed7f97e937028b27e8228a543f83e2fe150da01a9fed9

SHA512
b8d983880eac3d639909fb6bf5ab9123d1c0cfdbf924a2eb335773ffc172a43525709e9cacb4e9487cc971b37f1c821c830f24466d11c5209d0b03ce6a2be6ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
edff32aaf461c67cb8ca16bd928116cd

SHA1
999cbb4f3748cf8e62f9a2b3df424e6879bd4e76

SHA256
899f3c789e6c380fe293b57dd13cffe62c591d0d030285e22d901f91c4143595

SHA512
3a24496310176f3b51862f4196b96959345fbd46147252e0063af852994464cb87d055941aaf72a48170b4bc8a47e6a188f7005ca2fd5fbd4711eb84e3ae8e18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5aaf6ec0b89720ee86f533253336fd00

SHA1
e6a9c67ee2cc3c320e1566140feb46e273197618

SHA256
7b0b5602dbf01a51334ef1c5d8bc547b3b986b76a2f9b918d5fbe72e0bf6c8ef

SHA512
0cf2b3d3192c1bfbaf823b6ded5c4d59ef7a2e0d4bca9385a98dd83a3a8594cefa2dcd2f1a9c742cdf2bf388427194a52f1081ea1dc23d5afd2254887f4fcbb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
fbc92c5ec2a4b73c22ef050fc262f9da

SHA1
8866955fbb35b092bc53b5483506eb4c0c1fae61

SHA256
d937152dfa31b6ecfcf9c05530b2c3d80abb6ae4bc6b9f69435f2923042073a8

SHA512
330b7b523e31e5c5a538728372c5b6ff254342ecfd46961f240d52115f347da02b178e060ad8fc774db58c1e6ceb8b7e022510483ad38c3d3a55e6946549b4f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
ceb5f2009bf93c37e5f7f51650f4791b

SHA1
283f5502528d867a0a1d95768c0cdc061bd77c4c

SHA256
5269257634a11fa605ad28641c1cdaccfdfa1a3de856ab8bb740477a955afb10

SHA512
12eb8f3d975f0c61f41b886e8a3572618706c14e9940e9b48b298f6331fa304e54b4a4e2aad4bc94e5a6b7e9dc5ef51a35e6699ba7b277d6ba6453c06f055f15

Download Submit
C:\Users\Admin\Downloads\PORTAFOLIO DE CARTERA TRANSACCIONAL ACH.zip.crdownload

Filesize
1.9MB

MD5
d7a6adbd4fd7b5ecc68bebecf1066be4

SHA1
8c06e9f452f81934ea133678a717d33b25d91cf7

SHA256
5ed7a19dac4facf374c5da9c4096a3121dec8c2e8985f3a44ed5ffcd6dd91488

SHA512
df50e492d80f4d930b11448069b194880326f0e5905f676b9a211b881cd6dea40a4524e44be38e8e5fcc5d268d8c4950aadcfd7da8dbc2ea1af6153d8cdbeefc

Download Submit
memory/452-99-0x0000000000400000-0x00000000008CC000-memory.dmp

Filesize
4.8MB

Download
memory/452-100-0x0000000000400000-0x00000000008CC000-memory.dmp

Filesize
4.8MB

Download
memory/452-97-0x0000000000400000-0x00000000008CC000-memory.dmp

Filesize
4.8MB

Download
memory/452-95-0x0000000000400000-0x00000000008CC000-memory.dmp

Filesize
4.8MB

Download
memory/452-96-0x0000000000400000-0x00000000008CC000-memory.dmp

Filesize
4.8MB

Download
memory/452-94-0x0000000000400000-0x00000000008CC000-memory.dmp

Filesize
4.8MB

Download
memory/452-93-0x0000000000400000-0x00000000008CC000-memory.dmp

Filesize
4.8MB

Download
memory/936-98-0x00000000008D0000-0x0000000000952000-memory.dmp

Filesize
520KB

Download
memory/936-108-0x00000000008D0000-0x0000000000952000-memory.dmp

Filesize
520KB

Download
memory/936-107-0x00000000008D0000-0x0000000000952000-memory.dmp

Filesize
520KB

Download
memory/936-137-0x00000000008D0000-0x0000000000952000-memory.dmp

Filesize
520KB

Download
memory/936-138-0x00000000008D0000-0x0000000000952000-memory.dmp

Filesize
520KB

Download
memory/936-104-0x00000000008D0000-0x0000000000952000-memory.dmp

Filesize
520KB

Download
memory/936-143-0x00000000008D0000-0x0000000000952000-memory.dmp

Filesize
520KB

Download
memory/936-145-0x00000000008D0000-0x0000000000952000-memory.dmp

Filesize
520KB

Download
memory/936-103-0x00000000008D0000-0x0000000000952000-memory.dmp

Filesize
520KB

Download
memory/936-169-0x00000000008D0000-0x0000000000952000-memory.dmp

Filesize
520KB

Download
memory/936-170-0x00000000008D0000-0x0000000000952000-memory.dmp

Filesize
520KB

Download
memory/936-101-0x00000000008D0000-0x0000000000952000-memory.dmp

Filesize
520KB

Download