d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b

max time kernel
587s
max time network
583s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
02-02-2025 15:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

test.txt
Size

18B
MD5

5b3f97d48c8751bd031b7ea53545bdb6
SHA1

88be3374c62f23406ec83bb11279f8423bd3f88d
SHA256

d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b
SHA512

ed2de1eec50310ced4bde8ef6ae4b7902920b007df7b6aeb200cfe9fcc0d36ef05af7526c4675be2feac52831668798d5fe3523175efad6f6549b30f30a0b5d6

Score

7^/10

discovery execution motw phishing

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
1280	remcos_a.exe
1644	remcos_a.exe
728	dddddd.exe
2020	dddddd.exe

Loads dropped DLL 2 IoCs

pid	Process
5992	Remcos v6.0.0 Light.exe
5992	Remcos v6.0.0 Light.exe

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc	pid	Process
223	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html	2660	chrome.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
5992	Remcos v6.0.0 Light.exe
5992	Remcos v6.0.0 Light.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4640	1280	WerFault.exe	159
4436	1644	WerFault.exe	163

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Remcos v6.0.0 Light.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	remcos_a.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dddddd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dddddd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
3764	ipconfig.exe

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31159780"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "591730074"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133829835300601879"	chrome.exe

Modifies registry class 57 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2	Remcos v6.0.0 Light.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 000000000200000001000000ffffffff	Remcos v6.0.0 Light.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	Remcos v6.0.0 Light.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Remcos v6.0.0 Light.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Remcos v6.0.0 Light.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Remcos v6.0.0 Light.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Remcos v6.0.0 Light.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	Remcos v6.0.0 Light.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Remcos v6.0.0 Light.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Remcos v6.0.0 Light.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	Remcos v6.0.0 Light.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Remcos v6.0.0 Light.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Remcos v6.0.0 Light.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0	Remcos v6.0.0 Light.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	Remcos v6.0.0 Light.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Remcos v6.0.0 Light.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Remcos v6.0.0 Light.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	Remcos v6.0.0 Light.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000000000001000000ffffffff	Remcos v6.0.0 Light.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	Remcos v6.0.0 Light.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	Remcos v6.0.0 Light.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Remcos v6.0.0 Light.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Remcos v6.0.0 Light.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Remcos v6.0.0 Light.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Remcos v6.0.0 Light.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Remcos v6.0.0 Light.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\NodeSlot = "5"	Remcos v6.0.0 Light.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Remcos v6.0.0 Light.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	Remcos v6.0.0 Light.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Remcos v6.0.0 Light.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Remcos v6.0.0 Light.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Remcos v6.0.0 Light.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0 = 7400310000000000425a7b7b100052454d434f537e312e302d4c0000580009000400efbe425a4d7b425a7b7b2e0000004bab020000001900000000000000000000000000000008b8a000520065006d0063006f0073002d00760036002e0030002e0030002d004c00690067006800740000001c000000	Remcos v6.0.0 Light.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings	Remcos v6.0.0 Light.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Remcos v6.0.0 Light.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	Remcos v6.0.0 Light.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Remcos v6.0.0 Light.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Remcos v6.0.0 Light.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Remcos v6.0.0 Light.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Remcos v6.0.0 Light.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	Remcos v6.0.0 Light.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Remcos v6.0.0 Light.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Remcos v6.0.0 Light.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	Remcos v6.0.0 Light.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	Remcos v6.0.0 Light.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Remcos v6.0.0 Light.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Remcos v6.0.0 Light.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Remcos v6.0.0 Light.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	Remcos v6.0.0 Light.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "6"	Remcos v6.0.0 Light.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = 00000000ffffffff	Remcos v6.0.0 Light.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	Remcos v6.0.0 Light.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings	dddddd.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\MRUListEx = ffffffff	Remcos v6.0.0 Light.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Remcos v6.0.0 Light.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Remcos-v6.0.0-Light.zip:Zone.Identifier	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4632	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2392	chrome.exe
2392	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
5992	Remcos v6.0.0 Light.exe
5992	Remcos v6.0.0 Light.exe
5992	Remcos v6.0.0 Light.exe
5992	Remcos v6.0.0 Light.exe
5992	Remcos v6.0.0 Light.exe
5992	Remcos v6.0.0 Light.exe
2020	dddddd.exe
2020	dddddd.exe
2020	dddddd.exe
2020	dddddd.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
5992	Remcos v6.0.0 Light.exe
2020	dddddd.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 62 IoCs

pid	Process
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe

Suspicious use of SendNotifyMessage 33 IoCs

pid	Process
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
5992	Remcos v6.0.0 Light.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
728	dddddd.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2020	dddddd.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
5992	Remcos v6.0.0 Light.exe
5992	Remcos v6.0.0 Light.exe
5992	Remcos v6.0.0 Light.exe
5992	Remcos v6.0.0 Light.exe
5992	Remcos v6.0.0 Light.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4736 wrote to memory of 4632	4736	cmd.exe	78
PID 4736 wrote to memory of 4632	4736	cmd.exe	78
PID 2392 wrote to memory of 2068	2392	chrome.exe	82
PID 2392 wrote to memory of 2068	2392	chrome.exe	82
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 5704	2392	chrome.exe	83
PID 2392 wrote to memory of 2660	2392	chrome.exe	84
PID 2392 wrote to memory of 2660	2392	chrome.exe	84
PID 2392 wrote to memory of 2812	2392	chrome.exe	85
PID 2392 wrote to memory of 2812	2392	chrome.exe	85
PID 2392 wrote to memory of 2812	2392	chrome.exe	85
PID 2392 wrote to memory of 2812	2392	chrome.exe	85
PID 2392 wrote to memory of 2812	2392	chrome.exe	85
PID 2392 wrote to memory of 2812	2392	chrome.exe	85
PID 2392 wrote to memory of 2812	2392	chrome.exe	85
PID 2392 wrote to memory of 2812	2392	chrome.exe	85
PID 2392 wrote to memory of 2812	2392	chrome.exe	85
PID 2392 wrote to memory of 2812	2392	chrome.exe	85
PID 2392 wrote to memory of 2812	2392	chrome.exe	85
PID 2392 wrote to memory of 2812	2392	chrome.exe	85
PID 2392 wrote to memory of 2812	2392	chrome.exe	85
PID 2392 wrote to memory of 2812	2392	chrome.exe	85
PID 2392 wrote to memory of 2812	2392	chrome.exe	85
PID 2392 wrote to memory of 2812	2392	chrome.exe	85
PID 2392 wrote to memory of 2812	2392	chrome.exe	85
PID 2392 wrote to memory of 2812	2392	chrome.exe	85
PID 2392 wrote to memory of 2812	2392	chrome.exe	85
PID 2392 wrote to memory of 2812	2392	chrome.exe	85
PID 2392 wrote to memory of 2812	2392	chrome.exe	85
PID 2392 wrote to memory of 2812	2392	chrome.exe	85
PID 2392 wrote to memory of 2812	2392	chrome.exe	85
PID 2392 wrote to memory of 2812	2392	chrome.exe	85
PID 2392 wrote to memory of 2812	2392	chrome.exe	85
PID 2392 wrote to memory of 2812	2392	chrome.exe	85
PID 2392 wrote to memory of 2812	2392	chrome.exe	85
PID 2392 wrote to memory of 2812	2392	chrome.exe	85

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\test.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4736
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\test.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:4632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffa9580cc40,0x7ffa9580cc4c,0x7ffa9580cc58
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Mark of the Web detected: This indicates that the page was originally saved or cloned.
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2180 /prefetch:8
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4400,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4424 /prefetch:1
  2⤵
  PID:240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4744,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4756,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:3224
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x88,0x250,0x7ff608f64698,0x7ff608f646a4,0x7ff608f646b0
    3⤵
    - Drops file in Windows directory
    PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4768,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3412,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3408,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5276,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4988,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4300 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5016,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4636,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4908,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5672,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5680,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3308,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4780,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5912,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5516,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5152,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6156,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6328,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6516,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6636,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6772,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6788 /prefetch:1
  2⤵
  PID:496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6944,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6796 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7108,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6936 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7128,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7252 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7416,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=7560,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7624 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7736,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7720 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7888,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7856 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=8032,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8016 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=8048,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8160 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=8328,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8164 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=8168,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8448 /prefetch:1
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=8608,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8300 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=8740,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8616 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8932,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8004 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=9028,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9056 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=9188,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8760 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=9332,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9344 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=9508,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9524 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=9628,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9644 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=9780,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9796 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=9784,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9932 /prefetch:1
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=10092,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10076 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=10108,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10120 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=10428,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9224 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=10376,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10512 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=10100,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10660 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=10228,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10948 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=9912,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8912 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=10792,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10064 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=9516,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11000 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=9564,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9524 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=7696,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9560 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=10612,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9856 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=7500,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7420 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=10624,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=10552,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8016 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=10564,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10256 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=10984,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7444 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=11008,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10412 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=10864,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9836 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=10224,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10364 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9256,i,18085095191295909255,6487914548273400378,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9264 /prefetch:8
  2⤵
  PID:2804

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:700

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2636

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5408

C:\Users\Admin\Desktop\Remcos-v6.0.0-Light\Remcos v6.0.0 Light.exe
"C:\Users\Admin\Desktop\Remcos-v6.0.0-Light\Remcos v6.0.0 Light.exe"
1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5992

C:\Users\Admin\Desktop\remcos_a.exe
"C:\Users\Admin\Desktop\remcos_a.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1280
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 568
  2⤵
  - Program crash
  PID:4640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1280 -ip 1280
1⤵
PID:3728

C:\Users\Admin\Desktop\remcos_a.exe
"C:\Users\Admin\Desktop\remcos_a.exe"
1⤵
- Executes dropped EXE
PID:1644
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 536
  2⤵
  - Program crash
  PID:4436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 352 -p 1644 -ip 1644
1⤵
PID:2036

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
PID:1872
- C:\Windows\system32\ipconfig.exe
  ipconfig
  2⤵
  - Gathers network information
  PID:3764

C:\Users\Admin\Desktop\dddddd.exe
"C:\Users\Admin\Desktop\dddddd.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SendNotifyMessage
PID:728

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D0
1⤵
PID:952

C:\Users\Admin\Desktop\dddddd.exe
"C:\Users\Admin\Desktop\dddddd.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:2020
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6036
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\script.vbs"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6100
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\script.vbs"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1400
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\script.js"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5204

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\ConfirmDebug.gif
1⤵
- Modifies Internet Explorer settings
PID:5828

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Remcos-v6.0.0-Light\update_notes.txt
1⤵
PID:1184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
76a6557c2e689d0b661ce4e919ae683b

SHA1
776c11f129f933cccd27a104058a9d978aa939c0

SHA256
9493d7a102c0238b75923627f8ab74ab65ddece7e202610a73fa53b2aa8689c5

SHA512
9626f9c595ad2f2884a51d30a6b0f4ea6d6b84b40195b98693a0e4f36973936fd92efcd93515e9abe167ed6c46b648bf186744e81b8d5ba6ee52c8e6a5651d83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
115KB

MD5
41f8055e5e799f256c09ed39dc3d3eae

SHA1
fc8c262c7baf840e50e9e5a7436a711599fbd676

SHA256
57c1752c013dfc623b12f122d28e5473a75419a092e7d5f5c347f1c55f2ce43d

SHA512
05ef7322f8dc6e943d2f97d0f8bf78b05e45e267f1b7d8436935cdb636a48edca3fd3e8c5facc5b11eafb060067ff7e76eaeb0b6a947eed102c4ebe3d10557cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
4.3MB

MD5
ff02ab8371d64f4cb2ae3a81aec4ed0b

SHA1
58690986791322e89180363dcfd3fbee460a18a5

SHA256
e1297a0a28ebdae6dc76b39bb440402be3ae236be9b7948ead8a1e30a149a62f

SHA512
f50a3034f56dec2efa36e6722de73ec73bf23899e6015293cfa5a1774aeabee43c6cc694dbf16269c36aff11c3f338cb4c52cec16bf99f4e80c72c87337f6d16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
214KB

MD5
ba958dfa97ba4abe328dce19c50cd19c

SHA1
122405a9536dd824adcc446c3f0f3a971c94f1b1

SHA256
3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

SHA512
aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000059

Filesize
41KB

MD5
7978a9e6312aeef2fb75a5184b971312

SHA1
312d46ef07ed60cb3c48cd586a5189d4a7cb030d

SHA256
bbb5da7e7ba55a3059a77cdbad6147129d94d7ad45fd15f10ebea2bc4537f649

SHA512
e738bbf00a4218607c1d13aa06792bb3245fa7999a844cfdb251caeefe0c2df0be42b9bc2aa8497927161fcee6593d9e9f9d69cd02ca9b213350223c78ae5e85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9931b321561f7fdfbe86b94a7a8f9d39

SHA1
57acb36aa4ee5e492384b84e744a295eea9da19d

SHA256
7ce553c392e8fc41f6d7c8e973a4fd639e6af510a9c1a0641f44643267f98697

SHA512
1884437c0c1bfeba94a74f793c910e4ce228f3f2f6cec7f121419737a75aa509f2fef351f3593298d24a32a5499eb682ce7d0461838195c21716fe1c53d73263

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
150653ceb7a5f0b0f41a483a6b69c37a

SHA1
0895cae4f28badd7416ff2bbd9cb2430efc63e52

SHA256
6d2ac50653fecb3653647ddfbee721a8bb7d938719ef77dc59ddff60e5e8f063

SHA512
b628ba439e07f8af11708e21178dbbaafedea2a22b0d65ae51355287b13467d437a76edd39d938407749036167d44925e2bc45183d5ba79e903651aa218bd73b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
f4bf9dff13398c736e9bf4d6e00e7bdc

SHA1
e6f4fb188f199ef5f5e2f32f5f99f70e727efb89

SHA256
fc4f1465d63b60980e95ab8756dcb87c0fed612caabbd63bb9d799f6ed08d942

SHA512
21548dd2b41201ecd990de4d398ac679676532c8d407ccce666a167122e4daf8f1d1d36dc6844149da3b039b854f95ccabafa427ca780d4e3b3fdfd136c52a05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
29KB

MD5
0c092f5b191ba96a7f4789e8f45db634

SHA1
98ed8e4b36c9649578d15b70cd7055e7da7afe63

SHA256
4a15eb2b5c06e06ba0f85e1a236bc462448ff0f6aedaa8ec134fce36c3e1bac9

SHA512
f4f682a1206a30875c03b073dade1d6c9b091f7a88278ea78eb67b7e7fb123a5a07be17d05b23c372b0745aace7973e74a2dd64f1fb533c0c46fc6b12d01bb71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
33KB

MD5
91e1dd837be14c18984026d70bb6d597

SHA1
1788caa60daf0be0fe4a93ba0fb1b025e8388c5f

SHA256
c5c30056689fddc1a5c161f04ce07ab8c8d94e75a20425fe3d9b38ed6e582da6

SHA512
aab2b2eaa62166563c949cb340a418152c559b407fe181384eefca421946be70c3546093a4d26931eae97b5e189186b1bddeee58ce8471791f87977e90949ea6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
30KB

MD5
010ae02aeced74427ee51fc5bc119734

SHA1
d125be9869a4dc260f98130afc8d6f245ee8ac63

SHA256
2e3b534c0e0a651bd02cea3e54d0927cf3f8775384569047db2f944ee3dba23c

SHA512
7f82fe19ea96c0120fd410e189071055bf8c0a28fde11f677418a2e09c02b52c32de2f87ac58a8657e4840c84dc2cfa4a43623beee6c36e25dd15209bc12338c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
28KB

MD5
31f8c90106e8e7442731e1a09edc7f20

SHA1
a420660df47b0a8fbe4bc8a11ab9f8182f70c844

SHA256
1f7f1a26de89cc5cc21637fbc5994e0fad88deffbd59410d3a1970a948bee5c2

SHA512
7805c42ffb9f4ea9bfb827e1cbc72a10dd5d1de12f5a45051a5a0a4c46858d9272be84e95bf5ed4301d12adf808e12d0a3347ccd3ef843db394510a2feea1bb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
ac50645693c85f5531b1ae5fb6e9e5d2

SHA1
5f8062a8eff57fed554af4776f28dde136264a5f

SHA256
41ea650477bfd2ba0377405a34f8b837f429432c73f7e8ead1eb3227a35954a2

SHA512
0b98a9ffbd406af257ff8b1d0ff626f19bb7023a380653f5d3e8a060707c8b59e11be517c4eb217912fcf60df54f3ffe5daa3298a7cff22334d1a6f29404035f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
8041ab2fbf1ae41d245dc50f5bb86faf

SHA1
ff36b85ec937741e928396ee6cce23dce86bdbef

SHA256
e4b72f92e22cda723bbc5e229ddc38418db85399aee72b70e600d2ea0a400877

SHA512
6309028020871094f40323225790793b4049df51c30704d0900acfd824c8cf2ad1f84b14221e17f289587b6f70ad4bde02c4b2a7eb8b8b6e499b0f5c22b2deeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
649521c82ac45ddd480564364ea47f31

SHA1
aec54408e6a3acc8774a76c082cf01ffffece2f6

SHA256
9382e0cbe23cf40efc17424aec61ab163bc7649109c063053b9da26b2979fcc2

SHA512
ad57249d04a4ddd4b7b55386aed00ab6e00b4eae6f1be6aae967fe886b2b1ab27f7b95b04ac189b4f18bf70981eb21e322b4943afcb5a1729b9a00f293fa2f3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
2768ed85413493a85feaf48d81601e6e

SHA1
b9f64e39f9b02926aabc8b0fc7241c2c8b4bd33a

SHA256
3007f64bb03ffc79c3ca288e7f20208092bafea0782a4fa4cb5fb7ea00d08eda

SHA512
30764532bb2f5cb58afb30656842654459e639b71a76a8532b4fb8c06f12fb40db0625ca23625d21eb3dfb3422f528847d94adeaada9498d7cd63cf633f5c15e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
b0d25a38108324898b66c775a1861a67

SHA1
4be41f66046ad4d27d8b2428d7d8427eda0ceee9

SHA256
3fa94bb12a12e5be291f7a6f5973186f872ca8f78e4c3719733c97925d4f5848

SHA512
0cefd060358ff2acf1d2374ecbbdfc53e3681294909f5858a61fa4b08b1ca85374e1d600c482614c21c3e610c7ba1e100d3bd2c2bed194b1a57372097808e3f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
4a3aa1ab98d8a6dba341d6dc49647c1c

SHA1
e34d98575119ba5dff1d2faf8d116db0c063beb9

SHA256
1fd18b2001f05909f83746834d7c6981f15664c667bbfcfffc19ad58164fbb13

SHA512
beb7a123af2b2cd7cdc19837c1680f1f314ce1e121d1f70d8d9c869d2b7448222a2ca9fc322b394546b8c145305b513ad960579109bd59e7fcce4cc8e542c1b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
15cf341bdbc8d385231acbbb48982951

SHA1
a176aecf48531810e5bb3bf4a72a5659399699f6

SHA256
a283a179385b7de19effef56fc06adc0aca01baffe0b361fe488d22c43bd1f65

SHA512
27e46d23315b3e06233c29eb513760304562e05d3c8148d3cbcf790688785144ea08d4e94afce496bbba83995254f2fd12d9efdb06cd686054d0a4e338389a11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
89631dfdd2feed69c79feff7a850974c

SHA1
6a660ab4aaec7cb12790be7c4ed6bee5880a6e27

SHA256
6719b57a4e8ca1ffd0a68ee0fdcd48206df2a83518248f8001ff8d4b2fec9d6f

SHA512
d690bffbb08eb0740c85289411964ce314ccbf4aa3404a1efbe70a2f45b88795d51157035f5b8a99dc038d0573de2e5c8df4673f044755068677a9ba0973e461

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
ce3a74efd5115658b7f8234026cfd7ea

SHA1
1c9d46cada9f635458e7ed8d9d6f224ad2d7eded

SHA256
d85aed916150c0f6550ed17c90599ec0885465af22b6da4efd8b6de62c7126d5

SHA512
32cb8156c79b4782cd7430b3d29200c604c7279bc31df122538f1d52a88608f85b7df2c679f49590af0c7e9b760b8e207f0421cb3c09ed4edbf9b70baf4f9fd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
3c3d2c897f7007bfa0ade7f78cded444

SHA1
34022c3feed77e3eadd85aea8e295016e2f14446

SHA256
7ebb8e8a9f634efe0aacf222075bdda0c9227a0a6d360ed9616001963a9803b8

SHA512
7d05dd0a2e3af6ce0438b978b49cf2a65662c6e2af8467ab60346f4e93ef24c782249ef10e9eeb231643757dbdbe1f5f32379e5d4d0bf275b78852523d97fae7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
bc4034130f7d269314d8e396478e1074

SHA1
011d8a21c9970d4677e4e7e46f2532523698b82b

SHA256
b723855b20c60e29d9565ced447257a72ec26df7dedfb6d02a131793769525dd

SHA512
8ec07bca75f8991b2f451c08551e566c19c188c629dca3c5a636b28d18031abe720b8a06005672195fee45c90b185e1d86dfc8e937eb3f50090c7fbbce1ff904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
44080aab58f76a45fb03b3bcedd4a950

SHA1
2590f2032c57032efd7cd0e4b04b8e30b13bc9e6

SHA256
5b82f67735102cbcd6476f000a1e4e15d125eb41d76b44dd05bd9132b0010ab4

SHA512
edfcb4947823ca124a7bce3dae26d6316192d33f0efeb76d3c0386061312221415d5b528126abf50392895fad7532d11ac2edade5a324a990224030819699e34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
c4d574ccd9d6e9a27f2ed9e516f15a10

SHA1
c0d0faa5c5ef516216dfa080019f34c11d4413e8

SHA256
af01f7073860d18645617514b83c160a212b9b760e5730c66e8ea22fcb582d77

SHA512
60282601ce0e3f280bc7dc6e479e07121fbb96e4d8962b38f2c631046282098f7fa923fce3a96a2397cd0d6796474d4c573a1757fa1665f70a5f82099aaecefb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
ffad62393998ea7d639c5535027a700f

SHA1
3b474e12eda998deb34e81ef43efaab3c3fb6d31

SHA256
08a4f9c20f173bfb49b673568b0d830b0e95cd38b29147cd62401a56a8226bff

SHA512
48a7a86345616eb6b89f04c814d60f6631dbc6e5a31c27c5478e3e46a81b7deb58a347561d899a700ee6ad031f3e5da412c64aaa3ab86c9b50ea69f555030804

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
55d097a38f7c5702c9fbe45a1c29a1b7

SHA1
02a43657ce19335e8d7f2a6cdd3b54abedc9dbab

SHA256
5d1eb05fb40e4c1b4b4108a2c8bfab60eadabd25ea8170b8f12a131e8ecccc24

SHA512
2feef936579da6ded7d4e6ab64da73a5696d96a55722939352277c24c7a29eb218f5ec2044e219c903f95a73bde089817d513af7a5d0de2cc06ae70244d39b30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
07196b81fabd0dc2b41aa54fef366399

SHA1
f1b1163afc6039b88eca5c2ed821878b5d96b37a

SHA256
1c0331cbb0742c05ff14dfcf3b5e66b1b6a4cc1688ed32d8cfed071d33c16445

SHA512
c765f545cbe4838c13266b5478288bce29792e09ea86ed8efdb68a4c4951a8287f2dbe011eb357c8d54d3074c13ae9a5fad16fcbe674e1979f50821dc48cdf83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
dc9ebfc849c31827b72653995dccb3cd

SHA1
5ff5e1241bdbab03ce9261fe362eca4379ae80fc

SHA256
2cc8bba5f0ab4442849979f5ff7a06cbe4bb0d6aa5d450f94e48914575978704

SHA512
2818cf00838c1202b9b795fd2372ad71214645c5df9c9cd9c89a6fbd17b7c8683da6d16d5f6f6177f5d0a3350ab9e176a695b928fdfcc7582f2f39df09951445

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
4d9fa388fe008274958f28dd50f5f40f

SHA1
fa634d0bc42a130d4cf0db4c24699c224148320d

SHA256
3398259f0e0e436c30465157a145d1f93946e0889f763ef22503ef1a3b2f1dc7

SHA512
aeeac578a8a1a6ad966eac575688f9a938c316629926f74f84da8e1f56b3e45f5a4d2c0c5064d08e5e17c734a3bbd2606f4fcc391f9e50d6e9a844819c01df84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
f4ab89291d323fb3e5bff8ed7d326790

SHA1
74aaaf766b4b3299f3b4b9964ab512614bcc599e

SHA256
a79be3bf359804eceb24a5d5bea9ae69b679c4b451eb32a7263a1031fb46d6a8

SHA512
e77c6d31b7bee89f3ef5d630694c232c63c11fd4d76944e5175605431ea3c8fc47cc49df2733ee1247400aa510afa46a79b0a17df071bab8fdb0baf7a6217d0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
20f4afce40bc57ed9ecc69d206b5b3bd

SHA1
02e852ef8733052df4cb36f47215ed265c4b36e7

SHA256
3a1ead8b729b196d0728201d9e2a226996b99c08ec34220f28c9c666ee756dbc

SHA512
609a5b198e9ffcd1baccb9c6dad9eace6ba19d0ca81652e03d81e71e5b83664fc3011385c30ab04d4c59a526e047ef750bea33e6e7270bb874dd0a46a939a9f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
be6d045afa64ed1ebb25013f6845a714

SHA1
4417b45a6ecf86b6f1f28cad848d1ba852146593

SHA256
9fc38d877e34f50ede0dbb25f8be727973389a15b4edc19a0c6dd35c9f1423b7

SHA512
9254afbfbaed81c4dad378958419f852b70a968d74aea4e509b98826b9b3c55544dce15d0927fb0f64997a67f9dbfe94b1e42f489605d4afee7f8c4dad2ab6a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
1609cddac8f00606d759591cb94a4a47

SHA1
e6695fba1322b290d1111065800718a5fadbf25f

SHA256
60b85fce95ca2f1d324857b9d327c3beff43d0f7a0f3244e34617b363034043c

SHA512
a9a6ec415ddfb23a4af4cbfd768a549098334e47cd326754186b4d9632ca535c460849c31fe6c9d3fbe9c36b5f6fc7870bdd25e6994c158fb1c5607b878c512a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
dfba96f8b24f4d07825e02fd282a598c

SHA1
8c902b703028f5a8e7a49cfe7a66ebeffacf2900

SHA256
8872e4d69ee5025c6305da37bafbf9f27ba6de614593ffb3ce011ec860f66f14

SHA512
17d40597f1fe9cb5c96145398823cf31ba3bca845d97119df46b618a45f376f08c90a7a95e44c4e62d94a6d34f2267b2d6e1e8d1edc176f09ca5300f3b42d179

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1bc9e23d3086dba01cefbe684c5085cc

SHA1
3143769c6390efe070bd8b55c28cbdbf5e60e560

SHA256
b90a440abdf4f607927fda498cc81c63a8286a1fb9dbe9bdfbfc4b7c8c7828ae

SHA512
bdda41cf213348df168fcf0d78fab295a68b00c4fc852694a302d52adc22adc6c469d2eeb1a933663ec5511b3fdf3cc7467480e906bbe9d0418ba8c0ec53af35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
867af02f9d747276ca8280addc19d22c

SHA1
d5fdcda75cef6124c073573746d752f2e54cd431

SHA256
7763e3d2b825ce50a77797375bce34e3735d3a5c8d08371302c72c7e448afa6d

SHA512
e08b9950a619c039a71fa32120b30bb3506ea56960f12423bc11a8d3622bc94a387f1b745c902f4d526ceda3cd516aa3cc20efda4c189404aea16f455a7f6fdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
956e371646f039e5520cb0c63017faa9

SHA1
7eb1f977026f7406d3a17b99ab11f599085154ee

SHA256
08f1ac94fcad36260305b92e36894090780e402e8631c12f68add35beb1f8cf8

SHA512
7f8892d4b3c4a0e21f02b4fede4b55234bcdfc25e58486368886752586808353b632913661ead886448cf90435b17550e47a1457c7cf8d07ea3a3374eb9d939e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
151b48671f016b48da3c4f0a32669aad

SHA1
36399b3212b44419d05f88a01e616cee58ac275a

SHA256
e6198ca5f4d3324b9ed58123d167646ae0321aa03f985e200eff96040e1432f9

SHA512
01280daaf9b35282e99aeafb6b0a43aac75fddd732c100d921e1b0bef5679e127fc99397cea1aec93419cbfbd54ac07626dcc298ee04e5cff351cc3a7cc77b1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2002226bb4d9897fcb017d57f2579ded

SHA1
321319ad3bf28dfee4a606cd22638b3dffbfd243

SHA256
c73377fe1df29532194f7c7c3b2bb0913e2ffb96873d5813d2a993ac809e95cf

SHA512
21e9576550dddf5bff85a5d815da32c816e405d1ad7f1b7dc80b4839c575116c22d0e62a5f9fbfdc015ba5c0ba496f14e6951b1744f782e23251b586eee29391

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d9bcb491a07f9b4dd8230dacb601a112

SHA1
49271f7d26a301dc95a7c8b62161e1461e2f5f1d

SHA256
618250227230a2bcffcd8693d8e1260565709c791a5e1d708f6abc289a186eb6

SHA512
8bd56e7f29ed8c7d54e36a7952c105bfd00fdd5c4b23e77c08b30ec6e36c330ebd914bc702b137857f3a105af4a84ecf028868a76c30a95350fc11faa6ecc092

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
256ba9fc51d39ef839bedaa3e352dbcf

SHA1
ee3646e1c562ef782978814aca76d8b98f1a2a0c

SHA256
6a3fdd233aeed673769f8398c62561d08d7122cc3e36b4ac3aeb19204a9ecd60

SHA512
1438216540f6fb001e1d57a7b078a007bd084b7a5aa6a60c1c8796d88daa3b8c779d9f8800ac933dbac942a7ebd901a518f72aa9e43936ea790cddba9f95ccae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e543bbef59811d1f30a581718ebb3161

SHA1
0de81e9a14a65a20e353dd58df9f276133595949

SHA256
ac775ab78812f664ecd435c9768df56a86b24259a1a0376473632161fe0da489

SHA512
1269de786719176cf71ec59e79b32c2755e86f9b0d93cef3a78b60b13667fcb1d930459f291eec04704eb95a66a9d7674235c7ccaf87000c229ec233b767fe41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bd7c6e5354dc7298a402748645034b59

SHA1
4d3d5deb11924d7eb4a0e5330a76749ff1423d13

SHA256
05d5ce3ce9ca0f873b1514e0d4eb0d07eda7b216117de5ad7169cda0cdb3c7a8

SHA512
2d066a9524b9cafd408285b272711684b56f64d82df0823e1648cb1c195256bb90c3bd3cd1d00d578a647dbf42e773c6d946cfb69035c197bd4629fc6dfaaf2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7e5b1b8225bda260d231fe267be782bd

SHA1
c696bc2d87cc3a5463be2abb1e089221ecc7b39b

SHA256
180d7788e5f4c3ce0efaa66f1ac34a6ad6269d9d26542e9ef8685e6dd621eb1f

SHA512
826273369a80fe9dbab304371f3100a2bea6014ce380c809a8d24a4ce1beeb306a5e062c69242862c975f88ead16a40dff2869f7f77115c5ced998e13962a854

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2e5b71687d187b3778cfc3855f2d40b6

SHA1
8f3301a567338226f94e8d701b8ee7f3e29e1807

SHA256
8cd2725e8629072c74bfb7db0d481809e7bda41dc8473fcd46e8d7687d53eadc

SHA512
dbd53cf988ac56801ddca190db957dd41530eb21acbce82669495b8e0614059dca462d3263f4c0ec68922520be2bbe5842aa1c88cc081b569a9d88c940ab59d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6a3bfdf899023375601f8dba2ecffd6f

SHA1
132256610ec552606cfb0407ba68ba5bcd58d314

SHA256
d3e4066384baf9a0668e12437cf28dbbbd48ee6357a20316b45d8c1e2bc295d8

SHA512
db3cde44dbfc29b2f47731074f4c63c70ff755678a91957f68fef59ffda93b39df5ad75f3e104e84f4635281b219f15454b2f5b805ba1d8b21b14b1aec99ddd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0556dc6d829d9087641a4059e59dadae

SHA1
2c6d89986a518e31a4cc617a75980a9375c0cf36

SHA256
70708fda0fe8d1c6bd04d37d5366ecfb3f33d2ad89a466ac72a0adefb1695261

SHA512
2e3485fb7e623c073d5db4cdabe2966e6ebb11008f0f04d708171412d32e50caf0783a447a06643ff6bb82b37af61b6565c63b52fa28fab967f6012a73fd01cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d28c97712ecf9840c0a8d85aaedc1978

SHA1
8ca64920d26cf5a9629449749dae6b5f83768a7a

SHA256
1c911d4a01d976143a0cf8fba231d295d750f062f7c5982599ac8ce799cb63f2

SHA512
b52626068c029d2c3f3442e533c92b36002ed049d1c8ca357294f144e8a76dd5dfddadb65c309b6ca0c9c796f5495325f575fe9ed89a1f472cfed1057d9964b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
431f5d2c80d4f79329d39a4a2e192dfa

SHA1
b8b37524da550e189ffd9c999ebf6c1dea7003a2

SHA256
e6c53e4d6dcdcbefa178481547b825f2e2bd54e0ab3be9da964d683d9d533abc

SHA512
b5a00cb9150ee59da45e805e8d7c08de662e47275ab343c71c3dcdce55293d0416e696226edf9ac689d06e0a66ce9d9a873b2345568f53c9e4d4ad5a8b83c408

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8bfa26c9d2f160ee1679ab59f23cc7fb

SHA1
bd925dcdb9ac2985b841fd0517ea1c2810b67de5

SHA256
5f98e875af942e364785704a31c9d2a07ed1b9954d94a2f4c70bf5f6c6aa1e0d

SHA512
592c6d5ffd91f957daa4814d63f8b07f2b3ba6cf51612657273e7a6a8370db33ce83f9a7e808db0b18cced658fe643815516c19c0a4d47d8702d0d5254e9724f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
13dd97233254931c1e2457f40fa6d64b

SHA1
1309f0cb5b43850e3cfdcfb8e895e36f212a4cd8

SHA256
400fcfdb867c5f9fe3b5545e90acd1638990ee308719cae80ffbf2e27bb56044

SHA512
ae8b16d2178518c0892d754b3795ba4edbebc248ac0cd2ee218dfa882ba056e8d3cd25ac85104052bcf415ec95a8b95b652545f7417c6917721eab4022dfca15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
16f4f9054c2c2dc46c6d4901ad87d0ff

SHA1
313524fa6efc794d90c493993bf22966bad6d749

SHA256
800d1add7ccd54fc55b8ad228c94a77969908e3e69bd1e01169002977a619964

SHA512
a7fc889a6bee0830fe93d24d17aa6cdfe8d44a943f3a8b1ba5e462799c70eb0c6aec25c38896e65f3e217cc54537b58ff30647e99d80ae7d7f3e0711db66fc5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b977c2a0c4b5462f06a23295c7eafc69

SHA1
4b25a32bfa78d41dc0a98e802185c7ac5f0ba325

SHA256
9a3e32fb7921f5d92e8b8bcabb21daedeb9f63deae3a866d4a4cbe0d2a69f6e0

SHA512
c8b74a7d2c0c9517d34b58d19d5b9afc185a1c1e535a75c46dd29a10ebe71fc136c621a22cf0a901b92768e1df30fa33464570de0d1672a1906001c313750454

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
302bde2ce922f7353d6efed5b2078afc

SHA1
1b01eaada4da3df9adc5b351bfdb131c858e3803

SHA256
969bbc39a0594c205baed196f82209135f2f971ca2cdf1c5ed82ae19f037c782

SHA512
d68b1925a3c48a9204e09df3559dba756242852a6dec79ccb6253706d56ba18a48e5b3465afcb1f23f6ae8ab220e669c5e08478e70a8f1f38f2e69447bbadff0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3b8d662dcfb54f21d342a3958862ba8d

SHA1
9c6d47ab216bd54cf3d10f1c4ee6d5bf72c848ca

SHA256
9f777687069bda5b39829337c698fe0021c2da290c32baa238a9b628a8d84c04

SHA512
4ffa61767b4c6423f35377e329baae902fdae8206b7c8c58c18af7b9bfc4d607cecfe0d29570fac8f8f559842f34d268c113bf2205091986ada3949881f78bd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ddbd7be879fef562eeec4cb5b8dbdb3b

SHA1
860a6f1971d659998333f4d65faace39703dce6c

SHA256
e795ea05f103a2f168290202040f0bbba7d101148e17cffa676ffae197f7d68a

SHA512
e55d7f43a5570f37bcf67562241334560b214fda1625e4e380b7af537834063270d16d8b694c67436ee83e117d2fe20ca6e390b7e6b48610fff3818e38e3c366

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
73e92f3d96a2cefc27338895972afb03

SHA1
13ced74b02e3f464c6e8abcb9319133e4069f385

SHA256
c7e9653a53cce630b58d7ab3b035e38f57c3a574e78eb1ca84cba93d13aa0a09

SHA512
1a08627a4c92bc251c4fc0710f9295756bf3ddbac2fc01df5c174dc48d2d8ca6987c88123ac59ff5b6a1eb07e2bd0e68fc050f691a3a238150783cbd409a4912

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1d04b1964b5b4a768850b3ded11efd6a

SHA1
981c3aec2a70010a73bb27e2b0c0a8e26dda7fd9

SHA256
1ea504ed90b0a79a82e7ad96610e97d3232574447c88777ab24249fe95d7a2ab

SHA512
8fe2c91aba1e7196e0006c6039cc2ad74abbd16035a188779b814c88b3179ecbe79ac6cc86c9fc584c46118cb266f075c88ba9f613919de1488c6f5916c1a047

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
34fd3836d37b277ef1a65a3fa45478b9

SHA1
7a7c31fa6dadd7c303687f5a64f5f8c8ed29f51e

SHA256
e01132d00e757fd64c0789b3c66e18af8a46fd906ca65ec239af9f87aacbac48

SHA512
2219937f829c397ca644169b95b637290a6f0b8b43111d903b09277f2986ce8ceffaf9863c523930198839f9b4d9b175524969c2e7e1fdcc5a916a9054a1eec3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7094a93998a5c27612f5e4f1385be4de

SHA1
44c03ab190bc8aa792286eb9fa300341bf3cb611

SHA256
238b57edb286bc91e1ca8d6855168f92f52a136ea637af5296d42d44e537bbb5

SHA512
18f912a95574af06a27eb37cb239eea4078137e1ae9a3d8a7fa9ce6bef7891c4d33c5fe7212cfbe6706cdc1df6495f3d2f29951c18716501573d2730d33587e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3225d8030c2c0e65c0b3160c41d00b89

SHA1
67ddb336fa8ce9b80bda090ab17a3cf8fcc844b4

SHA256
4ff645525dc04c624fa7b568b449374801e8ac35bbaedb7d2300a2489cb51a36

SHA512
e920225ddd7998ee37e0cd72fafdae150381a3fae546de3b8c81b2cc1bde4ec14a62ba318536f6a6798a0d9b8142ed6c387939687f7f5c5f84e6479b9b99d2f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e53f8720d531b582613e219ccee7f7b3

SHA1
d4f3f7008669d86d7567b6ef0882f6728001b599

SHA256
f99591879777356689167115bdb98e0305b90e3d10a3ff01c2fed06af79443fd

SHA512
44b4c80a6b3adcfbc3fb9b28f54f367feb9900dad56777b86252ccf199f8c1f9d3bcba2faaac3fe206b686cbcb56fa18563f00ef27faa10290d7b8d065b47790

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d6c446dc0df41ca938d9d64452a265d4

SHA1
16abd3cf695a5a9cfd13745f7911c4cbc59a6f6b

SHA256
4a0e0ed3de0dc059c476e4205bb8533e25c30efecc756ca4b2f60f3bbd802207

SHA512
31d94ce2fce65be6f2eb686bc39cdf3413b7ff159dfa48615acf18baa2f266d8a21af446d41ea598726bbc0a9111eba0fd27918912b884ca38095dda23520206

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
f8196ac0dbf27160efe47a9d134eed14

SHA1
824b33bb9ea8abe6a95b4256df8f9f2ceb0eb3de

SHA256
bce622f5d6e4b806bef832d1ab0f7d83c2439f10b1594c1defc42912bdc6015d

SHA512
2340a1e513576f5a9a2789138658b40862506761b8c9f895cdb911ce3df862ed3c018183c7911e95e4d59ae96a3512f4122d1d98361f85e06976d3e4edd798de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
067424d185077a867cfe375c330e6a4f

SHA1
cf0c586632090a79141a2b2467ae171165aec8f1

SHA256
6e205c8c700a9e98aee8e39eae2db7f37054fd4b04d8543bd92e507c1a3aedce

SHA512
b3a091a09ac98575adc97c7528ca535df46795b7bab47db4940eead40b24254d6801be7f3740ee013fc726dec3025d864cd2dbbfa83bc0a78e7445fe8eb98695

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
9f0c6d52c72d36678f0289bf21550240

SHA1
31ce3faeb4913d698a410ae0ce5284b0f889de9f

SHA256
5a6c63524542119346c3228f8f2e9f5476c5ebe6210aec9096e00b986982159e

SHA512
390b5832b50fafcecf08cb4e01e85914d0f9bc2847fb8cf1d2d2a12b5af1861597e1be50b7ca9333e2655644f929cd1da84d4ade7a657ebe3620425e9d8e889e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
bf59a045b5b74082d2be8263fce3ce8e

SHA1
cb1381014d1cdd74bbb53b20a846185fea96ac69

SHA256
109e4dea47cae8589e18100f64b0f58c596aaef4cc3ccf9a37f9e32fb0d9fea8

SHA512
58d64eb0a80a2bbc4d00c4d7dd732279d4caeb551984b813f0fc4b80d2f7e6323dc4c30fb92365ad7ce76ccc822097a3824a73c0e727135a55d54c3bff422052

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
cbb3f6c20818a8cced7a6156992dfd5b

SHA1
b83251fd10e3ab634f4ef5efdbdbba069a7fd7be

SHA256
501f94b5e4e06c559bf85bb1c8581c9ef454f8d1e670df8ba88710872b72648f

SHA512
af974d22ab6e07602d5b78d55417c75faf584a639e6382f9c1855c3996aed840bcde8265bf105441c0543a31c5d1cacb4bb7bab095e402939671f80a2442827a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
04028a06729aecfd041aecdc03caeceb

SHA1
c008beeb65dd6495e07cbba687ca0c12d5f12aea

SHA256
ae7d6977d0bcf6cc9700e3fee70d3b113b4726275b204d949ec48107af3876a3

SHA512
79b0f75e93ca45637e6b289239af0e093f201c646edefcbcf3d3d615daf49d8c4ff308e1b2b0c3bc72a7e1ba136077a50388737e22026a0b1a1643d8f2d4b96a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
8ff8eafcb8dcc66f9c75441f87053f65

SHA1
834b2d8bf0bcfee2b03fdbe798cad0429fda0757

SHA256
a64e179699c28a1e6b6a9057ba1ac3b28562d0b60019b09eba6f29e2acb49d13

SHA512
fccfbf7cc9c5b9c902439a08786a33d9b22805ca9e980a0d71b77cee01f5c8ad314ccf476156f533aa18f6937a9f48d119c255f04b481a38bf812aa3e7672e3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\script.vbs

Filesize
28B

MD5
b3c71829c35fd9c93b5f0297f89fca1c

SHA1
bce664830599be4efba338d2f022bd05ba99f59f

SHA256
9a2d3f121c1514a0dc256384e0e7426c2c6eb1533004bbde548a24b9cdf3de5b

SHA512
ae903602d33631ec434a42e1a87fd7028ffb74a7a6716ca40f85e8600953407fa0f3e868e9f2bef43554bfbc83c79097c2966634a0d1b1949a4c217d82550a02

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
11KB

MD5
ebae72333f2474a973e856ece6642ca2

SHA1
5425d5647e0c1279a39a1f6c423e53916ff9e85c

SHA256
20fc65acc4d03618b5549fad0f946cde3965bd06cf85326f70a5b4b65f914b80

SHA512
38751830b9b84a9c2da2befd752e1466b246b1c285a935f85bc9ffa06aeb0c568a7f3bfbe5cd70b0e5fa53c8c97870354e5501ba4ab3d5c723bc6795f9730beb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
931c9c2cb3e290d9cd062bbe0f4f5b98

SHA1
a0450d5963b767dedcd138894b1aa254158727d3

SHA256
264cbb0c8494152d84afff57fd1f81ce5450b0c9f58662930be6453e1702fa7d

SHA512
2becf625d2d3e1443057d8adc90ba6aef6c5e8dbc61a8d86203c8c34bd0ea3591947352454122fb855b101c1555a5b30ba8ffbdfd12db8a1ea99e31c6978f7a1

Download Submit
C:\Users\Admin\Desktop\Remcos-v6.0.0-Light\BuilderProfiles\DefaultProfile.ini

Filesize
398B

MD5
82aa2e143c3e66e7b1047ab44e18eef6

SHA1
5e113c54503e292512cabbea359fa280539b3ec9

SHA256
83086e2931f3d26339cfe49b4a4daef80ec4a075f1249f5a8deca64cdbaa61cd

SHA512
8673124c801f235b76814bde595eb5d5dc71636e37d60be21155b5c57231bec0b920a22d04ac571eaf0da110e339ba93d07ecbe9d374ddcaf9d13a080518cf7e

Download Submit
C:\Users\Admin\Desktop\Remcos-v6.0.0-Light\BuilderProfiles\DefaultProfile.ini

Filesize
399B

MD5
99a3b003a312b14d1413d7aa3d38db90

SHA1
485886a46c793c624ff7fbc2e345b06fed1fc0ce

SHA256
f0254d013fd701dc73acbd178d14c7cbbb83677bc50fafdadf579c8ad7c15817

SHA512
d572dd865d2437e90e8cb25d1ef5a470bb01ce17630db69aaa29b455bb00eb7bfed1e3ced83fd26027836ae49364879fee524b2448cef2726d8ce1b7e02c0b24

Download Submit
C:\Users\Admin\Desktop\Remcos-v6.0.0-Light\Remcos_Settings.ini

Filesize
29B

MD5
5ef6edd2053ba7dae1c9b137deddff92

SHA1
3f8a68838109ca0fa42e451aded13c1dcb5496e3

SHA256
4ef0b5f5085ee7b911b8f64a66c40c45cc3049b74e1e8154acc8338337ab717f

SHA512
f1a3a705e9d49ad6f1f4408a2cd2f7b1803c15ea0c2d7d1326e52e27689add38a5a718f87015697cfd4af043a64718f369e9a1e9276940c0304efcee3098572e

Download Submit
C:\Users\Admin\Desktop\Remcos-v6.0.0-Light\Remcos_Settings.ini

Filesize
98B

MD5
f56daa79149ce23d7e62fe57f097c80f

SHA1
c9fbf2a1f5678142e71ac80470e79601b883aea1

SHA256
5f18d8c9331d160c7c8b645b44e2bc8177a2a8baab4b3e558563ad633cd4ba11

SHA512
41394432c108a60e5984df9d2b4a7924c1269bc2e03e6dba864b4bb0795f84254b0a50e987ea4b8535337a6179acec6c7ece922bce7b8f51ef489f61ead1630e

Download Submit
C:\Users\Admin\Desktop\Remcos-v6.0.0-Light\Remcos_Settings.ini

Filesize
139B

MD5
c66dd9111a507f5987c221db144217db

SHA1
3eb2140a8739b0ad8ccd6b58d13a155ad048b11f

SHA256
df240002125314704b83312156332941c7ce4249e83a23df736e99816e5ebb7b

SHA512
2c81914c0909fce05bff3f974aceae83d63c9c83affc2ffa865e3f48af0cd4e563e1d85ac561f1e8031ea77cf6e8812b8fe3ecd4b43ece1cff0b83c9806b2413

Download Submit
C:\Users\Admin\Desktop\Remcos-v6.0.0-Light\TLS\remcos_client.key

Filesize
633B

MD5
455202a8f0a78e84919556a4f31f8eca

SHA1
2c0578b13ee09cfc203f246cbdcf28429486532b

SHA256
8548191e26d4adc20b3a9dd09eef3e44a2acf0060f373f35b789a6a6c4635dd7

SHA512
ae848d22991816b0616757b26cc90f889612cf20accb559234c08fe1d8a95a87bbe110d55ee6337433d8afc56b01d247e4a554b76d2c47ce1db1306b852d1899

Download Submit
C:\Users\Admin\Desktop\Remcos-v6.0.0-Light\TLS\remcos_server.key

Filesize
633B

MD5
c18055f9cd574d28d2d08d64a9c9c750

SHA1
f6979dbd9d3a65b5cafb4393fd363ba2704b6354

SHA256
e03a2afb34fc54d65443c56b1056209ceeab089a513daf3717ad364ee7c84c9e

SHA512
0ed56bb2fa235e8008422a7a72a309c69cd1d0748a83a4aa39446d45738a017e099c4fce449ee642b8ef61863fdac5a8b4fe63b6ff38e481808eec7b9a38c35a

Download Submit
C:\Users\Admin\Desktop\dddddd.exe

Filesize
428KB

MD5
86436e6d9298a69cc01111b200344afc

SHA1
dd89357d417a6d6dcd45067cb6fac7e625a62cfb

SHA256
b7a056a7e7cd16079355ac297555448038e730eee316ead99f8d7a6e5bfcd076

SHA512
747d21596856d3388d075b784bd53e8625210e7c4d723ba99759ecfbcf710a23de3038d7b00f4845583b0c1c3f9e7dbfdc711d809ee697680a92c21fbafe7765

Download Submit
C:\Users\Admin\Downloads\Remcos-v6.0.0-Light.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/2020-1383-0x0000000010000000-0x0000000010006000-memory.dmp

Filesize
24KB

Download
memory/2020-1382-0x0000000010000000-0x0000000010006000-memory.dmp

Filesize
24KB

Download
memory/2020-1380-0x0000000010000000-0x0000000010006000-memory.dmp

Filesize
24KB

Download
memory/5992-655-0x0000000006DD0000-0x0000000006DD1000-memory.dmp

Filesize
4KB

Download
memory/5992-648-0x0000000006740000-0x0000000006741000-memory.dmp

Filesize
4KB

Download
memory/5992-649-0x00000000068C0000-0x00000000068C1000-memory.dmp

Filesize
4KB

Download
memory/5992-650-0x00000000068D0000-0x00000000068D1000-memory.dmp

Filesize
4KB

Download
memory/5992-651-0x0000000006900000-0x0000000006901000-memory.dmp

Filesize
4KB

Download
memory/5992-652-0x0000000006910000-0x0000000006911000-memory.dmp

Filesize
4KB

Download
memory/5992-653-0x0000000006920000-0x0000000006921000-memory.dmp

Filesize
4KB

Download
memory/5992-654-0x0000000006930000-0x0000000006931000-memory.dmp

Filesize
4KB

Download
memory/5992-656-0x0000000000400000-0x0000000006630000-memory.dmp

Filesize
98.2MB

Download