njrat | d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b

max time kernel
429s
max time network
428s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
02-02-2025 13:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

test.txt
Size

18B
MD5

5b3f97d48c8751bd031b7ea53545bdb6
SHA1

88be3374c62f23406ec83bb11279f8423bd3f88d
SHA256

d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b
SHA512

ed2de1eec50310ced4bde8ef6ae4b7902920b007df7b6aeb200cfe9fcc0d36ef05af7526c4675be2feac52831668798d5fe3523175efad6f6549b30f30a0b5d6

Score

10^/10

njrat hacked defense_evasion discovery persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

dllsys.duckdns.org:3202

Mutex

3b570ffeeb3d34249b9a5ce0ee58a328

Attributes

reg_key
3b570ffeeb3d34249b9a5ce0ee58a328
splitter
svchost

Signatures

Njrat family
njrat
njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Downloads MZ/PE file 1 IoCs

flow	pid	Process
54	1892	chrome.exe

Modifies Windows Firewall 2 TTPs 1 IoCs

defense_evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
4916	netsh.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 9 IoCs

pid	Process
2176	7z2409-x64.exe
4932	7zG.exe
196	Remcos Professional Cracked By Alcatraz3222.exe
4668	taskhost.exe
1208	7zG.exe
3392	7zG.exe
704	Remcos Professional Cracked By Alcatraz3222.exe
2568	Remcos Professional Cracked By Alcatraz3222.exe
1420	taskhost.exe

Loads dropped DLL 3 IoCs

pid	Process
4932	7zG.exe
1208	7zG.exe
3392	7zG.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
38	camo.githubusercontent.com

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
196	Remcos Professional Cracked By Alcatraz3222.exe
2568	Remcos Professional Cracked By Alcatraz3222.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 3844 set thread context of 4668	3844	Remcos Professional Cracked By Alcatraz3222.exe	136
PID 704 set thread context of 1420	704	Remcos Professional Cracked By Alcatraz3222.exe	158

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kab.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	7z2409-x64.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hy.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\va.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	7z2409-x64.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 16 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2409-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Remcos Professional Cracked By Alcatraz3222.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskhost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Remcos Professional Cracked By Alcatraz3222.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Remcos Professional Cracked By Alcatraz3222.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Remcos Professional Cracked By Alcatraz3222.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskhost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
1152	ipconfig.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133829752573187919"	chrome.exe

Modifies registry class 22 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2409-x64.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Remcos-Professional-Cracked-By-Alcatraz3222-master.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\AppData\Local\Temp\Profile Remcos\Update_Lock_Remcos.exe\:Zone.Identifier:$DATA	cmd.exe
File opened for modification	C:\Users\Admin\Downloads\Remcos-Professional-Cracked-By-Alcatraz3222-master (1).zip:Zone.Identifier	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3424	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 50 IoCs

pid	Process
3408	chrome.exe
3408	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
3844	Remcos Professional Cracked By Alcatraz3222.exe
3844	Remcos Professional Cracked By Alcatraz3222.exe
196	Remcos Professional Cracked By Alcatraz3222.exe
196	Remcos Professional Cracked By Alcatraz3222.exe
196	Remcos Professional Cracked By Alcatraz3222.exe
196	Remcos Professional Cracked By Alcatraz3222.exe
3844	Remcos Professional Cracked By Alcatraz3222.exe
3844	Remcos Professional Cracked By Alcatraz3222.exe
3844	Remcos Professional Cracked By Alcatraz3222.exe
704	Remcos Professional Cracked By Alcatraz3222.exe
2568	Remcos Professional Cracked By Alcatraz3222.exe
2568	Remcos Professional Cracked By Alcatraz3222.exe
2568	Remcos Professional Cracked By Alcatraz3222.exe
2568	Remcos Professional Cracked By Alcatraz3222.exe
704	Remcos Professional Cracked By Alcatraz3222.exe
704	Remcos Professional Cracked By Alcatraz3222.exe
704	Remcos Professional Cracked By Alcatraz3222.exe
4668	taskhost.exe
4668	taskhost.exe
4668	taskhost.exe
4668	taskhost.exe
4668	taskhost.exe
4668	taskhost.exe
4668	taskhost.exe
4668	taskhost.exe
4668	taskhost.exe
4668	taskhost.exe
4668	taskhost.exe
4668	taskhost.exe
4668	taskhost.exe
4668	taskhost.exe
4668	taskhost.exe
4668	taskhost.exe
4668	taskhost.exe
4668	taskhost.exe
4668	taskhost.exe
4668	taskhost.exe
4668	taskhost.exe
4668	taskhost.exe
4668	taskhost.exe
4668	taskhost.exe
4668	taskhost.exe
4668	taskhost.exe
4668	taskhost.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4668	taskhost.exe
2568	Remcos Professional Cracked By Alcatraz3222.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe

Suspicious use of SendNotifyMessage 22 IoCs

pid	Process
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
196	Remcos Professional Cracked By Alcatraz3222.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
2568	Remcos Professional Cracked By Alcatraz3222.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2176	7z2409-x64.exe
196	Remcos Professional Cracked By Alcatraz3222.exe
2568	Remcos Professional Cracked By Alcatraz3222.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4296 wrote to memory of 3424	4296	cmd.exe	79
PID 4296 wrote to memory of 3424	4296	cmd.exe	79
PID 3408 wrote to memory of 5048	3408	chrome.exe	89
PID 3408 wrote to memory of 5048	3408	chrome.exe	89
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 2536	3408	chrome.exe	90
PID 3408 wrote to memory of 1892	3408	chrome.exe	91
PID 3408 wrote to memory of 1892	3408	chrome.exe	91
PID 3408 wrote to memory of 3212	3408	chrome.exe	92
PID 3408 wrote to memory of 3212	3408	chrome.exe	92
PID 3408 wrote to memory of 3212	3408	chrome.exe	92
PID 3408 wrote to memory of 3212	3408	chrome.exe	92
PID 3408 wrote to memory of 3212	3408	chrome.exe	92
PID 3408 wrote to memory of 3212	3408	chrome.exe	92
PID 3408 wrote to memory of 3212	3408	chrome.exe	92
PID 3408 wrote to memory of 3212	3408	chrome.exe	92
PID 3408 wrote to memory of 3212	3408	chrome.exe	92
PID 3408 wrote to memory of 3212	3408	chrome.exe	92
PID 3408 wrote to memory of 3212	3408	chrome.exe	92
PID 3408 wrote to memory of 3212	3408	chrome.exe	92
PID 3408 wrote to memory of 3212	3408	chrome.exe	92
PID 3408 wrote to memory of 3212	3408	chrome.exe	92
PID 3408 wrote to memory of 3212	3408	chrome.exe	92
PID 3408 wrote to memory of 3212	3408	chrome.exe	92
PID 3408 wrote to memory of 3212	3408	chrome.exe	92
PID 3408 wrote to memory of 3212	3408	chrome.exe	92
PID 3408 wrote to memory of 3212	3408	chrome.exe	92
PID 3408 wrote to memory of 3212	3408	chrome.exe	92
PID 3408 wrote to memory of 3212	3408	chrome.exe	92
PID 3408 wrote to memory of 3212	3408	chrome.exe	92
PID 3408 wrote to memory of 3212	3408	chrome.exe	92
PID 3408 wrote to memory of 3212	3408	chrome.exe	92
PID 3408 wrote to memory of 3212	3408	chrome.exe	92
PID 3408 wrote to memory of 3212	3408	chrome.exe	92
PID 3408 wrote to memory of 3212	3408	chrome.exe	92
PID 3408 wrote to memory of 3212	3408	chrome.exe	92

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\test.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4296
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\test.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:3424

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2616

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:4880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9f68cc40,0x7ffd9f68cc4c,0x7ffd9f68cc58
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1980,i,15584292454773044114,256509249555897219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1772,i,15584292454773044114,256509249555897219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2032 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,15584292454773044114,256509249555897219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2220 /prefetch:8
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,15584292454773044114,256509249555897219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3216,i,15584292454773044114,256509249555897219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3092,i,15584292454773044114,256509249555897219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4616,i,15584292454773044114,256509249555897219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4864,i,15584292454773044114,256509249555897219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:1544
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff67e4e4698,0x7ff67e4e46a4,0x7ff67e4e46b0
    3⤵
    - Drops file in Windows directory
    PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4764,i,15584292454773044114,256509249555897219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4276 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5048,i,15584292454773044114,256509249555897219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4908,i,15584292454773044114,256509249555897219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=212 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4368,i,15584292454773044114,256509249555897219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5244,i,15584292454773044114,256509249555897219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5220,i,15584292454773044114,256509249555897219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4820,i,15584292454773044114,256509249555897219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3080 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5044,i,15584292454773044114,256509249555897219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3288 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3312,i,15584292454773044114,256509249555897219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4728
- C:\Users\Admin\Downloads\7z2409-x64.exe
  "C:\Users\Admin\Downloads\7z2409-x64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1172,i,15584292454773044114,256509249555897219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4404,i,15584292454773044114,256509249555897219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5372,i,15584292454773044114,256509249555897219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3504,i,15584292454773044114,256509249555897219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5848,i,15584292454773044114,256509249555897219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6032,i,15584292454773044114,256509249555897219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6176,i,15584292454773044114,256509249555897219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6232 /prefetch:8
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=4272,i,15584292454773044114,256509249555897219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5936,i,15584292454773044114,256509249555897219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5812,i,15584292454773044114,256509249555897219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6196 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1124

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1256

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4724

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2112

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap6951:162:7zEvent9022
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4932

C:\Users\Admin\Documents\Remcos Professional Cracked By Alcatraz3222\Remcos Professional Cracked By Alcatraz3222\Remcos Professional Cracked By Alcatraz3222.exe
"C:\Users\Admin\Documents\Remcos Professional Cracked By Alcatraz3222\Remcos Professional Cracked By Alcatraz3222\Remcos Professional Cracked By Alcatraz3222.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:3844
- C:\Users\Admin\AppData\Local\Temp\Remcos Professional Cracked By Alcatraz3222.exe
  "C:\Users\Admin\AppData\Local\Temp\Remcos Professional Cracked By Alcatraz3222.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:196
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c copy "C:/Users/Admin/Documents/Remcos Professional Cracked By Alcatraz3222/Remcos Professional Cracked By Alcatraz3222/Remcos Professional Cracked By Alcatraz3222.exe" "%temp%\Profile Remcos\Update_Lock_Remcos.exe" /Y
  2⤵
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  PID:4496
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c reg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /t REG_SZ /d "%temp%\Profile Remcos\Update_Lock_Remcos.exe.lnk" /f
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3232
- - C:\Windows\SysWOW64\reg.exe
    reg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Profile Remcos\Update_Lock_Remcos.exe.lnk" /f
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1208
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c echo [zoneTransfer]ZoneID = 2 > %temp%\Profile Remcos\Update_Lock_Remcos.exe:Zone.Identifier
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3936
- C:\Users\Admin\AppData\Local\Temp\taskhost.exe
  "C:\Users\Admin\AppData\Local\Temp\taskhost.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  PID:4668
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\taskhost.exe" "taskhost.exe" ENABLE
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    - System Location Discovery: System Language Discovery
    PID:4916

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap19645:166:7zEvent10409
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1208

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Remcos-Professional-Cracked-By-Alcatraz3222-master\" -an -ai#7zMap6348:246:7zEvent28991
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3392

C:\Users\Admin\Desktop\Remcos Professional Cracked By Alcatraz3222\Remcos Professional Cracked By Alcatraz3222.exe
"C:\Users\Admin\Desktop\Remcos Professional Cracked By Alcatraz3222\Remcos Professional Cracked By Alcatraz3222.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:704
- C:\Users\Admin\AppData\Local\Temp\Remcos Professional Cracked By Alcatraz3222.exe
  "C:\Users\Admin\AppData\Local\Temp\Remcos Professional Cracked By Alcatraz3222.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2568
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c copy "C:/Users/Admin/Desktop/Remcos Professional Cracked By Alcatraz3222/Remcos Professional Cracked By Alcatraz3222.exe" "%temp%\Profile Remcos\Update_Lock_Remcos.exe" /Y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3688
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c reg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /t REG_SZ /d "%temp%\Profile Remcos\Update_Lock_Remcos.exe.lnk" /f
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1428
- - C:\Windows\SysWOW64\reg.exe
    reg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Profile Remcos\Update_Lock_Remcos.exe.lnk" /f
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2592
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c echo [zoneTransfer]ZoneID = 2 > %temp%\Profile Remcos\Update_Lock_Remcos.exe:Zone.Identifier
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3512
- C:\Users\Admin\AppData\Local\Temp\taskhost.exe
  "C:\Users\Admin\AppData\Local\Temp\taskhost.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1420

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
PID:4724
- C:\Windows\system32\ipconfig.exe
  ipconfig
  2⤵
  - Gathers network information
  PID:1152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Netsh Helper DLL

T1546.007

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.dll

Filesize
1.8MB

MD5
c4aabd70dc28c9516809b775a30fdd3f

SHA1
43804fa264bf00ece1ee23468c309bc1be7c66de

SHA256
882063948d675ee41b5ae68db3e84879350ec81cf88d15b9babf2fa08e332863

SHA512
5a88ec6714c4f78b061aed2f2f9c23e7b69596c1185fcb4b21b4c20c84b262667225cc3f380d6e31a47f54a16dc06e4d6ad82cfca7f499450287164c187cec51

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
696KB

MD5
d882650163a8f79c52e48aa9035bacbb

SHA1
9518c39c71af3cc77d7bbb1381160497778c3429

SHA256
07a6236cd92901b459cd015b05f1eeaf9d36e7b11482fcfd2e81cd9ba4767bff

SHA512
8f4604d086bf79dc8f4ad26db2a3af6f724cc683fae2210b1e9e2adf074aad5b11f583af3c30088e5c186e8890f8ddcf32477130d1435c6837457cf6ddaa7ca1

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a4c12dfb3bc8520ec751cd48049ae9d5

SHA1
7120238b8f42c947f94bd6cab66f20ae095b6124

SHA256
2dc5babaf8e20b960944aaaed59acc3e31487838ad120b4e3daff0639fdf8564

SHA512
47d3e00c01f420f0f19b4541d6fe00cb8d3eea1f5c288589fec96bb0e874c1b6968ad0a39948b3a6d71453f6ad2a67576d1d6111170bd355f94fcf1328e66b5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
214KB

MD5
ba958dfa97ba4abe328dce19c50cd19c

SHA1
122405a9536dd824adcc446c3f0f3a971c94f1b1

SHA256
3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

SHA512
aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e4663f1d669dbf4455626cf230f966d7

SHA1
8f466bf6106227e55277dce6ea9502d17299b28a

SHA256
81958661e3772f5b6cb985b603f717a27528a3d3a21babcc9c1d30ebc3664524

SHA512
cb8b9a914cd0b941496a7eaff4f8d8bbe0b7c8dfdd68ba5c1c333e9fb0f968ffd615f965ab9309256bdc49e5c9ba6b2b27f36615f94cef25452c6f8e7db4278f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
54c997e13a2e809c10a7cd2240e9eec7

SHA1
9dd2c23ac665db02810eb5567a5f37557bf95fd5

SHA256
39e39dfb6c47ffad332eec3fb4d85698d4d656a725418701e922e0be76413f99

SHA512
26dacfeef422c8be8b8c204d33191f5a4b047cfe887466853ed599da1217496c7f8ef4cf70856e6f7c53fb8f0a1b43e02a0f4f896d5440dd8a8ef249017f6e3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
17687a95046056f162c9b23d3fc052b9

SHA1
87b9f2aef7750e6c998f8f0fda974da14e106078

SHA256
fc36d5d85925b861e3074f15214671145d6d437b4f3626b4fa616e4c4e6a1bfd

SHA512
1ac5d96af7d081a455a3642077a02c0d5ea4fa23ea5d01d5c46aacb92ec98917325a89b6ac6b22c3ba1ad8c1c9d2e77254dc409ef638093bfb49bf27ee42b28f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
2155f2e3715f20bbe2c4b2ef9593400e

SHA1
b73d612406233396b9dcb3cb8e0c380831b356b5

SHA256
e1e14999fec1efabf1ac1e5a1b20b1ed70d713cd32f148fc4509b82e8bd429a6

SHA512
1552ddaf18da4184eff157e57608133ad9b2c2ed52aedf8b6d8390a535f2cbbfa00fc3a21a46ee4a5c99f6ce5c3eb83456a984fcb1c8271268c86a70cb291aa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
8ccbd0a5d33f4562da6afee452b85866

SHA1
a99d7b7c5e0957b0d86ae1ac9cbdbb169e03cd3d

SHA256
b8f6b587b9601ecbce4a01fba351e5adc0faf614e9af4869d77ab73c915257b4

SHA512
8b9a3420897a3d5827d0f38c42718a0c95d41eb159bd13d2adba52b880bbf56ba2df1d40043d11fff3a6ea1e71edf4cb812162cdbcace0062f96527cf9bca5f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f75a0567d3ef4a023b7a24fc6cfe5e4a

SHA1
a893a09871e39712cac00811fe264b2003913d41

SHA256
e6eeadfed44c709f50a9fa7a69eedd1b8ba2a62220a4add104e130b30f8fac84

SHA512
a9debbb8678f2c9dad91545da8ed7dd22aba689b817447150957eb189ef67a2185ee45833a2ad07b36f7f72f328c328dd423b50ac26242be65524fa11af1ebeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
36327626e64631926aad88d50122972c

SHA1
cda9e9b361591d39e246eeca9651d308a3e6b068

SHA256
31335f76af7e068c26ae3c8ed59cf42bfafc52839e7b35ed2df028b304fab8e1

SHA512
93a1b7823cf51840812c6c8fba96fcd6776f698a2fc08b4899a3c029dc9ce17c6142a90ce5210e82bc3946d157499402da3b8cd0d7cfcf14cdbd761f478c3b62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
fcbff71e80f01f65aa197f3d843bb75d

SHA1
7fd6e182e8854e47b53adb8944373162761e20db

SHA256
7b1026d5548bee698eaf6d919f72a4a3f61e8d2397b85e4640d5d4833f581c7f

SHA512
4167f69b9a35bb229957e9f9fe2adcef2aae4612e1ec58e98f43e0e65a128c00144cee0e33f01656f4340f9c972ac86a96c1289f83cd1607dcccbc8bb0fd6138

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bc0f10a565374e7d36d8f7b9258f5ba0

SHA1
a670839f995e1c80f302559f5382521b298621cd

SHA256
123ed8591681b8547d964b3ed6f9cacc0c016c360700bcc412aa83e9b8d3a050

SHA512
0ba0929e355d05242e84dc1c389edb4e953c7ed275c41f2c83cefc33f01f956f2ea0b6bdb00649a90f68d32ccf06079a8c5b01a32ba08a88a4fe591b19b43b77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
906c511c7d779584bb8a0f46c1b93775

SHA1
792165cff9b756c34bb25a920be6fc1d172a00ff

SHA256
00d00bddcaad8add7ae9b4ae7d9097214079129ba51006f7bd41e12c5eda4c9c

SHA512
653e90b7cfe17f8bb0a0322006b9cec6a83be8de1fd2693646a3ff88c557e4f53702e6a85350262a6b6fa45be14e3d8fe74e14fa88d0095f95b7ad92db9c3568

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
453270267340dbb6740b8a3c0107257c

SHA1
4ae58a1596199ec813d7e64cd27b993e6bf8c4b8

SHA256
509765a72460606654658760bcb848b6167bf5c10b3636af9d5e873eb3452ba0

SHA512
5ca60b80720c5d7b1771b8cc261de6cdce8a873fa7303d3966376c3ccdac027e163ee64c9d3616733000c637e163beba947ab6f9b81b0a660cae916834f65868

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e9249d2f75f46b4d6973c1b05e664c79

SHA1
a7944f609f0acffaf4d417bf47b3bbeabab2e68c

SHA256
279b59bbf5572bb31f3e018a2ba2ee135ccb4775e827b517811c2d91b0f6a830

SHA512
2ef3c643862d69f561d6cc7d44b8eecdaa173443173d07cf1cf101472b73648cdc0870a50242c3b1aa5f2823e9a8546154ddf746ac3b057f637f8506e21f9292

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ba64920b33a068fbdf956ab07316ed9c

SHA1
e378ce1f989aebe8817bea3bdd883a261dc5cfed

SHA256
0d359f91ffbbe3dc02ddccc36eff22f81c127b1ea05b60a4074c4209386c79c7

SHA512
9d0c326cea4530ac0953a700c1c7b6d0d0205ff1d80d925307305c21d79b09109b6e171817293b6631bcc7b2c59b68b5979960a1a56687026ebdc301e7caa2a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
233d5d2ef1c58298af275868141bb333

SHA1
13b78a021af091fe14aee93cb3a448f6e70c96f8

SHA256
977b3f86bf889bae51f67fd9276126090f14b47c8a370fddea26cdcc7fc02e0f

SHA512
074276faabc1ee26c60055da67f444d32da125190d4b2336a86083c54208cfbf0db36307b0483c3ea57183e9117e842ef4a3e69b1af061976801abadd6f5b856

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eb97ea59a9f2be467fa57fe40d9fa49d

SHA1
1e51d4f96a98325272bdf59210c21b0255b44f6d

SHA256
d8feaeca9f30ea4f5cb95f060dfd99f6c176a87b2e01098df5fe333f656debb2

SHA512
341383874c99fac9de0506921424cac0ea2b5f2d7552951553c2fdeda9e0fbc9e1d2f62984c4dfc0abd0cd1fd15fdef39b0480ed64e7093d553063d32ea4427b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0d19b5d47b774de07a7915b8cfb48efa

SHA1
3ac01ac98dd07c27b57a091dfa04824c2e3de8f2

SHA256
fcfdf85211c6c0b6d2217a44026216f1576346b88da9f07e9f49f53accdd2a5a

SHA512
10c0203d35343075ab15c19092a5e5bb84fdcd9776eb9ea6db89946e2f8c2be68d16c48089f5977bd18a6eafc7f3f5214d49fbf59530b09ea4416b51aad1731e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d894958b5a9797ab9455f70d424d8ec4

SHA1
6b3b8454837c02523d44aa01a31b0082d5339c95

SHA256
e924edd3349565a979deb28982add67c0e2144791ea15f24d559f7794ee834c6

SHA512
a9f9e57f017088b288fe7101f7232ec6c124851a7bd9f6c96b364a9d31802a03fc9b2790a1685f9449757583ae79ab3330b8549953e2454c75e9a2ac09591e69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
15a3029283fdc83e512c729bca9b2958

SHA1
50ec2832e8d8bebcddc5af5205f1564d74dde186

SHA256
0d90756b23d4e004aaa4f85d2d251af8b3075ce240d78b11ad96aaa108583591

SHA512
346b8d933acec9b997317e0ca5f3874f198afe10f3b67b24b4b7b2d72da83fd9c43a3228b83507bd59a95ef5cfaa9563b29d572711a7b55e888a0d3f2a7997eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c2e9f9ae232acaf588d7e50b555cb05b

SHA1
a8d3131ada393df13ad5597bfab9d29c45b0102d

SHA256
731939e8be075b3083ca5ebea889c5bca37e3d3f2884af79151147bbb204c398

SHA512
6b66c17a2ce236cc288582d35be3c08a180d7bf85b35449f79d76c552914d6a1949c51e2ebc5fa84ed9b2c8096ca6ca4d46cb4d8a375e5ff1f04d2fec35edd66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9384893b6a723395a2397e0820bf3f65

SHA1
076fa6d3cfb7e85682d804a9aaaccb57ecd1de10

SHA256
3d00fb849018dafe574818c18bddd1d53ad35a45e304899542ce569bf26fb606

SHA512
70c9fad95208bf31879abb6143751f2777838e1c9a1cb96f4f08798636678307ad9f64f014260e338eab5aa0563fea6ecb919720877c5973807aa31f865fffa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0ea30fdcbeefa0a150b8e48fbb3b1ca5

SHA1
5ca9b6163cd0a8e401a0d703569ee31a028ee3d7

SHA256
f1ce37080cfcad9f41fa1eb976e79ca37726da4d9d072b40144c708db0b90904

SHA512
53c906a60b18fea65e9b4a8634ba4f2ddd5b7aefd177cdc8006ac7ee2ee94c8e17a65ce3b4107cee28a2d9d876c77eb29e4bf37754992497080a223ee1c98bfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
5d3544f2a0f6ef713c2fd43e65e01979

SHA1
5901bb3a687cfd33d27ff194e7ae2cd65f57d64d

SHA256
7df986ecbf5872e0a93adf8a226dad4d15785a339dc02126db4251c1f25bd1d4

SHA512
9e5ea48330fd73e417412da4457927e259fc06abd434cf3cf667f71c21f8882b25392eacd93d3fc022088024bcee38f822473938ffa0a92ff788b8b74e030315

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a0372ec3cad746f1976cede1f79f3306

SHA1
32d02c3986b6d1aa4aa1555a18af862d2225a633

SHA256
1b8292501345b37e4c7a8b297c1a94e1e7bb8a4e7e0ac392e735671131b76b95

SHA512
0d8aabffae91f21277deb1f785537d8eb1907c618c823ad9a35364ff69b70c22a332703f930a1b14fecd547d37cf0656cb386c9af3619d3b89ceabdbe72d2452

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3847f3e57bb8d8ae08a22eab34a8c751

SHA1
16b5ae9ac921b22589673d894fba241497d463f5

SHA256
df10ea33630fdded58d67e272bf9ee2264cfa8eccb435f65d0e46673bdce60e3

SHA512
91329af6d632d5676a100e13a93b323e5d1c18c9602128d036cdc7ca8b611659e4fb42a54a967d5cadfedc54197cd3ce6d4dd0a2a5d124a213cbbb9cca73db4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7f529738e09397648e67c7a2f5814215

SHA1
22fc087d5e7912bc855b0f1cafe67b04bff74bc9

SHA256
395c58954167d7da2b749637242312d221d509fec03ba728aa6521270b1652a0

SHA512
7ef38f77048e7b84432521a2fed84ac1e383d038364efb176c1e85510370fe4d6a75561dceab9d6cf72a21e71ffc1e5a94fd33f6ef8acda050fe1845d1250caf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3d25e537216ce7ac71f00a5752c5582d

SHA1
1cf0cbfcd199e63c8dc4aae76e459b4dd2bbc0d4

SHA256
70f9db927cfb76d98476de486a839168742698357c5b60db6828a39291f0a29f

SHA512
d97ba8ce4f3ecddd2beee63f23bc5ad6b855346372e6b823b28af7aa779f2629ae12cc9d704345ffcc8d3117385baac59b8970f41c5261557a9df80092ff3441

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9e7942d2bf0cc55181c0e4796d9a13b3

SHA1
71d85bd709a9b735bd320a76fb192464d2914e0d

SHA256
1570cff4f599a66740a20118c7d2d8aec70627bb7ecfec8959da4e862e787f6f

SHA512
3c513318128b0bb687afbee7f7080d23ceaca87a52861d9726188f3a1e139bc6f92cdedeadc24d8d6181b9e69b5408ce8f36f06271c08c480527d3247ceb38b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
253bbd7f8660701a2e503edd9cfbd6bc

SHA1
fa96290e79d75066c2071346e2f23588e44d8087

SHA256
cfd3b734737cf9fe3d5e2b69c037e2b568c3ed05f26517a0f7ba1ead6a7794db

SHA512
4ebf3c3ff21b0fdbcd62bc47c07b1bd5bfe9ccef77b5b143eaca5bcdfa132d095b30a808469e983ab56ffb6f37210caeabc85004a71588f9b007884646bc3f82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
25460eb303cb4d6e58a9ad1c1581f81d

SHA1
e707b7193694b9c1140be887c80c9d9512be46d4

SHA256
029ed59c65d07eb7cb16f9ec4aa2860b369d542c40b5ced030f6907b42acab5f

SHA512
f0ff6d760c22b9ef5bd7d8b0afff263ab66636228c01013cd86e7d2f04314c5febeae4ab87c3abb84d3cd7d3c1354296b39403012a336f5c94de2b4b978d0e53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ba832701d1672925aff8e8f005882220

SHA1
7c56931e2b1bd1c77c32bcdad0686d398e03351b

SHA256
a88653bfc2ca8005cb747507b775cc730735f76738c822072c61c235b7b153f5

SHA512
cd5296755431f461f60ec0e4557f15569e24162e1bb89ccaaa2f062f36d231c1fba85fe28181f6f287d922d1cbfe877febad2be583b80a56cac4120d8a845d1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ab1574b99f00cdf1db1f846bf10fa24f

SHA1
84b01c0bc1767cc2c14cad45ca33ee1616f7ba17

SHA256
2ea0fc7df334380e30fcae81e11a6dddbd04528edb8596e54be7cd34acf3e399

SHA512
578280e957134cd8f9afc9ac8ce23623eac0523f50f308fffd0fdfe77baa38e7f0df137d955a1609dddc384e642662908228ecd4ea7f03626b9c59ef0b281157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
dad299dd2fc0c365bc7cf6f071e4daff

SHA1
ae77a9a514e96a97890d7cc0733458105dfdba64

SHA256
c0bb6da0092e76fed4eed0c375fa5e477035edcc9a2259ca859826cd8da4aeb6

SHA512
ccd367c56e9d1141dc8534770e754e66b99ab1694d2719a1a377ce11768093750e235a1623f44945887923bdc7db1f261e05daf7bb15a1c02e55bb4f63e2c1e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b86bff7a869170124f286cf5c49af05b

SHA1
aeccb09b4ac5cda2bf4418f7e0318792db20833b

SHA256
904e6f4bd5f7453ae9049efcd765c3adb5f3a2786d16d10e81a2183ec054cdb1

SHA512
edeb162b616b62bb653c080e8e4e003220ce16805e2599f8c27d3867cf380cb92871e214b419700ef1670bf899e4fc2a807f99cf2bfe4e1f3d8efb6b15cddee9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1a99bf919d2b51a23489db8c6250e4c5

SHA1
d0f885bc17749e9121756748c861c94fd04f01b0

SHA256
f1f6e5429cd9ba340558e5c4f318087a49d045247b4c98067fd059d77d27832e

SHA512
d1cc097eb618afe6e4c61deef50592d8195c6f4e04f8659507d1e31a65ed533385d787f8457151562d4cd7c0ac4311590700499d95369c2d6e0c133e753e67ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8726115de8f36f97faa0bf63269b113f

SHA1
bb62cb2d3e39bc45e975614d2a1b7277d8de4abf

SHA256
ba11a5e7349adfe4df5482ff8ab1423460a089c4ac2991bb57b3e449e7596113

SHA512
1acdeeafc4a56908085acf2e51194e67f0bfc87809f110b6a2f377599a55bfc1cc75bce67f2b67bcf544398e425bf0dd7262bab2b390c1210e12e1035f52011e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ba349091a87dca0b6c281207595469b3

SHA1
81ea6ff2025ed665d1691a680de549e57990179f

SHA256
88e2ed590e0f626fe10a265004553a8847a84e399fce851d1b5e9e900f3827f3

SHA512
11899252522f95364e15ffbc6a3855abefb5f16c056777439abdbe9175112254a2a2d74550f4deda35e43c26c02316fdcb64c97e7e970476d0509655c6af9ab6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
345750500f30087bd677cda462cdc033

SHA1
806ff7a5da8089082369ad05098640bf59ee9ce6

SHA256
7f55dc0d38f158176a8521bf70a3d611bae2fe21b1644381ce06a73971a22a46

SHA512
25e5fe4d714199d4ec08ac1c00f7c5a1f7e19edf129ea11fd9b5d70713e5b6bb4202dd9336e100a52b7bad4925fd1a28e04c31f801faad30a35c2e1e286d5dcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9151da65dd7744b0a28c82c6f514cc81

SHA1
a49eaa88aedf5e32d8e6e407cbef596a518c93ae

SHA256
9c6cd44fea1c939c32d4401f5de650a7cef24f777b8bac602f08d0ddb4cab37a

SHA512
a699cc7829814338fbd368eb7d51d913cac7eb4368025c9b2d0a762f24230a990fabace34076835a5b98f1d70846833a71f57d361e28cf7ce0731efd5d42e9af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
4d7c35c2501e13d1cbb0f38ca3bc5ee7

SHA1
44bba59fc4a5d17325748797d27f63b8ce1fd077

SHA256
e182fd30efc4d3d5b5365b56535f63f6c7b2cbe2e94fad712dbbf9f841487b8c

SHA512
6546be2cacbb38d046381860d0e8adfaf2034ab746a17bd45a2c51c5b86a6bc7025f517eab2c1fc86266c2e41088f67ad9ba0c457a827d50d4a094bf7a5a6b25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
917cf721e009342bfa12d55b6145ab06

SHA1
f149aad71fb716e9de5cc7f22e7ccc2f382f17e4

SHA256
c2c5fe5ede62ade056f79a92cd9a386387399d11c00c0b067f309c1ab208ae8f

SHA512
dde62877de2fa02a0661dd18aae9f36b50195124dbb8f76039437c93b41bbe1d89fb8d905d90df5b2b327dca8131d794bfd9a5f2fc2a031de6fe84e66d54c33a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
f7c402563e878a872eba7c4d6c10f032

SHA1
4f4d1252315ae2556dbb6161344364e665c161a1

SHA256
802f03455be1787c60ad247d0be0e2cda7d915f84a137d5be8357917937a0c28

SHA512
b5465650ad89b00b5c1f295ac0080203def63d4e5333d417e6897c1174fc340dbc4e45559b395c8fade66210dcac4a751f95d4e04bd726009293e3a37bbb4d30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
3f05a6ee09e10d92b67cc1106d241721

SHA1
58c58183eb3d86d5968d804d32a7825dda9fc923

SHA256
092afbf26f149294162bc96fd58a00fecde5a4616c60e458e522e7ec1156b9e3

SHA512
a80387169b0bd4a8241dea1698804168de0c534cf8488a411395dffef436a720c5251151aab3a006f1c25f8abec5c36e433e428411cbd201f8c6458acac04e78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
422fcc16b8ee883dc03d9a763f274393

SHA1
a98f0d7c0e409d4f9c4907550afa0c5d34da36dd

SHA256
1d06fea866a4902870ce8c5acfbb6998ad8efc7189ad2c6f342503ba9fd8dfe3

SHA512
61e3ebb4387628fdbb20aa5cf5708f03c462cbc2d2bf2c4ea23f2ce366beb37793b3d36c5acc4e5d4b1690ee1f4a8c1bd614cde4893b16127ae40c51507f06ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
9d070c0c65faeabf02ccd8af9e27954b

SHA1
6aea08eb22462aedea805cc2d26be3d3f64280c0

SHA256
ce3553f43b5ca723fa71f1a590c8c6eb0bb0b33cee7ef7269f5df7067a2cd96e

SHA512
43457b663ee7741b96d7b14007301c5d96b59743cff7fb137beff7d5461ddbe6b9e90ef8d2810f30d6e5d31ce757040fdb9a4752931c961904369e2cdd7112f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
da991d5b3924248a777af93aa2a09ec1

SHA1
4c04acf0c15bee48c682ee3a30bc9ce6c2421f41

SHA256
0fb6f792e42d1ba350a1fda3444b9bff95799027a912c6dfc007fbe41882e219

SHA512
6b25b0832f32b705d17bff38737092fe73fb6b4b4d5f3e6e99820ae42b7fe8859bb91d86b220326625cb8b7bdd18bb9cb93f90d35b33f816c2772828dc6cfd42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Remcos Professional Cracked By Alcatraz3222.exe.log

Filesize
522B

MD5
04e57f032fed9fe38ead2610e0bbdee5

SHA1
cda5084ea7200cab586876fe32b5ee8f97f79c54

SHA256
350261a6a7833f6458afb68e269a81535688c206effdd060a7c5faf4722f92f2

SHA512
337086831d262add581747af302f9e5b4976ffb38115163285413d19c13e7fc87c813ddfc752f864218cbed0756f61805d3c1666e78da13b20541e1494692884

Download Submit
C:\Users\Admin\AppData\Local\Temp\Profile

Filesize
73B

MD5
1a32b94bd8d51df35d766b6affdfacfc

SHA1
b35ba7f44b350dd9e86c74acfc722ee7373b77ee

SHA256
3d464700f406245d63409c36aae1504dd9fb63c784cbf7ae8957052068213937

SHA512
9f31cb9b0972efab2ba566acd10e0355acb316b49a8cdb5c3b0787cba9f97670ea592e385182fe143f54a2effb565c1f78083223bc4600cd961bbffc8f01d3bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Profile Remcos\Update_Lock_Remcos.exe

Filesize
17.7MB

MD5
efc159c7cf75545997f8c6af52d3e802

SHA1
b85bd368c91a13db1c5de2326deb25ad666c24c1

SHA256
898ac001d0f6c52c1001c640d9860287fdf30a648d580e9f5dd15e2ef84ab18e

SHA512
d06a432233dceb731defd53238971699fef201d0f9144ee50e5dd7d6620dfdd6c298d52618bf2c9feb0519574f4565fb0177b00fd8292768fbd8b85dd11e650d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Profile Remcos\Update_Lock_Remcos.exe.bat

Filesize
229B

MD5
c705d9d9732e434b429505ac8405154a

SHA1
9d7e3903a2c2ed2ae118982c2ef2bdc9a2c7f85c

SHA256
461ca01730541f5405a76bce0a9d7b2314f8104eb0402104f1e80439c3ab4091

SHA512
d511a1d264f75e7f9ce0efc7e6fd4ebeefd2e90858b4dbba80b25831f8ef51af95b4b1434fc5a558e8564d6aacd89a7f961eae05572e81feacee8898a4dc5416

Download Submit
C:\Users\Admin\AppData\Local\Temp\Profile Remcos\Update_Lock_Remcos.exe.lnk

Filesize
1KB

MD5
d9c72f8c6dbf63094f22203fb22b6595

SHA1
c839a36f2bcf71f2fbb36a7cb20223615f8e026a

SHA256
08cf644c62317700f765cf140d84e8883124fb632d7369f572f96225c07d4d6d

SHA512
a38bde6550ce0eae61907f997b3433d3603e9ff25695b755b12fc48bac2eec9c8d83e7eb6db01d6e745cb480a1d7d04c2d976868ecbd2905b2001a3aeb1da2fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Remcos Professional Cracked By Alcatraz3222.exe

Filesize
17.4MB

MD5
c3c21fa4c2186deb641455482ab0d3aa

SHA1
2f4b49e8383e073ccb965943ce970de403412567

SHA256
4ea203509d0fdff3e31f976413c546ca3d36133bc708e9a1301860961cc3a8d9

SHA512
31db2963f1bd49f7b4a6ee38e54940d20120d6c05ef7bf34ec97eb93051bee6d5428e9e1271e4ae8f5544b824188ac7278315e2e2c27be302a312eebbf8c3fb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\taskhost.exe

Filesize
256KB

MD5
d10a3cfcc08aae3a7234498f213cf89e

SHA1
ccae4469a3a05fcb6e7af33019ca5357e5406dda

SHA256
0da56bd07a486818b7735761001cc1d3ca5af645f369a3c206bcb6719fefff06

SHA512
90a4a68b45113360d732ccac7698c74aa550c05d9883d287b808982800fce1a24abf69cf06b0f017babd647cafd3ca10aa894c59e6dab8ba1ff34c639bdf6427

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
13KB

MD5
9cca899871c4069806f6dccfcd41f36a

SHA1
3527c4f5392f6599b59b611bcd1ab8d262d3acd1

SHA256
976d6f11fb2f808cd775c6b9a0f96884b8e5d0f872848a10bcdb4e7628360088

SHA512
67282bebb1d4aeba09b3bff78431f598b2c72c48d2400af25b70a1845744204a314538fd77573c8633926f836e158b1a18261a16cff5f8eb1a05587df796d5ea

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
14KB

MD5
d236e81e2335417ed119bcc423ad9624

SHA1
f06a8ab5c84d1a987bb1c48951bdef6cb1632c61

SHA256
2fa576bd0282ad5018d1c9efe20fcaba0771f1444c8689cff754de711f42c58b

SHA512
d60a5133fa577a5760acfcd14e78cf94f1ef6cdd78f53fba450d2f675867a458d7780e6a5740e5a5e319da81a3ba4829458a83c744f85876154ee8b0db49adcd

Download Submit
C:\Users\Admin\Documents\Remcos Professional Cracked By Alcatraz3222\Remcos Professional Cracked By Alcatraz3222\Remcos_Settings.ini

Filesize
881B

MD5
a3468935e33e361cf94f4721ed4cb66d

SHA1
c3b19ca8382534b2179940cabede8c6c952a9c06

SHA256
b374af58c24b6085f64f979dab434643da39d0267a27975f396473327dc98c7d

SHA512
c1caa0b9637a46187d54b2952db204182fad5a5324574949ce4db13bdb17624ccd8b3228eb9b2bcfe5851add2c5d2f586945e7264b1d1cd02d91acf1fd81583a

Download Submit
C:\Users\Admin\Downloads\Remcos-Professional-Cracked-By-Alcatraz3222-master.zip

Filesize
17.3MB

MD5
94aabe33b1c788d3407703b7be909861

SHA1
59b02e42522f06b3128edebf67e369aca31ee39e

SHA256
a901e9357fd930774796430dbfbf9d77a35584b50ab478f69a482bf212f75792

SHA512
62d3e2d361d0f03885747a83c81ca1e1e73dc03a44f88a8cd7975086a0d3205765b86a743eea844a2f7841f0c49d3fb88be999bf41141ed9a086a087228e1f71

Download Submit
C:\Users\Admin\Downloads\Remcos-Professional-Cracked-By-Alcatraz3222-master.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 605527.crdownload

Filesize
1.6MB

MD5
6c73cc4c494be8f4e680de1a20262c8a

SHA1
28b53835fe92c3fa6e0c422fc3b17c6bc1cb27e0

SHA256
bdd1a33de78618d16ee4ce148b849932c05d0015491c34887846d431d29f308e

SHA512
2e8b746c51132f933cc526db661c2cb8cee889f390e3ce19dabbad1a2e6e13bed7a60f08809282df8d43c1c528a8ce7ce28e9e39fea8c16fd3fcda5604ae0c85

Download Submit
memory/196-1118-0x0000000000400000-0x0000000002991000-memory.dmp

Filesize
37.6MB

Download
memory/196-1115-0x00000000031D0000-0x00000000031D1000-memory.dmp

Filesize
4KB

Download
memory/196-1114-0x00000000031C0000-0x00000000031C1000-memory.dmp

Filesize
4KB

Download
memory/196-1116-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/196-1113-0x00000000031B0000-0x00000000031B1000-memory.dmp

Filesize
4KB

Download
memory/196-1112-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/196-1111-0x0000000003170000-0x0000000003171000-memory.dmp

Filesize
4KB

Download
memory/196-1110-0x0000000002CD0000-0x0000000002CD1000-memory.dmp

Filesize
4KB

Download
memory/196-1117-0x00000000049A0000-0x00000000049A1000-memory.dmp

Filesize
4KB

Download
memory/2568-1421-0x0000000002C70000-0x0000000002C71000-memory.dmp

Filesize
4KB

Download
memory/2568-1424-0x0000000002CA0000-0x0000000002CA1000-memory.dmp

Filesize
4KB

Download
memory/2568-1426-0x0000000000400000-0x0000000002991000-memory.dmp

Filesize
37.6MB

Download
memory/2568-1425-0x00000000030B0000-0x00000000030B1000-memory.dmp

Filesize
4KB

Download
memory/2568-1418-0x0000000002C10000-0x0000000002C11000-memory.dmp

Filesize
4KB

Download
memory/2568-1419-0x0000000002C30000-0x0000000002C31000-memory.dmp

Filesize
4KB

Download
memory/2568-1420-0x0000000002C40000-0x0000000002C41000-memory.dmp

Filesize
4KB

Download
memory/2568-1423-0x0000000002C90000-0x0000000002C91000-memory.dmp

Filesize
4KB

Download
memory/2568-1422-0x0000000002C80000-0x0000000002C81000-memory.dmp

Filesize
4KB

Download
memory/3844-1089-0x000000000D8E0000-0x000000000EA62000-memory.dmp

Filesize
17.5MB

Download
memory/3844-1078-0x0000000000680000-0x000000000182E000-memory.dmp

Filesize
17.7MB

Download
memory/3844-1079-0x0000000006140000-0x00000000061DC000-memory.dmp

Filesize
624KB

Download
memory/4668-1194-0x00000000055B0000-0x00000000055BA000-memory.dmp

Filesize
40KB

Download
memory/4668-1193-0x0000000005640000-0x00000000056D2000-memory.dmp

Filesize
584KB

Download
memory/4668-1142-0x0000000005AD0000-0x0000000006076000-memory.dmp

Filesize
5.6MB

Download
memory/4668-1139-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download