Malware Analysis Report

2025-01-02 12:14

Sample ID 240418-jcn1wseh34
Target https://drive.google.com/file/d/17fjzK6t0kbqjMVKzP7rb5zRX7N8GeMUl/view?usp=drive_web
Tags
asyncrat default rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://drive.google.com/file/d/17fjzK6t0kbqjMVKzP7rb5zRX7N8GeMUl/view?usp=drive_web was found to be: Known bad.

Malicious Activity Summary

asyncrat default rat

AsyncRat

Loads dropped DLL

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

Drops file in Windows directory

Uses Task Scheduler COM API

Suspicious behavior: MapViewOfSection

Enumerates system info in registry

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Volume Shadow Copy WMI provider

Uses Volume Shadow Copy service COM API

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: AddClipboardFormatListener

Checks processor information in registry

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-18 07:31

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-18 07:31

Reported

2024-04-18 07:35

Platform

win10v2004-20240412-es

Max time kernel

211s

Max time network

212s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/17fjzK6t0kbqjMVKzP7rb5zRX7N8GeMUl/view?usp=drive_web

Signatures

AsyncRat

rat asyncrat

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\CITACION DEMANDA JUZGADO 001 CIVIL DEL CIRCUITO\001-CITACION DEMANDA.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A drive.google.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3744 set thread context of 560 N/A C:\Users\Admin\Downloads\CITACION DEMANDA JUZGADO 001 CIVIL DEL CIRCUITO\001-CITACION DEMANDA.exe C:\Windows\SysWOW64\cmd.exe
PID 560 set thread context of 3124 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\Browserfm_x64.job C:\Windows\SysWOW64\cmd.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133578991098944887" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\sql_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\sql_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\sql_auto_file C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\sql_auto_file\shell\edit C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\sql_auto_file\shell\edit\command C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\sql_auto_file\shell\open C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\sql_auto_file\shell\open\command C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\.sql C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\.sql\ = "sql_auto_file" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\sql_auto_file\shell C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\CITACION DEMANDA JUZGADO 001 CIVIL DEL CIRCUITO\001-CITACION DEMANDA.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2948 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2948 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/17fjzK6t0kbqjMVKzP7rb5zRX7N8GeMUl/view?usp=drive_web

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbe05ab58,0x7ffbbe05ab68,0x7ffbbe05ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1952,i,12829963019781514275,6144342236982654750,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1952,i,12829963019781514275,6144342236982654750,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2260 --field-trial-handle=1952,i,12829963019781514275,6144342236982654750,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1952,i,12829963019781514275,6144342236982654750,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1952,i,12829963019781514275,6144342236982654750,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4124 --field-trial-handle=1952,i,12829963019781514275,6144342236982654750,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4164 --field-trial-handle=1952,i,12829963019781514275,6144342236982654750,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1952,i,12829963019781514275,6144342236982654750,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3552 --field-trial-handle=1952,i,12829963019781514275,6144342236982654750,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4860 --field-trial-handle=1952,i,12829963019781514275,6144342236982654750,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 --field-trial-handle=1952,i,12829963019781514275,6144342236982654750,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1952,i,12829963019781514275,6144342236982654750,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1952,i,12829963019781514275,6144342236982654750,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1952,i,12829963019781514275,6144342236982654750,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1952,i,12829963019781514275,6144342236982654750,131072 /prefetch:8

C:\Windows\system32\notepad.exe

"C:\Windows\system32\notepad.exe"

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\CITACION DEMANDA JUZGADO 001 CIVIL DEL CIRCUITO\" -spe -an -ai#7zMap2205:156:7zEvent15854

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE

"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\Downloads\CITACION DEMANDA JUZGADO 001 CIVIL DEL CIRCUITO\blimp.pptx" /ou ""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1908 --field-trial-handle=1952,i,12829963019781514275,6144342236982654750,131072 /prefetch:2

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\CITACION DEMANDA JUZGADO 001 CIVIL DEL CIRCUITO\trial.sql

C:\Users\Admin\Downloads\CITACION DEMANDA JUZGADO 001 CIVIL DEL CIRCUITO\001-CITACION DEMANDA.exe

"C:\Users\Admin\Downloads\CITACION DEMANDA JUZGADO 001 CIVIL DEL CIRCUITO\001-CITACION DEMANDA.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 drive.google.com udp
GB 142.250.187.238:443 drive.google.com tcp
GB 142.250.187.238:443 drive.google.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com udp
GB 142.250.187.238:443 drive.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.79.84:443 accounts.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
GB 142.250.179.238:443 play.google.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 content.googleapis.com udp
US 8.8.8.8:53 blobcomments-pa.clients6.google.com udp
GB 216.58.204.74:443 blobcomments-pa.clients6.google.com tcp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 84.79.194.173.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 216.58.204.74:443 content-autofill.googleapis.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 peoplestackwebexperiments-pa.clients6.google.com udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 17.143.109.104.in-addr.arpa udp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.48.227:443 beacons.gcp.gvt2.com tcp
US 192.178.48.227:443 beacons.gcp.gvt2.com tcp
NL 173.194.79.84:443 accounts.google.com udp
NL 173.194.79.84:443 accounts.google.com tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 227.48.178.192.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 192.178.48.227:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 46.28.109.52.in-addr.arpa udp
US 8.8.8.8:53 31.73.42.20.in-addr.arpa udp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 accounts.google.com udp
US 192.178.48.227:443 beacons.gcp.gvt2.com udp
NL 173.194.79.84:443 accounts.google.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 melo2024.kozow.com udp
US 104.156.247.38:8000 melo2024.kozow.com tcp

Files

\??\pipe\crashpad_2948_RDJERAMQUUGNODHM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 eb712f0619d9da24e68cc891bac90c6d
SHA1 3727023bc642e1695c2838859ce4f11a3ffa3719
SHA256 be441d76d382b48b2c95cd0e522667e8c359f763c32bd67cad99926129f3b787
SHA512 bbe819df7512b3d7dde26f19e146dbb9678310d56dd1c5d5e4eade90e853aa3362ab9da4330e6bcb703bef6180882c561de4c52816bd0d12d7d40f666305315d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3c8d5f441797adbf127ed7fba652e523
SHA1 f35c87cf26b2a75fc5f7a2d59fe43af9dedc4e3f
SHA256 113016f5a3b921db97ee4a1364cdb0f6fb929df2212bab9f26bd48c291f5b5b8
SHA512 f3a4c7b50cdea3012d5432dc48f204c316ec648109c81c74d06a09bec82c0577d756eb5e8ab73ad4f961e8955dd6436f3043537525f64c5057f7742161091a86

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7816fbdda035d30e2322aa7f2aaae56f
SHA1 de3ee4a34374981d7f310eb182b94725ec370940
SHA256 e7165d9ba78fdc1cdde60e85d1540b84a824db8e6f10fc6c12a7c377a4145a35
SHA512 8e48af78363544295d5ff3d770dc14cffd31e09324d95e00fb3123a43adf8d6e696dad76dc04ec46d59d60fc6faff8bafde10987c18f01b3e7336efd5bee53e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d95b1d3b32165f2628ce652fadce7309
SHA1 0c14749656c55c191c46ca2d00620f44e3be3341
SHA256 c0f5183702e11feeb41b1ae72bdd7e4e0da5194bd1f98808778328304d947feb
SHA512 2b88aa8ddef678569afc30f422b835b161f6451c25cd66ec6dc889f469e86cd0f545a6fd238a6782465accbbd937159ee6afb5f6c37be613cbffb7f6ed1cfcfa

C:\Users\Admin\Downloads\CITACION DEMANDA JUZGADO 001 CIVIL DEL CIRCUITO.zip.crdownload

MD5 510200d1c432d6d0538fd1d005b23fee
SHA1 943259ce65d69786ed189aaa3a16c6d13ce9bfa0
SHA256 723d4ca18ecd4846b847d0d9ff11296a71b7d59a759ff173e6e28ff99762d41d
SHA512 5fb7c424d2b16c90e7214e9419e31ea57ee296fd53ea871cf286d8729866ce6608b81f282fc1a02f15ce42a899eca854f1c320c0556ae1a3b8870af5e597d3b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f871cbf100017eab1370c0369453c01f
SHA1 54bf0b220e18b9146fdf5d4925da0832f6bf2113
SHA256 efacfb8db64d52b648298cbf7ceeb62be0f69f8bbdea76c4d4c38cfbe8ac9b6f
SHA512 a81db97e2497a25ecb55d67b7f4246a497571fca9fec964c22f85484aa33d64eabd4b78d84e05951e1ed36641d4e1540bb90762d0333de2a84f46edef897fd02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 601980585af64f731c151e8fa1543ec2
SHA1 5d2885dc98a9edf301ad4d3cc44f80dc39022486
SHA256 b8a01cd742e7ef6c96270d8b18d0e64805a5fe2b83c9351cc620c942834272e3
SHA512 57f0957d8de3eea99e8944100b220d6e9e66e680aeee6087d0a615b1571d58396292c2038e6551fbc69bb219767f9ec8bb68e51713af54583fda14d25884f378

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 71282c9e47da90548dba27f964ee32aa
SHA1 5179d9e3993628f7963a9237df6588fa3c25e189
SHA256 f2e0bef6114ca0e039ac0b96d5bd0af3c1483e959101efd0820a4d73229f1833
SHA512 367e5642e3fb9eea0fa62415a87371319007838c5eefff8de12a7ede81b6bc78ac3c15c6bad810f7da251931ca65507525ea595ebc919e5d209536b93be236fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 92f8a2f30f122c9dc6bedbd7c46673be
SHA1 d42e1d579ffe70ada666734629fc37874deb480c
SHA256 308cb549b01f7d0ddb5585f8e8cd827472cb01ed0dbdcfd4e480dd84bbb593ff
SHA512 f45cd8e51f01bd5f9dcc07d5dfccb87bb29ac39df033485157ab8bf9cf73378cda5f2ef48e15ba1be9d321b96919e538335d67619b2549f3d611e735056c1909

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e8ba.TMP

MD5 837de3dc0b7c8131810d1bc1a308fbc3
SHA1 8cf0137c1593755684193fa3569fd9502585691d
SHA256 cc93aba33a2cffee28ea9ac4e9c066b2755acbedcabc52e36aa57c6a7309ec91
SHA512 87fa0f3f9edac3224e2533d1c364a31e33a00d3a8a1bb487cbbbd550b3abdd7d1a0582a2198c7709381be590e9830f17483c0db0cefc7bdb89705cdd14d1eb00

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 f53c90648e71f3c0f5f7eca8123cf608
SHA1 7f89137866bf01223e286419aa958bda10ba39ec
SHA256 a2dc6583fe7a2c4a290281932b6518243fb9469b1dd0ef30205236d976f6f8a0
SHA512 578a330da541ff1075cb9684588ec418b8c2735970c7e0bdb5a671f6457ffac79bf0251bde0eb08876795fabe3b8628edc4c9bc7d1a2e1a5acef2239294f9f14

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 a759e29b27e3f4f3c2479afac0a37d0f
SHA1 ca48c640944744a9458076edc55990ce67fe4404
SHA256 1f35f0eb064db1a8daeddc481123e9b568bc61a09af9d21a11aca7724efabf73
SHA512 a9dbf4ee3b5d9b5ccea3f558bab63c821ab25988d14b34d5b8011703e30ebd0febbf7ac00ffc60147a6e463984a7771245573cb11b296ca89218e8cc5de45ee5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 78120f1d8d952e1b63a299040076e42b
SHA1 6f6e4dbe771dc4893e1c5eb1ecfe9d7429f08dbc
SHA256 a0c6e5ffc68420bef5ca8bf4bd3e9bc74e47237aadca03f647b949e2eb54b181
SHA512 661510ed6bd20158bd9fba12f7b9b8ab62b6ac3a71fbbc49bda9b9c54c27ff1b438655c735998a86d82770524332de09792b5f1c08ee212cf896ee7101814ade

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 235f7caf989577847fedcfdcb189024d
SHA1 839d2e403ea265754596526f2df650cea62781e5
SHA256 0186f6da322b0c892898b6496151d5c9a7a86249c75a23f32a6a08b116600416
SHA512 345868536d0c4f5d8c2fc9f66a762efa57a7ee9be62048b0588d50e1c630f628b45edaca297e21156175f48e9e5b55217cd9c44d91b574ac973e9a2414785bd1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 411debe47381020de1415374927b899c
SHA1 c85574779a1e9a8119a6cb68546b2f33e8d17960
SHA256 a946135027f200cb65686754c7e94fcd8fe3f060a8dcf531086c5d8da2cd68b6
SHA512 e0d3551196a8a3e2c49751131991c29940e71978fd33417b51a0760b2daa246313e48b1078261c4dcacce39e16e5d06956e8a028f0ffca312ecbf06406cecf90

memory/4800-262-0x00007FFB8D450000-0x00007FFB8D460000-memory.dmp

memory/4800-263-0x00007FFB8D450000-0x00007FFB8D460000-memory.dmp

memory/4800-265-0x00007FFB8D450000-0x00007FFB8D460000-memory.dmp

memory/4800-264-0x00007FFBCD3D0000-0x00007FFBCD5C5000-memory.dmp

memory/4800-268-0x00007FFBCD3D0000-0x00007FFBCD5C5000-memory.dmp

memory/4800-267-0x00007FFB8D450000-0x00007FFB8D460000-memory.dmp

memory/4800-266-0x00007FFBCD3D0000-0x00007FFBCD5C5000-memory.dmp

memory/4800-269-0x00007FFB8D450000-0x00007FFB8D460000-memory.dmp

memory/4800-270-0x00007FFBCD3D0000-0x00007FFBCD5C5000-memory.dmp

memory/4800-271-0x00007FFBCD3D0000-0x00007FFBCD5C5000-memory.dmp

memory/4800-272-0x00007FFBCD3D0000-0x00007FFBCD5C5000-memory.dmp

memory/4800-274-0x00007FFB8B1E0000-0x00007FFB8B1F0000-memory.dmp

memory/4800-273-0x00007FFBCD3D0000-0x00007FFBCD5C5000-memory.dmp

memory/4800-275-0x00007FFBCD3D0000-0x00007FFBCD5C5000-memory.dmp

memory/4800-276-0x00007FFBCD3D0000-0x00007FFBCD5C5000-memory.dmp

memory/4800-277-0x00007FFBCD3D0000-0x00007FFBCD5C5000-memory.dmp

memory/4800-278-0x00007FFB8B1E0000-0x00007FFB8B1F0000-memory.dmp

memory/4800-279-0x00007FFBCD3D0000-0x00007FFBCD5C5000-memory.dmp

memory/4800-280-0x00007FFBCD3D0000-0x00007FFBCD5C5000-memory.dmp

C:\Users\Admin\Downloads\CITACION DEMANDA JUZGADO 001 CIVIL DEL CIRCUITO\blimp.pptx

MD5 9b0a3c4ac5fbbc54414de7bddb6e4dd7
SHA1 6572ffa4f778a036277516b91ae2544e859d1881
SHA256 9563ff30632d17cdd810d4f51c24a22dabc960c3a1db2ee5f229dcf57cdb9ea9
SHA512 6c1927345ee034fc89d3e4f518c062006d032287d83c4895d74db3c75e2c3024566b1b39cea4df14a3c8e85d1020fa8659d84985069449da0efaa4a48c4b6c6d

memory/4800-309-0x00007FFB8D450000-0x00007FFB8D460000-memory.dmp

memory/4800-310-0x00007FFB8D450000-0x00007FFB8D460000-memory.dmp

memory/4800-312-0x00007FFB8D450000-0x00007FFB8D460000-memory.dmp

memory/4800-311-0x00007FFB8D450000-0x00007FFB8D460000-memory.dmp

memory/4800-313-0x00007FFBCD3D0000-0x00007FFBCD5C5000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1be8b5f56096f08870d6ed930e36d207
SHA1 dce2ab558002b04465e07c858db297c367e029a6
SHA256 aba4ca62b1e083a7fb04e7aa1ef5a4c8fd42cad744cb0bfa58cc8e1dad1129f2
SHA512 06d84910af645d57a0c94aa861c48215b3ca3b1fb5ad894fb885363025e868633249e9d65688eb2a1ef2e7481a6586f5342ad17f84133cee5b3956e17c994b52

C:\Users\Admin\Downloads\CITACION DEMANDA JUZGADO 001 CIVIL DEL CIRCUITO\trial.sql

MD5 b1598a2de01a3fe5f932bb7c07e9de7c
SHA1 6ad9536e53a673812d66ce074319485ed5b72f60
SHA256 d7203568e3230c4b64e86f5f537165de7b539acf4d25805b085c93858b3bd27d
SHA512 d618b5e0220b6e6dd487bdbd6d375cafbc02de1298c31364bcd4891d1b97795cf5a133f529c50a9c5f48003303a8c477d087c635720b25724931c6e3b94a9d08

C:\Users\Admin\Downloads\CITACION DEMANDA JUZGADO 001 CIVIL DEL CIRCUITO\001-CITACION DEMANDA.exe

MD5 a2d70fbab5181a509369d96b682fc641
SHA1 22afcdc180400c4d2b9e5a6db2b8a26bff54dd38
SHA256 8aed681ad8d660257c10d2f0e85ae673184055a341901643f27afc38e5ef8473
SHA512 219c6e7e88004fad9f4392be9a852c58fc43b7f6900e40370991427f37eaea5c18f48d2954f9479dde8bcb787345f4e292d5620add8224aec4d93d7968820b83

C:\Users\Admin\Downloads\CITACION DEMANDA JUZGADO 001 CIVIL DEL CIRCUITO\rtl120.bpl

MD5 adf82ed333fb5567f8097c7235b0e17f
SHA1 e6ccaf016fc45edcdadeb40da64c207ddb33859f
SHA256 d6dd7a4f46f2cfde9c4eb9463b79d5ff90fc690da14672ba1da39708ee1b9b50
SHA512 2253c7b51317a3b5734025b6c7639105dbc81c340703718d679a00c13d40dd74ccaba1f6d04b21ee440f19e82ba680aa4b2a6a75c618aed91bd85a132be9fc92

C:\Users\Admin\Downloads\CITACION DEMANDA JUZGADO 001 CIVIL DEL CIRCUITO\vcl120.bpl

MD5 c594d746ff6c99d140b5e8da97f12fd4
SHA1 f21742707c5f3fee776f98641f36bd755e24a7b0
SHA256 572edb7d630e9b03f93bd15135d2ca360176c1232051293663ec5b75c2428aec
SHA512 33b9902b2cf1154d850779cd012c0285882e158b9d1422c54ea9400ca348686773b6bacb760171060d1a0e620f8ff4a26ecd889dea3c454e8fc5fa59b173832b

C:\Users\Admin\Downloads\CITACION DEMANDA JUZGADO 001 CIVIL DEL CIRCUITO\Register.dll

MD5 666b1dcd5010d1318f5cd86bd805a6b0
SHA1 35e057aff75a4fee0c7845bda46dea0b86a4d831
SHA256 181041b08549687be4b907807bc4610b99bafac419bf401dfbe885d6318bef14
SHA512 7efe011fb8a31c99d3ac7942dc7a4f244dfa56855c08ef4416b3bb3845f81c5f3b186b5d4ef2a63900906c6c2bcc6f8b67f388cca2a1f48448496e9e9ee58ac5

memory/3744-335-0x00000000027E0000-0x00000000028EF000-memory.dmp

memory/3744-336-0x0000000002310000-0x0000000002311000-memory.dmp

memory/3744-337-0x0000000074A50000-0x0000000074BCB000-memory.dmp

memory/3744-338-0x00007FFBCD3D0000-0x00007FFBCD5C5000-memory.dmp

memory/3744-344-0x0000000074A50000-0x0000000074BCB000-memory.dmp

memory/3744-345-0x0000000074A50000-0x0000000074BCB000-memory.dmp

memory/3744-347-0x0000000000400000-0x0000000000421000-memory.dmp

memory/560-350-0x0000000074A50000-0x0000000074BCB000-memory.dmp

memory/3744-351-0x0000000050120000-0x000000005030D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\b5f8bef8

MD5 38b94744e8c085a8c5eb8e68c9261a7c
SHA1 fe921e1659e370a8d8d5feca238d435d8799ef9f
SHA256 d1b04ac3bd0c774d12cc137f08385b31ab3ace83a46e8907889683e6b4cacd10
SHA512 fd3b3aed22e24649627113175a5b6208c6613f8b3d5351296d9047cfecad10173b56546451db90621594acb0cfa9f268154634a853d179b239ca5f46d295f8f0

memory/3744-352-0x00000000027E0000-0x00000000028EF000-memory.dmp

memory/3744-348-0x0000000050000000-0x0000000050116000-memory.dmp

memory/560-353-0x00007FFBCD3D0000-0x00007FFBCD5C5000-memory.dmp

memory/560-354-0x0000000074A50000-0x0000000074BCB000-memory.dmp

memory/560-355-0x0000000074A50000-0x0000000074BCB000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a0483ec1cdadd50599995434eb52b0ec
SHA1 bf1d88b938e8092bf28990731cbc8f9bc0f986db
SHA256 f3a624d398cc80f117b6a5d363a9c225f0acab01abe991672ef450af4ac8ccd6
SHA512 c7430b979c0748a33e59cfdc540461c9682bf2e116a8d6b783dc5c8244e3276c08a7434033c0cd104e69a96c99cb25e915eb181298d1bc9c39909a9dde207c82

memory/560-367-0x0000000074A50000-0x0000000074BCB000-memory.dmp

memory/560-368-0x0000000074A50000-0x0000000074BCB000-memory.dmp

memory/560-371-0x0000000074A50000-0x0000000074BCB000-memory.dmp

memory/3124-370-0x0000000072EE0000-0x0000000074134000-memory.dmp

memory/3124-374-0x0000000072730000-0x0000000072EE0000-memory.dmp

memory/3124-375-0x0000000000B20000-0x0000000000B36000-memory.dmp

memory/3124-376-0x0000000005070000-0x0000000005080000-memory.dmp

memory/3124-377-0x00000000058D0000-0x0000000005E74000-memory.dmp

memory/3124-378-0x0000000005510000-0x00000000055A2000-memory.dmp

memory/3124-379-0x0000000005500000-0x000000000550A000-memory.dmp