Skip to content


Credentials are generated on install on the victim machine and are not tied to an account [1]

Application logs

Log folder: %ProgramData%\SupremoRemoteDesktop\Log\

Timestamp format: YYYY-MM-DD HH:MM:SS:SSS

Log file Notes
SupremoService.00.Service.log Software install
Supremo.00.Client.log "Connected with ID"
Supremo.00.Incoming.log Hostname of the attacker
Supremo.00.ReportsQueue.log Start and end of the session
Supremo.00.FileTransfer.log Received file or Sent file

Network connections to "" on 443/5938

Useful grep

Connected with ID|[Incoming]|Supremo Closed|[File Transfer]