Analysis

  • max time kernel
    238s
  • max time network
    234s
  • platform
    windows10-1703_x64
  • resource
    win10-20230915-en
  • resource tags

    arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
  • submitted
    06-10-2023 13:05

General

  • Target

    https://drive.google.com/file/d/1gy8JKfSAaX6fXlaO6QWTFVTfxa2iWG44/view?usp=drive_web

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

C2

jauan2023.kozow.com:2107

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

  • Async RAT payload 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: MapViewOfSection 3 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1gy8JKfSAaX6fXlaO6QWTFVTfxa2iWG44/view?usp=drive_web
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:872
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc88c99758,0x7ffc88c99768,0x7ffc88c99778
      2⤵
        PID:2864
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1772 --field-trial-handle=1816,i,18167681582157875675,16725593148968579732,131072 /prefetch:8
        2⤵
          PID:5064
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1816,i,18167681582157875675,16725593148968579732,131072 /prefetch:2
          2⤵
            PID:4252
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1816,i,18167681582157875675,16725593148968579732,131072 /prefetch:8
            2⤵
              PID:4152
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1816,i,18167681582157875675,16725593148968579732,131072 /prefetch:1
              2⤵
                PID:4892
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1816,i,18167681582157875675,16725593148968579732,131072 /prefetch:1
                2⤵
                  PID:4880
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4556 --field-trial-handle=1816,i,18167681582157875675,16725593148968579732,131072 /prefetch:1
                  2⤵
                    PID:3004
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1816,i,18167681582157875675,16725593148968579732,131072 /prefetch:8
                    2⤵
                      PID:2860
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1816,i,18167681582157875675,16725593148968579732,131072 /prefetch:8
                      2⤵
                        PID:4024
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 --field-trial-handle=1816,i,18167681582157875675,16725593148968579732,131072 /prefetch:8
                        2⤵
                          PID:2764
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1816,i,18167681582157875675,16725593148968579732,131072 /prefetch:8
                          2⤵
                            PID:3988
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5268 --field-trial-handle=1816,i,18167681582157875675,16725593148968579732,131072 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2116
                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                          1⤵
                            PID:5072
                          • C:\Windows\System32\rundll32.exe
                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                            1⤵
                              PID:8
                            • C:\Program Files\7-Zip\7zG.exe
                              "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\" -ad -an -ai#7zMap6254:114:7zEvent9279
                              1⤵
                              • Suspicious use of FindShellTrayWindow
                              PID:2976
                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\5 NOTIFICACION DEMANDA..exe
                              "C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\5 NOTIFICACION DEMANDA..exe"
                              1⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Suspicious use of SetThreadContext
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious behavior: MapViewOfSection
                              PID:3688
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\SysWOW64\cmd.exe
                                2⤵
                                • Suspicious use of SetThreadContext
                                • Suspicious behavior: EnumeratesProcesses
                                • Suspicious behavior: MapViewOfSection
                                PID:1468
                                • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                  C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                  3⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  • Suspicious use of SetWindowsHookEx
                                  PID:4228

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                              Filesize

                              264B

                              MD5

                              d8fc68bbed23ad603aae042fc479947a

                              SHA1

                              a9a4edb1b7b32c25ca0d6501527b2fddc139acd9

                              SHA256

                              351565c6481aeef520dee65cf48fdc7f04600a7905c63601ca9b72bf16cf5aba

                              SHA512

                              04d31bac26274cbe0252a55464768cedeb4c09258661944f349145b9f4e2058a9a9b85701e89c60ca8831994cbf318880c8a1c0286bcba13033992fd1bd31ec3

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                              Filesize

                              3KB

                              MD5

                              899ac90629de820e688b644b5b9716f1

                              SHA1

                              8bcd8769c792f146bea81b7ca168f84bd69b0185

                              SHA256

                              bd60094da85542c3b45050b2bed5fdc04965333e34a039006bf7bf7608370f13

                              SHA512

                              3edc7d13ae0f5653671239100f4e26e1d9048a87a7670032e0ad3867c41ee92128fac2ca9f6e162450bf08fbe86abfad3b7154717c4738f90165f92ee35bf306

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                              Filesize

                              3KB

                              MD5

                              26d768492ee243444573bad567271b36

                              SHA1

                              52fba21eea2bfb4c49e307cfc0f00831e9c716e5

                              SHA256

                              0cbfa3f15308213ad7a53a5893097705fb3555ab4eecf4e0f5cbe6f604a71cc2

                              SHA512

                              403eb153a1f9cc706def310840af4ed317d7f95563eeba95415dd0939845ed17322dffcfaf9f7cb3c9bc2275a997ea56ac5ed299782618835fd57cfa1e5e47a3

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                              Filesize

                              3KB

                              MD5

                              2ca3b7f193974fffc55e5c0ac962b36a

                              SHA1

                              1bdf83831eab02153147e6ffb27061b8cb48aba3

                              SHA256

                              3f80a9283821d099fd58c3ebc1aa16d6d0e5d7b7bad1a6fcd115a682b887e85b

                              SHA512

                              2d0dfd4573e1f38caba9ed6343dec61f251ee86bc3473cb0b6cf000678809a5acc36e95b344736087e682ede1ae8316dcf1ae5beb020be66b70a9f2dfe79b11a

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                              Filesize

                              874B

                              MD5

                              540e11418956f52d3f54d7edf749b9e7

                              SHA1

                              7553f4bb11a4e511abce1a65a93b6b68b3541de9

                              SHA256

                              78f0fd3cfbe2c1a2d95dc2fa23eb3f9e7d9895c8a048bb4b87bee07219ccfe6e

                              SHA512

                              4bdaa89ebf45ef229df158edaf8900d0abd868b0b472b6f82a1f119ca03056f0b250d6efb676728b202b324cb01407971899858f606b01230b219428f6ce4aea

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                              Filesize

                              874B

                              MD5

                              a942b06174a100409ca8cbe36bf58bc6

                              SHA1

                              bbf0e095aa5b0074f8c62da2e856f39866ba97ff

                              SHA256

                              295b6df3ae2f026bf5f623349e4148ebdcbee401724c73f027ccd7319b3feb5b

                              SHA512

                              c82f312a31a25610ba4810cf3bc4cdaa69fe862401a966ad0a26ec4faec7b477931e3397d7b7b4bd49c63c89e4707b2414a91cb1a737edb507b0af90ee7866df

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              5KB

                              MD5

                              48e0a77fd76a2464fed0f81aa93d2a03

                              SHA1

                              7fcc403b5acbcd00223b1486a21593c1c0517198

                              SHA256

                              a244863219295b6f7ce8eaef8fe980f8a442663a9ff02457ea5bef7bf858d58c

                              SHA512

                              85b12029fdd00a89dbfbefc6a999e4c43669da6c0f5118a813512f1d5058966b8b37365354b2ee86e46c7f326f39208dc7e73b618df85676a14bcc43b5b6354c

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              1c546ddb919156d79ef1adb0202417fa

                              SHA1

                              09c4c113ae547cc7c539cf27c89cd0708498bf94

                              SHA256

                              a78aa39d25f623fc1c6ad540261671b567fb4bb39701e945217510ef730a4cf3

                              SHA512

                              8bc2769dd8cc1edb209fb0d1a7af97a29842a9ed11789e7cfbe44eec9dae88b2de24f972068afaf69b81a055d0423b162a36b44a9d5b7a86ebe49523901a4fad

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              2e21bf3faf6d325d776bb97fba09dcd1

                              SHA1

                              ddb27310f511b38de421e47b2a29542658312e28

                              SHA256

                              4f547d1afbedbd9a753be06898261fd999b61fff9b57e47703ecba53612b6bff

                              SHA512

                              83e18a21ca51b20271c9682df2b28e9acb0bcd52cb5064b4a4c2205d1e5f43a30b14af3ed3173742eab64aae456f6d546561349f6b7274f868f091fa41cb8263

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              101KB

                              MD5

                              24bd4ba0f4f110b4061d0303094f7241

                              SHA1

                              0f61572ab86eb921cf08ca0746b28b087f3ece89

                              SHA256

                              fe1a0185ee7958a69fbeec98948880ac75fa2d0ffece5baac200147d495e479e

                              SHA512

                              2577286cbe740795261a3cd7eda69290e779f54c54f7b1d7b41820eb1e4b95147e5d028bfa59185422a1a3dd064b62345136a70d5e6416be4fc5f99491ffd855

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              101KB

                              MD5

                              6c0223d33ccde642588900eb0cf3c1e8

                              SHA1

                              68a70294c39ef05ea9fa239bb27e37153e35848a

                              SHA256

                              fc912b7df1b6350c7ba7038e1d2987b27376465f621a1b4acfeb220f899aef6b

                              SHA512

                              aefa37f8d30988b7150065a8a1963215c7be1035a6105de51ce56dbac59b5b9e56ca257c061a90c976d6e19579ada0b76a8e4af4fd5b5e06024eb0271229ebee

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                              Filesize

                              100KB

                              MD5

                              88145e5b3fc574620c5a2ddfbd391ef1

                              SHA1

                              f91f435e5a5f2dac77bf07800fb7ee8175db22a1

                              SHA256

                              e4149bc7d56fd05eef344263e4dc394c1f0e144ab57a015e8d303473dca2105e

                              SHA512

                              e625045a166b51270f59dc7c97ea96de170ca5bfb7c1ab4507e1d428f4cb9c84ad7c3a9987131eb8478a0acccf9a98f26eb4180078354db7724232d03d39f696

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5839c8.TMP

                              Filesize

                              93KB

                              MD5

                              6014d50ecc8295b6c8c17ed149b28d03

                              SHA1

                              a25d1636199f7062f9bb0baa043d93776e1b00b4

                              SHA256

                              3914fe1d1c2dba14fdb279a4a9503c87dec4d9e0c25f2a53d85f281dd0a10433

                              SHA512

                              9145276c7c545cb4d003b067c6ce16f3216536428bdb7979b42cff679b380172edacc8add8e43f68ed4e01c170ac674de640f3026a10dbc77b8bfb72c1ef0c66

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                              Filesize

                              2B

                              MD5

                              99914b932bd37a50b983c5e7c90ae93b

                              SHA1

                              bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                              SHA256

                              44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                              SHA512

                              27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                            • C:\Users\Admin\AppData\Local\Temp\645ed896

                              Filesize

                              638KB

                              MD5

                              4ff968b94e2333a2a6b499a65b35c692

                              SHA1

                              dee1754d3e3dcd14e3e54122ea8f5645314cf33e

                              SHA256

                              2ded06f0416b20583df427adfe397b6dfef076495d18ed70942c2a063432d747

                              SHA512

                              06ca5de0e5bfdaee3531cdf97af9afbf1408db2dfe2923787d7a482a577605bf49577fdc473602815231da9e37ff25126de9f8d8eacb7d5d860b18d861ec9a35

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1).REV

                              Filesize

                              2.4MB

                              MD5

                              d8ff32ee6e89ca9c339fb56eb9d3b4aa

                              SHA1

                              1a7996cd29bbd049b0dcc9812d105ffe7e62a99d

                              SHA256

                              590a2d91dfbf289c72ce763f7235c04f3473f16d17d581889ec4e3994ba253e1

                              SHA512

                              047bfa0c521f26efc924fd617ea107523b779984d4b34808141dab08775cb68a39ad96156e6de67d78c7f7a9ed245a0c2f43b4958b2c9a5a1eddc9da060ade0a

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\5 NOTIFICACION DEMANDA..exe

                              Filesize

                              658KB

                              MD5

                              ab63396cb0774ac41107b7b112f81d5a

                              SHA1

                              f5dc67429147e886b01413472496576a2ee34075

                              SHA256

                              9a43c57f3e98bd69789e8ccbeef2c1b6b5a3b1d06d63257bb4bd58dffa23689d

                              SHA512

                              2121961ae2b154ba941af6937d0522505ec7e323094fb2edc7058194ae958bcf866bbbc7842924236b8635917800d0708eaabff6112f131f496189bb6e021699

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\5 NOTIFICACION DEMANDA..exe

                              Filesize

                              658KB

                              MD5

                              ab63396cb0774ac41107b7b112f81d5a

                              SHA1

                              f5dc67429147e886b01413472496576a2ee34075

                              SHA256

                              9a43c57f3e98bd69789e8ccbeef2c1b6b5a3b1d06d63257bb4bd58dffa23689d

                              SHA512

                              2121961ae2b154ba941af6937d0522505ec7e323094fb2edc7058194ae958bcf866bbbc7842924236b8635917800d0708eaabff6112f131f496189bb6e021699

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\MSVCP140.dll

                              Filesize

                              613KB

                              MD5

                              c1b066f9e3e2f3a6785161a8c7e0346a

                              SHA1

                              8b3b943e79c40bc81fdac1e038a276d034bbe812

                              SHA256

                              99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd

                              SHA512

                              36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\VCRUNTIME140.dll

                              Filesize

                              83KB

                              MD5

                              1453290db80241683288f33e6dd5e80e

                              SHA1

                              29fb9af50458df43ef40bfc8f0f516d0c0a106fd

                              SHA256

                              2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c

                              SHA512

                              4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\api-ms-win-core-file-l1-2-0.dll

                              Filesize

                              18KB

                              MD5

                              49c3ffd47257dbcb67a6be9ee112ba7f

                              SHA1

                              04669214375b25e2dc8a3635484e6eeb206bc4eb

                              SHA256

                              322d963d2a2aefd784e99697c59d494853d69bed8efd4b445f59292930a6b165

                              SHA512

                              bda5e6c669b04aaed89538a982ef430cef389237c6c1d670819a22b2a20bf3c22aef5cb4e73ef7837cbbd89d870693899f97cb538122059c885f4b19b7860a98

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\api-ms-win-core-file-l2-1-0.dll

                              Filesize

                              18KB

                              MD5

                              bfffa7117fd9b1622c66d949bac3f1d7

                              SHA1

                              402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2

                              SHA256

                              1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e

                              SHA512

                              b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\api-ms-win-core-localization-l1-2-0.dll

                              Filesize

                              20KB

                              MD5

                              588bd2a8e0152e0918742c1a69038f1d

                              SHA1

                              9874398548891f6a08fc06437996f84eb7495783

                              SHA256

                              a07cc878ab5595aacd4ab229a6794513f897bd7ad14bcec353793379146b2094

                              SHA512

                              32ffe64c697f94c4db641ab3e20b0f522cf3eba9863164f1f6271d2f32529250292a16be95f32d852480bd1b59b8b0554c1e7fd7c7a336f56c048f4f56e4d62f

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\api-ms-win-core-processthreads-l1-1-1.dll

                              Filesize

                              18KB

                              MD5

                              d699333637db92d319661286df7cc39e

                              SHA1

                              0bffb9ed366853e7019452644d26e8e8f236241b

                              SHA256

                              fe760614903e6d46a1be508dccb65cf6929d792a1db2c365fc937f2a8a240504

                              SHA512

                              6fa9ff0e45f803faf3eb9908e810a492f6f971cb96d58c06f408980ab40cba138b52d853aa0e3c68474053690dfafa1817f4b4c8fb728d613696b6c516fa0f51

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\api-ms-win-core-synch-l1-2-0.dll

                              Filesize

                              18KB

                              MD5

                              47388f3966e732706054fe3d530ed0dc

                              SHA1

                              a9aebbbb73b7b846b051325d7572f2398f5986ee

                              SHA256

                              59c14541107f5f2b94bbf8686efee862d20114bcc9828d279de7bf664d721132

                              SHA512

                              cce1fc5bcf0951b6a76d456249997b427735e874b650e5b50b3d278621bf99e39c4fc7fee081330f20762f797be1b1c048cb057967ec7699c9546657b3e248ee

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\api-ms-win-core-timezone-l1-1-0.dll

                              Filesize

                              18KB

                              MD5

                              f62b66f451f2daa8410ad62d453fa0a2

                              SHA1

                              4bf13db65943e708690d6256d7ddd421cc1cc72b

                              SHA256

                              48eb5b52227b6fb5be70cb34009c8da68356b62f3e707db56af957338ba82720

                              SHA512

                              d64c2a72adf40bd451341552e7e6958779de3054b0cf676b876c3ba7b86147aecba051ac08adc0c3bfb2779109f87dca706c43de3ce36e05af0ddee02bbbf419

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\api-ms-win-crt-conio-l1-1-0.dll

                              Filesize

                              19KB

                              MD5

                              6c88d0006cf852f2d8462dfa4e9ca8d1

                              SHA1

                              49002b58cb0df2ee8d868dec335133cf225657df

                              SHA256

                              d5960c7356e8ab97d0ad77738e18c80433da277671a6e89a943c7f7257ff3663

                              SHA512

                              d081843374a43d2e9b33904d4334d49383df04ee7143a8b49600841ece844eff4e8e36b4b5966737ac931ed0350f202270e043f7003bf2748c5418d5e21c2a27

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\api-ms-win-crt-convert-l1-1-0.dll

                              Filesize

                              22KB

                              MD5

                              d53637eab49fe1fe1bd45d12f8e69c1f

                              SHA1

                              c84e41fdcc4ca89a76ae683cb390a9b86500d3ca

                              SHA256

                              83678f181f46fe77f8afe08bfc48aebb0b4154ad45b2efe9bfadc907313f6087

                              SHA512

                              94d43da0e2035220e38e4022c429a9c049d6a355a9cb4695ad4e0e01d6583530917f3b785ea6cd2592fdd7b280b9df95946243e395a60dc58ec0c94627832aeb

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\api-ms-win-crt-environment-l1-1-0.dll

                              Filesize

                              18KB

                              MD5

                              c712515d052a385991d30b9c6afc767f

                              SHA1

                              9a4818897251cacb7fe1c6fe1be3e854985186ad

                              SHA256

                              f7c6c7ea22edd2f8bd07aa5b33cbce862ef1dcdc2226eb130e0018e02ff91dc1

                              SHA512

                              b7d1e22a169c3869aa7c7c749925a031e8bdd94c2531c6ffe9dae3b3cd9a2ee1409ca26824c4e720be859de3d4b2af637dd60308c023b4774d47afe13284dcd2

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\api-ms-win-crt-filesystem-l1-1-0.dll

                              Filesize

                              20KB

                              MD5

                              f0d507de92851a8c0404ac78c383c5cd

                              SHA1

                              78fa03c89ea12ff93fa499c38673039cc2d55d40

                              SHA256

                              610332203d29ab218359e291401bf091bb1db1a6d7ed98ab9a7a9942384b8e27

                              SHA512

                              a65c9129ee07864f568c651800f6366bca5313ba400814792b5cc9aa769c057f357b5055988c414e88a6cd87186b6746724a43848f96a389a13e347ef5064551

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\api-ms-win-crt-heap-l1-1-0.dll

                              Filesize

                              19KB

                              MD5

                              f9e20dd3b07766307fccf463ab26e3ca

                              SHA1

                              60b4cf246c5f414fc1cd12f506c41a1043d473ee

                              SHA256

                              af47aebe065af2f045a19f20ec7e54a6e73c0c3e9a5108a63095a7232b75381a

                              SHA512

                              13c43eee9c93c9f252087cb397ff2d6b087b1dc92a47ba5493297f080e91b7c39ee5665d6bdc1a80e7320e2b085541fc798a3469b1f249b05dee26bbbb6ab706

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\api-ms-win-crt-locale-l1-1-0.dll

                              Filesize

                              18KB

                              MD5

                              ab206f2943977256ca3a59e5961e3a4f

                              SHA1

                              9c1df49a8dbdc8496ac6057f886f5c17b2c39e3e

                              SHA256

                              b3b6ee98aca14cf5bc9f3bc7897bc23934bf85fc4bc25b7506fe4cd9a767047a

                              SHA512

                              baccc304b091a087b2300c10f6d18be414abb4c1575274c327104aabb5fdf975ba26a86e423fda6befb5d7564effac0c138eb1bad2d2e226131e4963c7aac5bd

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\api-ms-win-crt-math-l1-1-0.dll

                              Filesize

                              27KB

                              MD5

                              4dd7a61590d07500704e7e775255cb00

                              SHA1

                              8b35ec4676bd96c2c4508dc5f98ca471b22deed7

                              SHA256

                              a25d0654deb0cea1aef189ba2174d0f13bdf52f098d3a9ec36d15e4bfb30c499

                              SHA512

                              1086801260624cf395bf971c9fd671abddcd441ccc6a6eac55f277ccfbab752c82cb1709c8140de7b4b977397a31da6c9c8b693ae92264eb23960c8b1e0993bd

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\api-ms-win-crt-multibyte-l1-1-0.dll

                              Filesize

                              26KB

                              MD5

                              4e033cfee32edf6be7847e80a5114894

                              SHA1

                              91eef52c557aefd0fde27e8df4e3c3b7f99862f2

                              SHA256

                              dff24441df89a02dde1cd984e4d3820845bafdff105458ed10d510126117115b

                              SHA512

                              e1f3d98959d68ef3d7e86ac4cb3dbdf92a34fcfd1bf0e0db45db66c65af0162ab02926dc5d98c6fc4a759a6010026ee26a9021c67c0190da941a04b783055318

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\api-ms-win-crt-private-l1-1-0.dll

                              Filesize

                              69KB

                              MD5

                              50740f0bc326f0637c4166698298d218

                              SHA1

                              0c33cfe40edd278a692c2e73e941184fd24286d9

                              SHA256

                              adbb658dd1cbecaca7cc1322b51976f30b36ccf0a751f3bad1f29d350b192c9c

                              SHA512

                              f1331ab1d52fb681f51546168e9736e2f6163e0706955e85ac9e4544d575d50e6eacd90ea3e49cb8b69da34fe0b621b04661f0b6f09f7ce8ceca50308c263d03

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\api-ms-win-crt-process-l1-1-0.dll

                              Filesize

                              19KB

                              MD5

                              595d79870970565be93db076afbe73b5

                              SHA1

                              ec96f7beeaec14d3b6c437b97b4a18a365534b9b

                              SHA256

                              fc50a37acc35345c99344042d7212a4ae88aa52a894cda3dcb9f6db46d852558

                              SHA512

                              152849840a584737858fc5e15f0d7802786e823a13ec5a9fc30ee032c7681deaf11c93a8cffead82dc5f73f0cd6f517f1e83b56d61d0e770cbb20e1cfff22840

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\api-ms-win-crt-runtime-l1-1-0.dll

                              Filesize

                              22KB

                              MD5

                              8b9b0d1c8b0e9d4b576d42c66980977a

                              SHA1

                              a19acefa3f95d1b565650fdbc40ef98c793358e9

                              SHA256

                              371a44ab91614a8c26d159beb872a7b43f569cb5fac8ada99ace98f264a3b503

                              SHA512

                              4b1c5730a17118b7065fada3b36944fe4e0260f77676b84453ee5042f6f952a51fd99debca835066a6d5a61ba1c5e17247551340dd02d777a44bc1cae84e6b5f

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\api-ms-win-crt-stdio-l1-1-0.dll

                              Filesize

                              24KB

                              MD5

                              76e0a89c91a28cf7657779d998e679e5

                              SHA1

                              982b5da1c1f5b9d74af6243885bcba605d54df8c

                              SHA256

                              0189cbd84dea035763a7e52225e0f1a7dcec402734885413add324bffe688577

                              SHA512

                              d75d8798ea3c23b3998e8c3f19d0243a0c3a3262cffd8bcee0f0f0b75f0e990c9ce6644150d458e5702a8aa51b202734f7a9161e795f8121f061139ad2ea454f

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\api-ms-win-crt-string-l1-1-0.dll

                              Filesize

                              24KB

                              MD5

                              96da689947c6e215a009b9c1eca5aec2

                              SHA1

                              7f389e6f2d6e5beb2a3baf622a0c0ea24bc4de60

                              SHA256

                              885309eb86dccd8e234ba05e13fe0bf59ab3db388ebfbf6b4fd6162d8e287e82

                              SHA512

                              8e86fa66a939ff3274c2147463899df575030a575c8f01573c554b760a53b339127d0d967c8cf1d315428e16e470fa1cc9c2150bb40e9b980d4ebf32e226ee89

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\api-ms-win-crt-time-l1-1-0.dll

                              Filesize

                              20KB

                              MD5

                              6b33b34888ccecca636971fbea5e3de0

                              SHA1

                              ee815a158baacb357d9e074c0755b6f6c286b625

                              SHA256

                              00ac02d39b7b16406850e02ca4a6101f45d6f7b4397cc9e069f2ce800b8500b9

                              SHA512

                              f52a2141f34f93b45b90eb3bbcdb64871741f2bd5fed22eaaf35e90661e8a59eba7878524e30646206fc73920a188c070a38da9245e888c52d25e36980b35165

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\api-ms-win-crt-utility-l1-1-0.dll

                              Filesize

                              18KB

                              MD5

                              54f27114eb0fda1588362bb6b5567979

                              SHA1

                              eaa07829d012206ac55fb1af5cc6a35f341d22be

                              SHA256

                              984306a3547be2f48483d68d0466b21dda9db4be304bedc9ffdb953c26cac5a1

                              SHA512

                              18d2bdce558655f2088918241efdf9297dfe4a14a5d8d9c5be539334ae26a933b35543c9071cedada5a1bb7c2b20238e9d012e64eb5bbf24d0f6b0b726c0329d

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\mozglue.dll

                              Filesize

                              685KB

                              MD5

                              f3568835711b29526cff9d2b5772d393

                              SHA1

                              9ab6169f4efaff82c86591146e9860cdb6816254

                              SHA256

                              b30f6a17599c0388912489b0f765225b5702e48cd119a9c93a4b51a2b40c2f1b

                              SHA512

                              2b527df17e70802e1abb9b0e994fc9354c0cd3e5b5006df4959b392b705c051af970c44069d87806fe688cee8fabcd0cc4ebfba444ec5212f5e4db157fea5d2f

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\nss3.dll

                              Filesize

                              2.2MB

                              MD5

                              dd87bcbb754462741a0b6b8e07c005ce

                              SHA1

                              3e7bb8c6710ea8df75bfdf503df72f17d24415a1

                              SHA256

                              4ab142e01ce596acd43d114bdfb11700b87ecee8c01ca892ac0547c95ca7d49c

                              SHA512

                              fbbb82732dc4df0f5e4e6cc88d64323f10b23e8f173db59f68c12e88ecb0d4d450b671eb9872b9762d24d15bbc03a9d23ab8cf5dbf1b7bc384655deae73ab348

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\sarape.txt

                              Filesize

                              468KB

                              MD5

                              26772ff399dab9ec9e07993a532715a7

                              SHA1

                              9b986bfc9c7d13a0ed26f05caa369ca0d80d542e

                              SHA256

                              9c4595789eaf76c8a06170a162decb3e7e9c484e264d211f717f43322dcbab85

                              SHA512

                              0675ff91428534cf3fc5fd2a4c500294b8d0df7a1a03c9cd92c5c1aca10ca9f41d41c91fe034628378ddc2eb892d41af9d7f0de5b96ffaaf6cd661dec1d562f0

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\ucrtbase.dll

                              Filesize

                              992KB

                              MD5

                              0e0bac3d1dcc1833eae4e3e4cf83c4ef

                              SHA1

                              4189f4459c54e69c6d3155a82524bda7549a75a6

                              SHA256

                              8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

                              SHA512

                              a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

                            • C:\Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\vcruntime140_1.dll

                              Filesize

                              36KB

                              MD5

                              135359d350f72ad4bf716b764d39e749

                              SHA1

                              2e59d9bbcce356f0fece56c9c4917a5cacec63d7

                              SHA256

                              34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32

                              SHA512

                              cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

                            • \Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\mozglue.dll

                              Filesize

                              685KB

                              MD5

                              f3568835711b29526cff9d2b5772d393

                              SHA1

                              9ab6169f4efaff82c86591146e9860cdb6816254

                              SHA256

                              b30f6a17599c0388912489b0f765225b5702e48cd119a9c93a4b51a2b40c2f1b

                              SHA512

                              2b527df17e70802e1abb9b0e994fc9354c0cd3e5b5006df4959b392b705c051af970c44069d87806fe688cee8fabcd0cc4ebfba444ec5212f5e4db157fea5d2f

                            • \Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\msvcp140.dll

                              Filesize

                              613KB

                              MD5

                              c1b066f9e3e2f3a6785161a8c7e0346a

                              SHA1

                              8b3b943e79c40bc81fdac1e038a276d034bbe812

                              SHA256

                              99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd

                              SHA512

                              36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

                            • \Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\msvcp140.dll

                              Filesize

                              613KB

                              MD5

                              c1b066f9e3e2f3a6785161a8c7e0346a

                              SHA1

                              8b3b943e79c40bc81fdac1e038a276d034bbe812

                              SHA256

                              99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd

                              SHA512

                              36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

                            • \Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\vcruntime140.dll

                              Filesize

                              83KB

                              MD5

                              1453290db80241683288f33e6dd5e80e

                              SHA1

                              29fb9af50458df43ef40bfc8f0f516d0c0a106fd

                              SHA256

                              2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c

                              SHA512

                              4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

                            • \Users\Admin\Downloads\5 NOTIFICACION DEMANDA (1)\5 NOTIFICACION DEMANDA\vcruntime140.dll

                              Filesize

                              83KB

                              MD5

                              1453290db80241683288f33e6dd5e80e

                              SHA1

                              29fb9af50458df43ef40bfc8f0f516d0c0a106fd

                              SHA256

                              2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c

                              SHA512

                              4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

                            • memory/1468-280-0x0000000074670000-0x00000000747EB000-memory.dmp

                              Filesize

                              1.5MB

                            • memory/1468-275-0x00007FFC91A10000-0x00007FFC91BEB000-memory.dmp

                              Filesize

                              1.9MB

                            • memory/1468-281-0x0000000074670000-0x00000000747EB000-memory.dmp

                              Filesize

                              1.5MB

                            • memory/1468-284-0x0000000074670000-0x00000000747EB000-memory.dmp

                              Filesize

                              1.5MB

                            • memory/3688-218-0x00007FFC73A70000-0x00007FFC73BDA000-memory.dmp

                              Filesize

                              1.4MB

                            • memory/3688-271-0x00007FFC73A70000-0x00007FFC73BDA000-memory.dmp

                              Filesize

                              1.4MB

                            • memory/3688-272-0x00007FFC73A70000-0x00007FFC73BDA000-memory.dmp

                              Filesize

                              1.4MB

                            • memory/4228-296-0x0000000000740000-0x0000000000756000-memory.dmp

                              Filesize

                              88KB

                            • memory/4228-297-0x0000000072870000-0x0000000072F5E000-memory.dmp

                              Filesize

                              6.9MB

                            • memory/4228-298-0x0000000004F80000-0x0000000004F90000-memory.dmp

                              Filesize

                              64KB

                            • memory/4228-299-0x0000000005800000-0x0000000005CFE000-memory.dmp

                              Filesize

                              5.0MB

                            • memory/4228-300-0x00000000054E0000-0x0000000005572000-memory.dmp

                              Filesize

                              584KB

                            • memory/4228-301-0x00000000054B0000-0x00000000054BA000-memory.dmp

                              Filesize

                              40KB

                            • memory/4228-302-0x0000000072870000-0x0000000072F5E000-memory.dmp

                              Filesize

                              6.9MB

                            • memory/4228-303-0x0000000004F80000-0x0000000004F90000-memory.dmp

                              Filesize

                              64KB

                            • memory/4228-283-0x0000000073050000-0x00000000743D3000-memory.dmp

                              Filesize

                              19.5MB