njrat | d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b

max time kernel
324s
max time network
322s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
02-02-2025 13:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

test.txt
Size

18B
MD5

5b3f97d48c8751bd031b7ea53545bdb6
SHA1

88be3374c62f23406ec83bb11279f8423bd3f88d
SHA256

d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b
SHA512

ed2de1eec50310ced4bde8ef6ae4b7902920b007df7b6aeb200cfe9fcc0d36ef05af7526c4675be2feac52831668798d5fe3523175efad6f6549b30f30a0b5d6

Score

10^/10

njrat hacked defense_evasion discovery persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

dllsys.duckdns.org:3202

Mutex

3b570ffeeb3d34249b9a5ce0ee58a328

Attributes

reg_key
3b570ffeeb3d34249b9a5ce0ee58a328
splitter
svchost

Signatures

Njrat family
njrat
njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Downloads MZ/PE file 1 IoCs

flow	pid	Process
67	2140	chrome.exe

Modifies Windows Firewall 2 TTPs 1 IoCs

defense_evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
5448	netsh.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 5 IoCs

pid	Process
5956	7z2409-x64.exe
4960	7zG.exe
6000	Remcos Professional Cracked By Alcatraz3222.exe
4688	Remcos Professional Cracked By Alcatraz3222.exe
4524	taskhost.exe

Loads dropped DLL 1 IoCs

pid	Process
4960	7zG.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
7	camo.githubusercontent.com

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
4688	Remcos Professional Cracked By Alcatraz3222.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 6000 set thread context of 4524	6000	Remcos Professional Cracked By Alcatraz3222.exe	133

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\va.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll.tmp	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	7z2409-x64.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2409-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Remcos Professional Cracked By Alcatraz3222.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskhost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Remcos Professional Cracked By Alcatraz3222.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133829748441245299"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 22 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Remcos-Professional-Cracked-By-Alcatraz3222-master.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Remcos-v6.0.0-Light.zip:Zone.Identifier	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3052	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4160	chrome.exe
4160	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
6000	Remcos Professional Cracked By Alcatraz3222.exe
4688	Remcos Professional Cracked By Alcatraz3222.exe
4688	Remcos Professional Cracked By Alcatraz3222.exe
4688	Remcos Professional Cracked By Alcatraz3222.exe
4688	Remcos Professional Cracked By Alcatraz3222.exe
6000	Remcos Professional Cracked By Alcatraz3222.exe
6000	Remcos Professional Cracked By Alcatraz3222.exe
6000	Remcos Professional Cracked By Alcatraz3222.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4960	7zG.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe

Suspicious use of SendNotifyMessage 19 IoCs

pid	Process
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4688	Remcos Professional Cracked By Alcatraz3222.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5956	7z2409-x64.exe
4688	Remcos Professional Cracked By Alcatraz3222.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2728 wrote to memory of 3052	2728	cmd.exe	78
PID 2728 wrote to memory of 3052	2728	cmd.exe	78
PID 4160 wrote to memory of 2020	4160	chrome.exe	82
PID 4160 wrote to memory of 2020	4160	chrome.exe	82
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 3844	4160	chrome.exe	83
PID 4160 wrote to memory of 2140	4160	chrome.exe	84
PID 4160 wrote to memory of 2140	4160	chrome.exe	84
PID 4160 wrote to memory of 660	4160	chrome.exe	85
PID 4160 wrote to memory of 660	4160	chrome.exe	85
PID 4160 wrote to memory of 660	4160	chrome.exe	85
PID 4160 wrote to memory of 660	4160	chrome.exe	85
PID 4160 wrote to memory of 660	4160	chrome.exe	85
PID 4160 wrote to memory of 660	4160	chrome.exe	85
PID 4160 wrote to memory of 660	4160	chrome.exe	85
PID 4160 wrote to memory of 660	4160	chrome.exe	85
PID 4160 wrote to memory of 660	4160	chrome.exe	85
PID 4160 wrote to memory of 660	4160	chrome.exe	85
PID 4160 wrote to memory of 660	4160	chrome.exe	85
PID 4160 wrote to memory of 660	4160	chrome.exe	85
PID 4160 wrote to memory of 660	4160	chrome.exe	85
PID 4160 wrote to memory of 660	4160	chrome.exe	85
PID 4160 wrote to memory of 660	4160	chrome.exe	85
PID 4160 wrote to memory of 660	4160	chrome.exe	85
PID 4160 wrote to memory of 660	4160	chrome.exe	85
PID 4160 wrote to memory of 660	4160	chrome.exe	85
PID 4160 wrote to memory of 660	4160	chrome.exe	85
PID 4160 wrote to memory of 660	4160	chrome.exe	85
PID 4160 wrote to memory of 660	4160	chrome.exe	85
PID 4160 wrote to memory of 660	4160	chrome.exe	85
PID 4160 wrote to memory of 660	4160	chrome.exe	85
PID 4160 wrote to memory of 660	4160	chrome.exe	85
PID 4160 wrote to memory of 660	4160	chrome.exe	85
PID 4160 wrote to memory of 660	4160	chrome.exe	85
PID 4160 wrote to memory of 660	4160	chrome.exe	85
PID 4160 wrote to memory of 660	4160	chrome.exe	85

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\test.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2728
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\test.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:3052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82a78cc40,0x7ff82a78cc4c,0x7ff82a78cc58
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1840,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2060,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1676 /prefetch:8
  2⤵
  PID:660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4464,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4644,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4372 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3480,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3444 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3300,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3392 /prefetch:8
  2⤵
  PID:6136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3320,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3336 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4576,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5272,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5436,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5448,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4784,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5532,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=212 /prefetch:8
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3368,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5672,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=212 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=872,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3420,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:6080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5152,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:5220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6024,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6028,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6164 /prefetch:8
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6316,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6324 /prefetch:8
  2⤵
  PID:6056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5056,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:3796
- C:\Users\Admin\Downloads\7z2409-x64.exe
  "C:\Users\Admin\Downloads\7z2409-x64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3668,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6088,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1172 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6160,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=4724,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5208,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4988,i,11460475399473517314,8373219830826216766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6304 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1204

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4848

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1936

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5048

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Remcos-Professional-Cracked-By-Alcatraz3222-master\Remcos-Professional-Cracked-By-Alcatraz3222-master\" -an -ai#7zMap27421:352:7zEvent31772
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:4960

C:\Users\Admin\Downloads\Remcos-Professional-Cracked-By-Alcatraz3222-master\Remcos-Professional-Cracked-By-Alcatraz3222-master\Remcos Professional Cracked By Alcatraz3222\Remcos Professional Cracked By Alcatraz3222.exe
"C:\Users\Admin\Downloads\Remcos-Professional-Cracked-By-Alcatraz3222-master\Remcos-Professional-Cracked-By-Alcatraz3222-master\Remcos Professional Cracked By Alcatraz3222\Remcos Professional Cracked By Alcatraz3222.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:6000
- C:\Users\Admin\AppData\Local\Temp\Remcos Professional Cracked By Alcatraz3222.exe
  "C:\Users\Admin\AppData\Local\Temp\Remcos Professional Cracked By Alcatraz3222.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4688
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c copy "C:/Users/Admin/Downloads/Remcos-Professional-Cracked-By-Alcatraz3222-master/Remcos-Professional-Cracked-By-Alcatraz3222-master/Remcos Professional Cracked By Alcatraz3222/Remcos Professional Cracked By Alcatraz3222.exe" "%temp%\Profile Remcos\Update_Lock_Remcos.exe" /Y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2440
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c reg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /t REG_SZ /d "%temp%\Profile Remcos\Update_Lock_Remcos.exe.lnk" /f
  2⤵
  - System Location Discovery: System Language Discovery
  PID:720
- - C:\Windows\SysWOW64\reg.exe
    reg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Profile Remcos\Update_Lock_Remcos.exe.lnk" /f
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5004
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c echo [zoneTransfer]ZoneID = 2 > %temp%\Profile Remcos\Update_Lock_Remcos.exe:Zone.Identifier
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4992
- C:\Users\Admin\AppData\Local\Temp\taskhost.exe
  "C:\Users\Admin\AppData\Local\Temp\taskhost.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4524
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\taskhost.exe" "taskhost.exe" ENABLE
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    - System Location Discovery: System Language Discovery
    PID:5448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Netsh Helper DLL

T1546.007

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.dll

Filesize
1.8MB

MD5
c4aabd70dc28c9516809b775a30fdd3f

SHA1
43804fa264bf00ece1ee23468c309bc1be7c66de

SHA256
882063948d675ee41b5ae68db3e84879350ec81cf88d15b9babf2fa08e332863

SHA512
5a88ec6714c4f78b061aed2f2f9c23e7b69596c1185fcb4b21b4c20c84b262667225cc3f380d6e31a47f54a16dc06e4d6ad82cfca7f499450287164c187cec51

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
696KB

MD5
d882650163a8f79c52e48aa9035bacbb

SHA1
9518c39c71af3cc77d7bbb1381160497778c3429

SHA256
07a6236cd92901b459cd015b05f1eeaf9d36e7b11482fcfd2e81cd9ba4767bff

SHA512
8f4604d086bf79dc8f4ad26db2a3af6f724cc683fae2210b1e9e2adf074aad5b11f583af3c30088e5c186e8890f8ddcf32477130d1435c6837457cf6ddaa7ca1

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\098936e1-382f-40f4-9169-38a139d92bc4.tmp

Filesize
236KB

MD5
b451914660a2c90f1a9acb96667f4e53

SHA1
65a37ae9e5f89a5d0e74338a16822f07ef8a5a59

SHA256
309135517d2e9d07397d7c041d57655748ce8f03063629b5675f17135a654b45

SHA512
a95f4dab371f2facc32deded58118f3d4a82b1a387b0ad72a927dd84ccc881bcb947f99a44751d3d6069fd5fe1a231f44253fe0be6663ee12b7328e563580d71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7aefd39a-8797-43a7-94dd-9856f1fcae36.tmp

Filesize
11KB

MD5
d449d6cdc9571162cb4977248fb2aa98

SHA1
1ac7f3db4ba94fc11f9d6bce96fb3f48f377d160

SHA256
e453a6a4e15bc7b4995965c4176f7107924e6a2f9ebbe2f1a207e0efae66d3bc

SHA512
91b71f945fe6e9441fe76347cadb3a7a5b901903c605025b75db0efbd2c6f5837e0bf2fce3f1550e02fd16e1b96aed8f1d3c74ba02ac54d04a0a152e3555f60b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
25f124194d257e0ed33d5155cedca6d7

SHA1
043ce3f01f70b6b87c001f2e2c757238432e61e9

SHA256
3fdfa6c20b8de3689a60f54934b7bce1b23ee55c66bf4c91a5a8169857c57675

SHA512
759d143f5a4556d4b6ff101ace571c70e7b00ac45dcb03616fd09948922a0f486bb5c64c4f2cda2598accd1d1cb4ff957f0ed0c9d7f72e49ba23ba8e3989af3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
18KB

MD5
8bd66dfc42a1353c5e996cd88dc1501f

SHA1
dc779a25ab37913f3198eb6f8c4d89e2a05635a6

SHA256
ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839

SHA512
203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
214KB

MD5
ba958dfa97ba4abe328dce19c50cd19c

SHA1
122405a9536dd824adcc446c3f0f3a971c94f1b1

SHA256
3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

SHA512
aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000067

Filesize
4.3MB

MD5
ff02ab8371d64f4cb2ae3a81aec4ed0b

SHA1
58690986791322e89180363dcfd3fbee460a18a5

SHA256
e1297a0a28ebdae6dc76b39bb440402be3ae236be9b7948ead8a1e30a149a62f

SHA512
f50a3034f56dec2efa36e6722de73ec73bf23899e6015293cfa5a1774aeabee43c6cc694dbf16269c36aff11c3f338cb4c52cec16bf99f4e80c72c87337f6d16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000086

Filesize
41KB

MD5
7978a9e6312aeef2fb75a5184b971312

SHA1
312d46ef07ed60cb3c48cd586a5189d4a7cb030d

SHA256
bbb5da7e7ba55a3059a77cdbad6147129d94d7ad45fd15f10ebea2bc4537f649

SHA512
e738bbf00a4218607c1d13aa06792bb3245fa7999a844cfdb251caeefe0c2df0be42b9bc2aa8497927161fcee6593d9e9f9d69cd02ca9b213350223c78ae5e85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008a

Filesize
19KB

MD5
70ee974af7004e9882ef0fbecfba95d9

SHA1
9a5a71d4c4f3908609e22be5770a985a53591b59

SHA256
f1124aefafb96194614962f50a15204994353cdee4d4819e271dbe2bdb7e7a18

SHA512
dbeaac1b653b648d87b90b1eb0adb0f99f1d7eb7bc197793641154a06294295f10bb40facf7aaf9279cb7a8d3a85799f79a8285ff381c0591f9dcdb92296b11f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\80c8c0f80f3766b3_0

Filesize
23KB

MD5
8c43caf8e2246cc740a74f7e8d58f1a3

SHA1
9401d1b365f9c93b836dbadefd9b08799e4b35cb

SHA256
aaf480a3c332253a2aad6a543fb02fb08de32aa1de2c1117d9e991592eec7418

SHA512
5b43adb98398362c89396825e239741814e0dbe9937cc695d9680351164b6c5ecdc7ccfa697647686dffb61320d286295dd3dbcc259aedfeb1e948cd762c2b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cb8be7ac12dca2c5_0

Filesize
282B

MD5
a2474c8f0357eddace2a17a2c539587f

SHA1
582f20af1ba752c599dda9d1f2026a3b110ff58e

SHA256
4da07e7c3cf2b34324c53ce0beb9c66cf673724d2ee809001463c80d50cb85d8

SHA512
d2ed7ccd154dcbe48ac1263a2495d9c01c4af3ca747388e193173cd8476446da92baae3d74c9fb603dca1a20b39992b5478dc6bfd0678dc3af58579eab61096f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6373693c6142cf9f0e4f147b5e54c95f

SHA1
12f5aaaecf067ad56c3c1313f8ecec66f1c99bd1

SHA256
0102bdfb9ba9a8301a4c06016c1a61c5b99a795ba7ae6321a3b1687f7e85fa5a

SHA512
241d88e7c0995bed7be3bdb9445977f6890d7c3346fb574409a3b861ada7164c3622738ae2c37eef3d669d61ecca08773d3b700cc632d548f3a905ae3f395eaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6336426b5d283f274205392e923f5fe3

SHA1
253ec57054bba38053695a7f568d9fcabb0a1f05

SHA256
509ae5e818b6fbb01c8a24512720b245dfd037d7710914a87c4743b870354236

SHA512
4dd1ac6da5e662c42c6812ffd570595f9d2219f4d0317319099e22dcebba135373efa3ddbc973f97a3b6348b115874baf2ddf4757da24570ba3d1cfc785d2019

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ae8ff74a1a08b471c127ebc5922f7993

SHA1
a3c4e68ae02f4d3d28c88e10f57b2664466c00b6

SHA256
f42b7ea4739bf736232ea8433e5436b3f884cd7c9311ad073dc9d6f91c6e02bb

SHA512
fbf03ab5e59fcc154e1426d734bc347d030e6520e945e0ee7bf921b9668ce077beb74ab2f5575fe84f6c3973a1b908e92d20458c50ab717c32eb991edaab591a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
848a799302d1079673a51b6ffe80b913

SHA1
388665a32ba1bb1c97d87fe2f64a3704fa6089c7

SHA256
789ab11bcb537e8a786a44b1957bac0612245bd6bb9bc9dd094234d755683e34

SHA512
152681b9293eacc54516afb365fef63ce270aff8b56836cb6fe01e82e3202d13809fc5805211420fe0ec8288bdc10703fb51243464dd33918cdaa520b79aef07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
3661903cec34ff3ae061cd2002a4fd44

SHA1
0b5f5241b98b5602936c5f44ec3e5ee5aaa72a09

SHA256
7db393f53c65b8e8b294986561494c73d3706831351ad7dae34a6d10b04410e3

SHA512
74ab46bb3d16e512d5613c9de0db6e6a0cd17342ed17c33bce033fe8097c49ae6f40a90eb2100c21a1c4e8f1631e801e3e3bd87d9baedaee4dd4e9e013295849

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
b15cec08192aa73073143f312b133818

SHA1
497f9ab9f36d040430d19d47dc51b0ce729c0877

SHA256
9464a031929edad0c11a61d604b5292efdb00fac434d47d4153c971bc6983290

SHA512
cf6d8d2e6908f811c7708be4bf56afe638acfe545119fb87fd89ea73d951b61745af6fee810aac944bbcbc338750aed465047aa5ad3a2074719aa36c131a2444

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
2c9ada9e2f74e53e6fc053112118c22d

SHA1
d0434b6cdf8be0177df545a2e6b7479b72b4a142

SHA256
f74fd77cfa3631311190c46651809148cb46e8a65fff20ae88f0931a99c9f0cf

SHA512
9139871a8fa54ba605a1396d2e8be1dcb43cb7b12032cc84f1761cd27d1dd0ef0efe475d1c080d0f555754423d1fe893011f8c96fb45d7c799cca8347088f14d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
416956ec4691446a9f9c9d626e09b808

SHA1
1e9496b81c27d82f886698981ced656441401539

SHA256
cb9f927f9e043f848f19954de00a7c765808d9eba8a993f03cfc6aeedf9bc036

SHA512
455e9706cd96b62344d31698d8939ac4302aad7582e6e1f62659ed58fff28485f089913612b02b4311d835fd7d3e65c402a5e8512d98491bea71a83d7989ceba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
eef10936cad27f522568a614c80c5f2e

SHA1
0cafab78f6143f584c85c89ebd1ed378b6883a12

SHA256
7f21a98af93549e4449a34ac9741673205bc996eb38766b999a659fb7fb74ac3

SHA512
403e549a0af4838be9a4e73d2024baa98b745782e1c5e55af3201458205e7315c886ff6d995de14f5b3c7dbf436fb4836c7cc86b956fad4f93d699261a3acaae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0e752bd672fba4453a5123112f539102

SHA1
7166df96b1ef94f4f6a7d7dec69b3a4f68fbc2df

SHA256
983a92aff0765e2de8214ef28c2769d7dcd82ded2c78881ee8fef14fabe90a47

SHA512
9c12f05299e46a483b9fd68ef82dbb667d9440d896b92a4cf78618df051e91ad6868fd4e67c3efc6d16813b9f33faaefddbe9252c2ac61556e1dd182db3abf5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
79fa20b3f71779e2121bdb6c79eaff26

SHA1
7b18cca794e0a7448cfa014154cc2ed29ac90acc

SHA256
9b46697869d26674e91c64eac315e956c7dbf3a03cecfe1cfbe6f515d33e1379

SHA512
b92a1a863e6375ffdb87eb82c2e6961ca4955ae66917162a67b60266b98a24a228b09fed9a58cff839c544d9f62aba87c79fef6aeba55652a7ecd899334ce316

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4ccfc3d5829d98c3f9f5a58ceb7ea1f6

SHA1
1e96f31513a9d687312b1a2630023a282a9007c8

SHA256
49affca0fd2ea555d3e94e450190caebde3b3d28f7143e2d651313e0d4fd94eb

SHA512
72a39beed3d0992d590756ba65fa71850ca3a17d0f1a6421e0dab9e64c85995a8da28d75a6f70dc5a624304f09d04d2317fdb558789d8cee63999fb49594f6a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
76f3345a2a9983b524c20080535d1e5a

SHA1
3061b59162cbf4782093646e20129511ffb4550e

SHA256
95135581cd557902a766ad5af08f1dd90bfcc81d575b375ab7e9d9d41331e13f

SHA512
c2961677495cd79217d5e692652e5b14479080eaee9b20664f7122ee19c561c17c147b9f7f340088520182bede42b41133f76738a0eebd3a66a9ed24abdbc79c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f3b2a36d72ab728b4e9832ae2a686e9a

SHA1
d1e22be79e53104be0bb01f9022053461d0884f9

SHA256
f89af7a855f68323bbe10b136bb448eb66f2851f0e05759963192569bd3cbb6a

SHA512
f95b006fd93b5fbc2ca1bd3bee1b9da8c5f365734185ac3f07a384aa675e00ce2f63d25b324da809f414c06398c5b49d72c9556a58169be1e1b05b1601e7c61e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5b24b02889c80bfeab43943665062638

SHA1
222efa4e53a41a8d8966fe673a57efc784841c03

SHA256
c51eb6b019d2cf9e747197bfc908c9c8e9385387db77cf3994f122a7443ebac0

SHA512
a7d5476a2137370b3553a6de2ad11d3358755df2c370efda4e8df7e845a6ad302d75f8332d6d85228ffa9662bd47b8680cec2ebe87ebd1ac00b1a0c4a05e19e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
60aaf76e9452c62eae369a7aec8fb080

SHA1
7f02cd895eb82ebabbba5f24989cb0f11a7b8ac0

SHA256
2eee72aff48173c4a8288b138e9ee9080e9a66fced618ceeda74f51a38d3fa61

SHA512
531a03cd2018cb5fc44bc3ef3c559024093d67a74dbf2eeb7b5cbde53f57c35c02ca20d95eb6d3bd722958192498f7a4564bbaac67f9297314a8d7d653a2ec83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e10d47d916534d17fdfd2cebff5b5be5

SHA1
6662bab3908e8a2b36e03d71656ec3bb396d9ee0

SHA256
21bf90888462417ca65c13990850cd988851ba4c1f4699661023f846398179cf

SHA512
901768e025643726bec25ec5288c3d9f5cc7c55235ec5af2a1a7080e6ec49823b878c31205b891c9efed0b18837595419069fcaadda2bcf85ea6047294756e1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
397eaa3d699aef3671cac6b784906cb9

SHA1
8d257dfbca473eee4d6c59e212058ffe95007e40

SHA256
be8beab192d7149b0dec542074dd8d00060f4c6cb7326be573d4b902a367682a

SHA512
cd4d84d4a60d5b31cd85efadb297d520c84da8f01992b442011ed5bfb602b7aed4d7c58eba7c7a529be71ed42fbdc505ab647da7ab5dd99954eed0f46b687996

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c0275d8c90dd0a37c31709c0129d0b64

SHA1
ad6f68081769755fa156be618a699da4cbd972be

SHA256
1bb492733176046bab3c98f753b33f8ae838d6ef1c00db13fd0ad293d1c4cd4e

SHA512
f058141fb66685d42293bffc331a552e238c54b453f1090e0a7fa57bc0da0407bc31cde888811efa83aa56816f76c784575851a5d227d624d1da2d21c497bbeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
43997544e41ce2e943d7c9d8214499e4

SHA1
de9ffd73077748e817c034f119b28791ce8e045b

SHA256
9f8fe6ff9b335ae01354d05b2ae47a249e199e5f593e4b8082d4ccda1dffc305

SHA512
1ac3dd60aeae09498c53b48e7f61c54ed4a9c10e6fd68e99709bfa49da2555ad0eb52c1a2b1bd0f91ce0618333ab053b6e4d865f8cc3f1ef53738221edd3290b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0ac51e78006608f36ca81bd92fd693b9

SHA1
02b9da9ad662559b22bdfcdca1c1b07fe041be5a

SHA256
e7bc4bfcd6a34a738491b5fb80d32e6be684ccbc07e88d119096b913799fb689

SHA512
b595c297b766b1b523f21ea1659da590fefa5112035db5bc963d1bcdb85c10b52f5bbc9d1e8fe4b247eb8ccb05ec39474dd9c578f6db05710414712ccb771b00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8998bbf35a69523754122f464148f531

SHA1
7a623681ad7b495e180e08c5004ebba5ba76aefd

SHA256
48bc2537ecfe1d2b5f0cfe0a2112f1a678ce868d2260e5eaec0fcadc0660a43c

SHA512
7cb3d9fe29b75647a748d93e52f92fd23bc2b119b49105c60b71534bc4a89071f5f5d76d90e570440a2e18cff8dacc05fe4b9881698465365b77c67b01b8a903

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
34b7997fb6435395f034a84c168dd751

SHA1
97255023bb3f4a35a55c01e047d99c7c97849872

SHA256
18863254fc93ed31b0ddb930ab6c42209b52b9dfc9914941502d0d3ac60b6cd6

SHA512
469da39c144d38332d28b3ef52d3797b02202ca4c02dbd14c64623256255c8f192fb1e9eba3da06e6cf0504a00352eaf136b4569f8f4c0f85cdb9d9b22413fd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3c3a8972d020d5dcb1ebcf8f704282b3

SHA1
06d139fcf6b5d110d95b0d57b1053c54e20c87c6

SHA256
5f2291e63a7e75447f933d72aa7f6ccb710bd6023e1131456e4333a743350d0f

SHA512
f5c6b7c483ed6831f200be6043ec712aed517e5e79ded0dc482c97e60d254292a285b1ea2f69940a66e00257fc78793f5d9166463eece41f0b2c5b3b23950208

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1c176d2d5b67f8bfcd836fda06ced3db

SHA1
732a6aa177ce1fbbc1766fd60656702d431fd9bf

SHA256
d4cf7e96418f30788706388b0a8e34e548dedbf57617510ecfdca14bb27c0e02

SHA512
c51797b0e6da2ed6366a6300e247d666a7ed1a0d5e87c2754a7f7ff412f68234d884c9c0a9a66bcf0dbfece30e254a4a12e6ef6845cbd9419da0ba103ac72c51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
07643804c24a92a9a8552cdec082628d

SHA1
a1137d160c7b414d8ed3228fdf94b16ae2ddf384

SHA256
e7d365bb52dad60e9cbdc1352515c7000a06f25839e9e0002383335c8661d120

SHA512
7aea5e889e3a5d58675ff297c840117866309fca1fa911769c2f8114f5d476afdaf6d4c103ca5a283db19a9ce31005463413b4f85e93992c5548b530aa53f587

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eba362e569e7b2935d6437f5380d5eb4

SHA1
8ba38aa7dd8d20a7761fce16ce6c1407823b9a87

SHA256
5f92c9160e587a22bcd4ed1014de717599d01802da764a015b4504caa4904b38

SHA512
53c4b662de1ed699ba567c327b6495bea8d7f21fab3a9a8abc9a3ff858da7a377b3cc4cbf3fb6d3158f635a4bae26c52d8b6570ae0b0024efbd576480683192d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1235519e5c51f75ebbdaf7de651ebf05

SHA1
f11b41b8619ca591a0f3b1840073a48b0d094018

SHA256
b70697883ac92f2c889ddd574ac10bd6fbb322ac9d502bf7aee5055c7951cbc0

SHA512
6b99edeceb0117d7071c7b5e56a07a68e709c139eba3877b90f4b88bf614917d83f9e4eb0b242a3ac1dcb7d8e9141e06bfdcc4344d538aadcba2fc639b069650

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e17ed8996ccf28bbf56c5cb704ea41e6

SHA1
d2942755dcb224b7f3cd461ad0b81284da1a1a50

SHA256
1391972869ca3577c7361d83dd45b5027ab360858953f54cafefaad60fd845d1

SHA512
ea7b977debaa4d88731a041bc1328cf9d3c71a50224491310a9b52c9aff7bee9273a11ff66a802fa1020a916f10847595f9958660cb890ef4e33d8dab0760326

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
31defb4ec46f60341cabb459424f3173

SHA1
e8ad03347d8c83a4e3ee521040760d5682cf6315

SHA256
51fe094ef6cd47286e08244b824dfe004a3477f8ca2908cbd4b961ba8c919f8f

SHA512
13a63eda3945a171f2deb967969c5c8a846906c75afe843ef105eecc0eb954fd16dd9ecc5cd196cf4f7605a2d0b0aef5885178d61bf29e3cd4365d55518ce54f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ba73fa810409111bd924622b158305de

SHA1
35126106f3239739bc512cf5e814e3ca3e9536a5

SHA256
f11f0739751d618c86e902a488fd46842f6801b2d01a6cf4907ff6a7d5cbab58

SHA512
f4a8d696c4c1c4d37dc02a1dff72767530152d20af54c6aa06338d3362e97d6732be9b8d161580b3e97854afb0826eb2e331b8aac39a3f5cb4d65a7598f787c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fa6f01de32b44cc707381710925c3405

SHA1
398518ffe4ee15a0cbce4a6802018204727880de

SHA256
0ecd0331f5e61373554e50bef2c57af37b60db2d6bf22c866c8c9c892c091044

SHA512
5a8324aa26d2eec74f86e4137478709d3dd79ae7c07ef3f64b2616f764210c5714cc2d9962685f3c2a6b13b750ec05680979875a1381adc93d354c3f35c0447a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e093f4f265327f8f694372bdec5cbfaa

SHA1
4ecf55dfd6dbe9610204333f08bdbb209e161907

SHA256
60e935b9c30c28a41a86adb09177c2b66305a35755f6b602429b7b81f38e7640

SHA512
3e1188eaae801866b2f1955200e01fc99a5279051f326fbb0d53f512592b2274364d4250c0b8f2116bcccc47f6e8eeb5d5d6b2bccf822ad6c199c6828961c77b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d4be73466aa23c539f3ae2576a0990da

SHA1
f6d6af241439d07a4db53e812ab80116ab76be32

SHA256
3c3b3e1a42b31039fb51525cca87a9666b15dab6ea19c0c47b8a3805fa274afd

SHA512
6311235685546d10d6557fe074b7119b865fb3d0c5e36b1a097c62a2de428b4f41478a6f6df02120d610425deef7e15029903eb3ca66823d759fc26135f4d329

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ead0211fa9d783bc96536159f659c60f

SHA1
ae83dc4d9ae684cde66df2b1ea3377febe98d065

SHA256
d1d366f2c51f456d3916052d3a8dd1df13e3dcdd006693e36f3644b13c0a1b1e

SHA512
e77c93db0e15229aac1beb83f38d11c43fda6705f4226ba799ac197a48f96d5ce633d81afacfc7391dd48b72387c8725dea1d3d166e5bbd10505835377d4c3ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
27d9c7ce042579414078e79f282a8c5b

SHA1
fe75f5a28cb9e73e48c37495dbbf6aa54f7fc598

SHA256
f9417c2ef847b5071d45eff693d86f55ad50de85e1e4e6ef9e0c48086559bd44

SHA512
a9b7ae3a474c4f2cd0bab08a49b86b5318871a43108798b951dfa3198368bce1f5cde6125aba3f4bfe0e5b76fea4f668c7a085e4904f4dad75f2e6c0dfeef4c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b88f2b75875fa308f54e37e01347d9af

SHA1
5e5f0f5fb20a3d47b9d37d66c9502453bcbe6e28

SHA256
9676f0ef03a8755e93f7c63936f14fbf350196ea0625bb0704743d80f3040c69

SHA512
46b6cfdfdfbab71ea48c5399d4d99403e69d4f42ea40a587f493329092a4974bf08f26aca9487996ddc115b5763752143207c65c723f51805c46b3ee33f7b9fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9a294208a896a78c3def3b2ce1bb6c8b

SHA1
70729b109dbd4d3cb5bf06bd7d581af285732877

SHA256
31564a4f392f3de713974581346270a1ed9cc13076d4c57da7d66bb042b440c9

SHA512
852448ea3010568e17b684a07b7dd43588668b44e51aa75273248afd2e2cd2a1aa6a831c7a8103620bc45ea83fdd0a3844d8500b6455b0f9922057f5558b1cf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1ac5cec55f4dcc68ae04b3a5adcc2f28

SHA1
0947568630dedf84562cf12f1e2481155d17adb8

SHA256
b3f6f29d9d63c152b7e224f0ffcb539cd793bfbe742e64c75aea85dbf1f3d3a1

SHA512
6dab8eb9fa1ff79d8bf2b7ca68b93f65fc4dfebbe0caa01aca1720077551648f106555291518b7238e7363c09815c4d4c0ba20f38074659afee28793baf5ba3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
153b41473c00ac0a67ffb8bc02d56e55

SHA1
d82bc37bcb97a6c3f706ab0bc147d46fd5ee04cc

SHA256
88f32871088a2c9e5e0fea4fe661757084afc8949988573830280d94a040beb2

SHA512
3ab6a4fe876f02d183370337219ccd179a0d75fc57dc1c59be693d4418d406bc26c766cf36cfc9dac3587d09e6eb3c39dc60fabeea5f71d68773941563d9d0ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0334c6656faf68502986d44f93565920

SHA1
db8346a81b032ea2f2a1cd060076c3ca60821a2d

SHA256
e06d648293a09375ab7c4a864599132f3b0b986107375df2159353838369e5cd

SHA512
f11e2bbee1037122b981a6b0291620d0d45e54168ab71a7e3970e0ed7ee5874b631fb9815c870cfa0b2e4d8549d8f76dcec0529ec987cf0343497216aebf8cff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d382eb91d96f2805bceebc730e17d005

SHA1
3c841bf161d1e130e001aa8fcfb30131c4bda4b6

SHA256
cdf57756f94914ad9134e15078139d71217765d5c6761e2cee7279d44349eab7

SHA512
3cea11b37c03359977bbb0efe61501fc9121d5b454eebd0e1815a869185af2478cac70de4a0c004e50fb46833e92b0f09ff0cdf7b2379c4de25e27c77313ea61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
51ded584695d761aa6ed216ff2c3417d

SHA1
4dda41062d317c1814b30dd61ecde5097334b340

SHA256
1182bc07b24f3d5d354ecb4a8ec7e1a701593cda54b6853c2cbe181b38863826

SHA512
9ce6b0db40a5e6da1589d547dce9e1f0592eafe720a245f75e56d69d96b3a2595e351120dacd0fea6f13eb83ced99698770498d38bae25a79015d21bf06f8045

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
636cc6614fd3e6f07f626eef6da7b027

SHA1
4442c160a848daaf6916c3bb2919761464a121fb

SHA256
357c068425c65448af75e9406e7cd1deafddacb8698713df0a06d7601d13673d

SHA512
50f24074994da713a1de33eefc690df8360836052ae1e4a16aecbc3324e48da52c13cff134611391f287b191e07b92670538261fff9b5002997da43f88d12562

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
4f54ef8e798d4820699ebb2c3ccc2fbe

SHA1
55a65dc9e19eaa89dff2e7d7483c2cb54aaa3d5f

SHA256
972148b6245b5399293c52a3472a4a540663b50bc7ae55a7a936649cdbc2d8cd

SHA512
9997341299a4277154e18daca77e9b173f2df7678fc787a887c10e36d8ff85ccf9c6c45f5802c42c64a0ca3cfc984c4076a4b0ede5ea9fe4bb52a9409282e705

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
8bfaf88d906d52b63ef8014cfee34882

SHA1
e2c25d948eca5048ddce5819d33fef361c752606

SHA256
449917f2019f7929f6122186679de4d2d2d3d901beb9d6f8b2bf43a9a41d4fcd

SHA512
054d7a887c102452c13ae8ba828d12561ac4deb980fd881bae3c5361a863426d9bc6b334588d1885c6c8b96ad5e2d8b42fa8811aac4a2b2f4acc6bfc417488e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
7d85e2da7e9c187a4cb1e413abe9a513

SHA1
afb985a23b535fce69d5a948339432c0cfc4b6c4

SHA256
2ab2fdef0cb7ed106f49b211ff5405f9035b92d25499fcf4582761259116d6e4

SHA512
27096eeb3b711a6c1ed2769f856fddab87eb0dd78e8f5a6586ac3df62fe4e0ad7cdce35a83956bb74bd05a527c404d3b021b744ce57edbdc674ac17912b03a5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Remcos Professional Cracked By Alcatraz3222.exe

Filesize
17.4MB

MD5
c3c21fa4c2186deb641455482ab0d3aa

SHA1
2f4b49e8383e073ccb965943ce970de403412567

SHA256
4ea203509d0fdff3e31f976413c546ca3d36133bc708e9a1301860961cc3a8d9

SHA512
31db2963f1bd49f7b4a6ee38e54940d20120d6c05ef7bf34ec97eb93051bee6d5428e9e1271e4ae8f5544b824188ac7278315e2e2c27be302a312eebbf8c3fb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\taskhost.exe

Filesize
256KB

MD5
d10a3cfcc08aae3a7234498f213cf89e

SHA1
ccae4469a3a05fcb6e7af33019ca5357e5406dda

SHA256
0da56bd07a486818b7735761001cc1d3ca5af645f369a3c206bcb6719fefff06

SHA512
90a4a68b45113360d732ccac7698c74aa550c05d9883d287b808982800fce1a24abf69cf06b0f017babd647cafd3ca10aa894c59e6dab8ba1ff34c639bdf6427

Download Submit
C:\Users\Admin\Downloads\Remcos-Professional-Cracked-By-Alcatraz3222-master.zip.crdownload

Filesize
17.3MB

MD5
94aabe33b1c788d3407703b7be909861

SHA1
59b02e42522f06b3128edebf67e369aca31ee39e

SHA256
a901e9357fd930774796430dbfbf9d77a35584b50ab478f69a482bf212f75792

SHA512
62d3e2d361d0f03885747a83c81ca1e1e73dc03a44f88a8cd7975086a0d3205765b86a743eea844a2f7841f0c49d3fb88be999bf41141ed9a086a087228e1f71

Download Submit
C:\Users\Admin\Downloads\Remcos-Professional-Cracked-By-Alcatraz3222-master.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Remcos-Professional-Cracked-By-Alcatraz3222-master\Remcos-Professional-Cracked-By-Alcatraz3222-master\Remcos Professional Cracked By Alcatraz3222\Remcos Professional Cracked By Alcatraz3222.exe

Filesize
17.7MB

MD5
efc159c7cf75545997f8c6af52d3e802

SHA1
b85bd368c91a13db1c5de2326deb25ad666c24c1

SHA256
898ac001d0f6c52c1001c640d9860287fdf30a648d580e9f5dd15e2ef84ab18e

SHA512
d06a432233dceb731defd53238971699fef201d0f9144ee50e5dd7d6620dfdd6c298d52618bf2c9feb0519574f4565fb0177b00fd8292768fbd8b85dd11e650d

Download Submit
C:\Users\Admin\Downloads\Remcos-Professional-Cracked-By-Alcatraz3222-master\Remcos-Professional-Cracked-By-Alcatraz3222-master\Remcos Professional Cracked By Alcatraz3222\Remcos_Settings.ini

Filesize
881B

MD5
a3468935e33e361cf94f4721ed4cb66d

SHA1
c3b19ca8382534b2179940cabede8c6c952a9c06

SHA256
b374af58c24b6085f64f979dab434643da39d0267a27975f396473327dc98c7d

SHA512
c1caa0b9637a46187d54b2952db204182fad5a5324574949ce4db13bdb17624ccd8b3228eb9b2bcfe5851add2c5d2f586945e7264b1d1cd02d91acf1fd81583a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 695555.crdownload

Filesize
1.6MB

MD5
6c73cc4c494be8f4e680de1a20262c8a

SHA1
28b53835fe92c3fa6e0c422fc3b17c6bc1cb27e0

SHA256
bdd1a33de78618d16ee4ce148b849932c05d0015491c34887846d431d29f308e

SHA512
2e8b746c51132f933cc526db661c2cb8cee889f390e3ce19dabbad1a2e6e13bed7a60f08809282df8d43c1c528a8ce7ce28e9e39fea8c16fd3fcda5604ae0c85

Download Submit
memory/4524-1438-0x0000000005AC0000-0x0000000006066000-memory.dmp

Filesize
5.6MB

Download
memory/4524-1433-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/4524-1439-0x0000000005690000-0x0000000005722000-memory.dmp

Filesize
584KB

Download
memory/4524-1440-0x0000000005650000-0x000000000565A000-memory.dmp

Filesize
40KB

Download
memory/4688-1421-0x00000000030E0000-0x00000000030E1000-memory.dmp

Filesize
4KB

Download
memory/4688-1419-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/4688-1420-0x00000000030D0000-0x00000000030D1000-memory.dmp

Filesize
4KB

Download
memory/4688-1418-0x00000000030B0000-0x00000000030B1000-memory.dmp

Filesize
4KB

Download
memory/4688-1422-0x00000000030F0000-0x00000000030F1000-memory.dmp

Filesize
4KB

Download
memory/4688-1423-0x0000000000400000-0x0000000002991000-memory.dmp

Filesize
37.6MB

Download
memory/4688-1417-0x0000000003080000-0x0000000003081000-memory.dmp

Filesize
4KB

Download
memory/4688-1416-0x0000000003070000-0x0000000003071000-memory.dmp

Filesize
4KB

Download
memory/4688-1415-0x0000000002BD0000-0x0000000002BD1000-memory.dmp

Filesize
4KB

Download
memory/6000-1394-0x000000000D580000-0x000000000E702000-memory.dmp

Filesize
17.5MB

Download
memory/6000-1393-0x0000000005E50000-0x0000000005EEC000-memory.dmp

Filesize
624KB

Download
memory/6000-1392-0x00000000002D0000-0x000000000147E000-memory.dmp

Filesize
17.7MB

Download