b7cb43f20804553c4f1d29619322af2c67614f1a19848bcd57b3d97f05e43e10

Analysis

max time kernel
187s
max time network
276s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
08/06/2024, 00:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Correo de Unidad de Gestión Pensional y Parafiscales - INCIDENTE PRECURSOR_ Fwd_ transacción realizada.pdf
Size

182KB
MD5

c18573e3d356c9c3684bdb38c82d2191
SHA1

0ec480f2801a35521f4d5e09808b421dea6b1806
SHA256

b7cb43f20804553c4f1d29619322af2c67614f1a19848bcd57b3d97f05e43e10
SHA512

246b36cedd45ad99115d66c8a57ca1180cca98abbfb2814a11f138ae90e1acc4c0adf0cd880e45687686965bf0502f70720969fa37ac0a7c65dc280c7a1c9f46
SSDEEP

3072:bvnZUSiAW4fPy4MQo5uZarqs/jPlGroavoCzMJORcG51SGL/hsILT3u:DnaD34ny44Qar//krrwe3jSGL/hs4Lu

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1996	DOCUMENTO CON EL COMPROBANTE DE PAGO No-555502215651544141.exe
3412	DOCUMENTO CON EL COMPROBANTE DE PAGO No-555502215651544141.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Run\Kkdxmklcb = "C:\\Users\\Admin\\AppData\\Roaming\\Kkdxmklcb.exe"	DOCUMENTO CON EL COMPROBANTE DE PAGO No-555502215651544141.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
5	drive.google.com
6	drive.google.com

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1996 set thread context of 3412	1996	DOCUMENTO CON EL COMPROBANTE DE PAGO No-555502215651544141.exe	42

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 60d27ae73eb9da01	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 27 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{23E140E1-2532-11EF-9BF1-5630532AF2EE} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\DownloadWindowPlacement = 2c0000000000000000000000ffffffffffffffffffffffffffffffff100100003d000000900300001d020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_Classes\Local Settings	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3880	chrome.exe
3880	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
492	AcroRd32.exe
3412	DOCUMENTO CON EL COMPROBANTE DE PAGO No-555502215651544141.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	692	7zG.exe
Token: 35	692	7zG.exe
Token: SeSecurityPrivilege	692	7zG.exe
Token: SeSecurityPrivilege	692	7zG.exe
Token: SeDebugPrivilege	1996	DOCUMENTO CON EL COMPROBANTE DE PAGO No-555502215651544141.exe
Token: SeDebugPrivilege	1996	DOCUMENTO CON EL COMPROBANTE DE PAGO No-555502215651544141.exe
Token: SeRestorePrivilege	3804	7zG.exe
Token: 35	3804	7zG.exe
Token: SeSecurityPrivilege	3804	7zG.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
2348	iexplore.exe
2348	iexplore.exe
692	7zG.exe
3804	7zG.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
492	AcroRd32.exe
492	AcroRd32.exe
492	AcroRd32.exe
492	AcroRd32.exe
2348	iexplore.exe
2348	iexplore.exe
2852	IEXPLORE.EXE
2852	IEXPLORE.EXE
3412	DOCUMENTO CON EL COMPROBANTE DE PAGO No-555502215651544141.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 492 wrote to memory of 2348	492	AcroRd32.exe	29
PID 492 wrote to memory of 2348	492	AcroRd32.exe	29
PID 492 wrote to memory of 2348	492	AcroRd32.exe	29
PID 492 wrote to memory of 2348	492	AcroRd32.exe	29
PID 2348 wrote to memory of 2852	2348	iexplore.exe	31
PID 2348 wrote to memory of 2852	2348	iexplore.exe	31
PID 2348 wrote to memory of 2852	2348	iexplore.exe	31
PID 2348 wrote to memory of 2852	2348	iexplore.exe	31
PID 2348 wrote to memory of 1644	2348	iexplore.exe	33
PID 2348 wrote to memory of 1644	2348	iexplore.exe	33
PID 2348 wrote to memory of 1644	2348	iexplore.exe	33
PID 1996 wrote to memory of 3412	1996	DOCUMENTO CON EL COMPROBANTE DE PAGO No-555502215651544141.exe	42
PID 1996 wrote to memory of 3412	1996	DOCUMENTO CON EL COMPROBANTE DE PAGO No-555502215651544141.exe	42
PID 1996 wrote to memory of 3412	1996	DOCUMENTO CON EL COMPROBANTE DE PAGO No-555502215651544141.exe	42
PID 1996 wrote to memory of 3412	1996	DOCUMENTO CON EL COMPROBANTE DE PAGO No-555502215651544141.exe	42
PID 1996 wrote to memory of 3412	1996	DOCUMENTO CON EL COMPROBANTE DE PAGO No-555502215651544141.exe	42
PID 1996 wrote to memory of 3412	1996	DOCUMENTO CON EL COMPROBANTE DE PAGO No-555502215651544141.exe	42
PID 1996 wrote to memory of 3412	1996	DOCUMENTO CON EL COMPROBANTE DE PAGO No-555502215651544141.exe	42
PID 1996 wrote to memory of 3412	1996	DOCUMENTO CON EL COMPROBANTE DE PAGO No-555502215651544141.exe	42
PID 1996 wrote to memory of 3412	1996	DOCUMENTO CON EL COMPROBANTE DE PAGO No-555502215651544141.exe	42
PID 1996 wrote to memory of 3412	1996	DOCUMENTO CON EL COMPROBANTE DE PAGO No-555502215651544141.exe	42
PID 1996 wrote to memory of 3412	1996	DOCUMENTO CON EL COMPROBANTE DE PAGO No-555502215651544141.exe	42
PID 1996 wrote to memory of 3412	1996	DOCUMENTO CON EL COMPROBANTE DE PAGO No-555502215651544141.exe	42
PID 1996 wrote to memory of 3412	1996	DOCUMENTO CON EL COMPROBANTE DE PAGO No-555502215651544141.exe	42
PID 3880 wrote to memory of 3892	3880	chrome.exe	45
PID 3880 wrote to memory of 3892	3880	chrome.exe	45
PID 3880 wrote to memory of 3892	3880	chrome.exe	45
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47
PID 3880 wrote to memory of 2808	3880	chrome.exe	47

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Correo de Unidad de Gestión Pensional y Parafiscales - INCIDENTE PRECURSOR_ Fwd_ transacción realizada.pdf"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:492
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://drive.google.com/uc?id=1K1uSrqftQ02Z1cUcQ8drycg750iuvaRt&export=download&authuser=0
  2⤵
  - Modifies Internet Explorer Phishing Filter
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2348
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2348 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2852
- - C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Downloads\DOCUMENTO CON EL COMPROBANTE DE PAGO No-555502215651544141.rev
    3⤵
    - Modifies registry class
    PID:1644

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2316

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap15773:178:7zEvent2640
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:692

C:\Users\Admin\Downloads\DOCUMENTO CON EL COMPROBANTE DE PAGO No-555502215651544141.exe
"C:\Users\Admin\Downloads\DOCUMENTO CON EL COMPROBANTE DE PAGO No-555502215651544141.exe"
1⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Users\Admin\Downloads\DOCUMENTO CON EL COMPROBANTE DE PAGO No-555502215651544141.exe
  "C:\Users\Admin\Downloads\DOCUMENTO CON EL COMPROBANTE DE PAGO No-555502215651544141.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3412

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" h -scrcSHA256 -i#7zMap2130:178:7zEvent2073
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5729758,0x7fef5729768,0x7fef5729778
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1200 --field-trial-handle=1392,i,13573548203937882519,8377890267918083792,131072 /prefetch:2
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1392,i,13573548203937882519,8377890267918083792,131072 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1392,i,13573548203937882519,8377890267918083792,131072 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2084 --field-trial-handle=1392,i,13573548203937882519,8377890267918083792,131072 /prefetch:1
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2116 --field-trial-handle=1392,i,13573548203937882519,8377890267918083792,131072 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1396 --field-trial-handle=1392,i,13573548203937882519,8377890267918083792,131072 /prefetch:2
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1460 --field-trial-handle=1392,i,13573548203937882519,8377890267918083792,131072 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3468 --field-trial-handle=1392,i,13573548203937882519,8377890267918083792,131072 /prefetch:8
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3584 --field-trial-handle=1392,i,13573548203937882519,8377890267918083792,131072 /prefetch:8
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3796 --field-trial-handle=1392,i,13573548203937882519,8377890267918083792,131072 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3728 --field-trial-handle=1392,i,13573548203937882519,8377890267918083792,131072 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2140 --field-trial-handle=1392,i,13573548203937882519,8377890267918083792,131072 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2172 --field-trial-handle=1392,i,13573548203937882519,8377890267918083792,131072 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1392,i,13573548203937882519,8377890267918083792,131072 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2116 --field-trial-handle=1392,i,13573548203937882519,8377890267918083792,131072 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3968 --field-trial-handle=1392,i,13573548203937882519,8377890267918083792,131072 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2284 --field-trial-handle=1392,i,13573548203937882519,8377890267918083792,131072 /prefetch:1
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1968 --field-trial-handle=1392,i,13573548203937882519,8377890267918083792,131072 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3408 --field-trial-handle=1392,i,13573548203937882519,8377890267918083792,131072 /prefetch:8
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1308 --field-trial-handle=1392,i,13573548203937882519,8377890267918083792,131072 /prefetch:8
  2⤵
  PID:1560

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2964

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" h -scrcSHA256 -i#7zMap18329:178:7zEvent2750
1⤵
PID:3176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\nhdkkri\registros.dat

Filesize
172B

MD5
6f780e8bbb034eb30d283abf9e860372

SHA1
3d07504d2bc89a15cc2e7ba1e46bf9c443fa70ed

SHA256
96f23fc027b3efcc3a73b9bc70dbf9732d1f8939c6d22d148488801af590aebd

SHA512
0c26796d33d44c9fdd13027628b8f8c5a28aa87717b3e54de0ed3301e9193a98deb5f42715bd245d3740345f9fd4c91037445c8a94b8f5a594da180a228edda1

Download Submit
C:\ProgramData\nhdkkri\registros.dat

Filesize
778B

MD5
942d2e7914b1da31488c5e8b64e10462

SHA1
4db5881088590ad7c7b34e0d7a3d8e43e248af19

SHA256
e67b1256e5d328d92194dd613b1ab530d2f79d2858f0e4767f938d63d0551ac7

SHA512
d4fe42e28cc2b61727d6df333bb998b7e9692afa032de7f13368201deccf1ce9214b2f9f5cf47b1394fd61e7d591b5f0940ac9b4186964103afe11751de2e6c7

Download Submit
C:\ProgramData\nhdkkri\registros.dat

Filesize
1KB

MD5
ae92f7608e5baf82339cd9d620ec0997

SHA1
6133b3244097dfd5745da0c07ebcaa939b45e1d1

SHA256
fba8e7f4ca534e8b3eed5f66bb6d84d315580fe70de7d3f8f7cf2dbd4dcbf06c

SHA512
ae18b8f08b92953abe14f41e9acb37b2ab939c79ca335782a8370edcc7a007658e72d0a60b029857cd70f3d0c0aee828868a866c1c87b883cca25b3255a83184

Download Submit
C:\ProgramData\nhdkkri\registros.dat

Filesize
1KB

MD5
0e31238b51332f33e0a4524ed16b9bde

SHA1
21f720e51f909eef515b427e37dff7265ff6b5f1

SHA256
ec919e2e038d23ff693f18b3d778c3bbece3cd59ce0cd2a68210d2cd201fdbfc

SHA512
43a388b3ca17954211b5142c93cbc1a91921353e56b20853086ead85ec07eed37d961f34e4385143999fd858a1dc5258a7dbe5a96eb01d35d8bfeb7a296d0d8a

Download Submit
C:\ProgramData\nhdkkri\registros.dat

Filesize
1KB

MD5
8780b8dccb2686acdd5c0324d6d58a5e

SHA1
85c5c8760d3fe070d57f14c443fcfbf4fd69825a

SHA256
186c4986a901adeb8185cfc8d6751bae08ef3a185e24effc3ca3e5455ed3463b

SHA512
68b4807cad908864c72115bef9276bea85cf7afbca69342724abee7230fd760efe0324e96a82c062fea007780be9d6b5409c342c369473872410984ab8d78a56

Download Submit
C:\ProgramData\nhdkkri\registros.dat

Filesize
2KB

MD5
e1353a8c37158cb0e3d974a873689329

SHA1
d77254b476ba1d0c9c1881dacb8d423966d00ea9

SHA256
4a38d23ff1b1e51b217d1120b4aa25f0d468413f1a1cfc3302712caa1fb95c7f

SHA512
3d52fad899ae9f2f8ce1a4cefeb609f1e1d9db89587649f30ddfc9d64a9b04ec66848d4eb51a3e93bd196b0bc5badbf11d7f7b52563d8cfa2efb4d928e16838f

Download Submit
C:\ProgramData\nhdkkri\registros.dat

Filesize
3KB

MD5
87b2c9e85a868f095ce91764801c6fe9

SHA1
4d4115f583098e74a0d15eaed6bbda34d1bbcecd

SHA256
f9a6db8b623f426d6f6c37d3a9a2ebc62d8f2e2d80d8fe1b85e711516c6de935

SHA512
f7fa678028f6ac69df3aec58290b728780b45c43be1f13a814d09b2afa400b5e865f1044f1bfcde30b7a8baec139664536faeaae3bff88bda11329a39a687bf0

Download Submit
C:\ProgramData\nhdkkri\registros.dat

Filesize
3KB

MD5
7731996902b87fdd1efea17b33889d5e

SHA1
7e97e7ff87dfa4da2140c9e5c00a9d2255da88d0

SHA256
59379111a2b2dfff37ee080b4bd85dc16cf036e331c4d079f4cdc5952095fd3d

SHA512
a23062956fe29d2c1612aca2a1f468c57d69a6183fd00e9b1f11d0c00cd87d3215e6415a8c2cb74a809343ba66ba9d1a30db51197e34d0f60d4acdf97b645809

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
1b60990e019caf9d03a5d0bcc892a617

SHA1
eafda08a096e380f97bc25490166f0903aa8708a

SHA256
473f18132fa79c96620100102c8d70d72e39f06ffd2f77370f380818e82bcaa2

SHA512
85ed7a26041d7cbf3ab43240dffeb740596f77d85993c6113025b36604e99ce4492800fffe5c8565b6a54c5b078af212ceac3829c8d72edd3c39bf9ace7cec63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

Filesize
471B

MD5
3295ab4b88c1b3d7d520598b829f3eb3

SHA1
f72f10b45cbdad85b76f58a3483835f20a9ee20e

SHA256
50d84f0600285f214d6c9a5178ea3f6d6f7c8d050045e61c29544e62754aec39

SHA512
c8c4f13a6a0560ffb6bead067914fce228cf04109c85eef2631395beeb78c6057f3f21c9b6b21665e19678280eedafabf2024c121df20038e6b6f5a94468ac9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
513bbb4427a2f34f0e5f671986952c8f

SHA1
2a60943436b448af62a8ebec47665a76d852d581

SHA256
32aba6cd38317f3fd9d3237141c0aca7b4d330847bc39cd048794525653e12db

SHA512
03263de237a83db5efe3f2f444651af8ccafc13e0fb427240c673e2b6dfaa9169d161728085bdbc7c5fbf4cd35e732a5e6ec3d6329bfbb67e396c679ba3d01ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7df6a683bb011bcf2fb4d0ad5e4ec412

SHA1
ae728927eebef3d1567c568ed4610b74f99ac16a

SHA256
5fef2931996f7e6a1c137207b2cd7c62f49667c218cf39981750c640ff60c1df

SHA512
62a3daa6ae9a661785661f35428da7705717c6a6c6a2161c87c4747760700967d5b5df18d2f6a6c882200a5e3780d20ed2010088dc971858351be4112e9cdf08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

Filesize
406B

MD5
be56497b871174383e17742a41191166

SHA1
9892906730007da2da096f021324864429b82de9

SHA256
52ac322457a3bfc8fe5d4c69f977ef4f8db5c166c379fe73fe34a2e047c3c8e8

SHA512
a787ec9f64b07be289d30bfe861afd3049fb35582a4e4a4eda7bc84523a23daddbadedae945b8c3d839fc8e7ebf7d92c8f470593224bcfdab46afcf2573258e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
1d73b4b7021721cf9e5ee96416031cb2

SHA1
d32dde40a5d341740a631114625689398e42455b

SHA256
36e85283de31965061917ab4af3352da1bd640ef48de76bdf7dc47b8230ebec8

SHA512
e4c5ddc880b4e81964871ea3a7dab6006f511680c1252f7621e1155ab4cb236d0c9a1e1e8616ee195926e69ffbe5841360d818c2f6126b8e87ba92d8d79912a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
1154f2d4f20725499354da3bbc93a571

SHA1
90ed7fe49b7931bdc540b93856f7aab27d5d5481

SHA256
bfc195ca5e0fecaae18dbcfe07c6d943b546e73a33048f6e30079391288c425f

SHA512
4f36ca83ae65cb073ef7c297bfc63452c7f1cbf3fd0768b3566f4fd967e04fbef2e8615f9c4d4b30a1e0431155db605a6141ff10eede56a6dfa966e9133058a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\47a03f04-8fc6-4bd0-bbc4-4ddb13d1967e.tmp

Filesize
285KB

MD5
f23221f1f616c0486fe894f2fc2377a5

SHA1
a2cb2a7bec7f528c9c5e21c0cbc520e6ac7b6401

SHA256
0333d22f3c6c8556470d05cf57dfd96a040d368d1988a6ad9e78c9636fb47e8f

SHA512
48246c0ce36a6bef62d7ec71b31fe8414142629c4ee6294391301680d783df1a3319eeb61525508715b712535e0718acf9a3c97828748457aaeedb4a18e3cf84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4ce5dcf0-7715-4fa8-a207-0b700ad360bc.tmp

Filesize
7KB

MD5
005e5fddb9c9ef1516dd185baded1c65

SHA1
12117ade9e55538f50621bfa10a780f9b30ac886

SHA256
a277d977945bae75af40a2e65cb3b88c7b9d1655ed22b01c9f663691cc7ac357

SHA512
7e354932122ff06a4ee4e8effa1ded1cf006d3437e2ac495e8ab1b93316646e58bdec5e30adbfd4909756057567b1fcbe43e59a794fefab16c5f7b8a6402be15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
512KB

MD5
ddcffefac58f205ea194e1612e7c22a7

SHA1
4db6276eccafc0030490f970824b55dc327bfebd

SHA256
5f12968474e2995c485a2c256a9819dde04e78b6a13aacadfba935ed7970234a

SHA512
4b8561f2bbc596382e9c22515354b94df9613844a2c6b6736dd7c1f6c51305e235c58160d8e5b3d6f5fa289dc55f6fd675332e4a13d07fd35282d61e227adc13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf7897ad.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
cf0175c79bb5223a24040f6df710bbdf

SHA1
aa5eeefc7bd86965105a71709a541bbd57920c95

SHA256
ea42707ade59c5e97d40fb985bf9d6d9dabbc76b56b59eb92795d455ba6c832b

SHA512
6271bc5b356cd6e797a574af9d4cec8db5ee8ba1e663916baf40e4d518b43bd4741cb648441cd7f4653933808810ce82953f88e4c15c07cc8abb0022d9ffe276

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
daa3d056b2f64d1df6363ec6d9e98022

SHA1
f1f495226e59a7a1fdb6610a5775ff7d8f488a5e

SHA256
3bc0efbf6e5ac999c761b884b531d6c8afbf3c557e8bdf8a3d4cbe1290653af0

SHA512
97c6b4a80ce6f7228f4928215b450b714d01e3e1d358ee7c539437e012aefbe2b3daa5e6422a68d7aa9a9f52c7e30c45662c0cc7641ad476009350765c2c9c91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1017B

MD5
47406095b6c904e9b40907fe860ab52d

SHA1
f352af1b2aa9187669fc266ad9d7464cdccba008

SHA256
926997fae5261ff1bd0eb48821b692b6bcf5ef1ed4c0c73a0f05cc56f4d53865

SHA512
2ad6f2cc1c17abb0f2e1add4f24ac06c608daf20c326f14512a2e53e1f59b59cc9555c203ae2c84b6546ee0961d98d9d04bc05e7d6a6377ede78af1bf1f51af5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
583efa6ecbf6c40a122f263b8c468bc5

SHA1
945f60ffd6446055adf76fef31287e77e4be6798

SHA256
1d8df0505c8d09551590b72a29f099a9bf4b619884cd2280eea80ffac415e630

SHA512
189d17b63d2feec9ec489fea160950a2fc4c9d107fbcd25786c9e976c02fbfcb565bb451d264c68f3c0036159187dd6b90a108e811f40db87817a24e9f47a131

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1b42186d80b3b61ea2a822e9236593b1

SHA1
0611df5d06513b0c66904902de28f1c73d5a46bd

SHA256
bf5b8ca079ca78807bbfc93df62d26699345e045becadc0093301bf9cb2aa615

SHA512
175bb44245de394625052e58f296ffd8931feb82cafee0cf182f27c14e53918fb6f3a96be3877a064057b114f51a566088c08b871659458a32eff42d7bed4992

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5b3e424bf64a130b5a440047b3b87640

SHA1
248bfdd9a86d1b115805e0df0d5a069a7b13efab

SHA256
8ea3b0215cb0e28b57bd5ee260da05f9aa53c7e008f8235e83e60c6f5262c7e0

SHA512
9d893849714da0598b2257fb7e2ad85ce9e68c41f7ed42393b6550567f28d0abdf5229dd75710ab384623b823cda507d22cfd11e7a75e726cac65285848fea7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
3a56386d1ce3927ed5bae3d4335355e8

SHA1
b40f1bbe70b9a87577938f71810bb84b01079f3e

SHA256
8ab1f08cab01fd2709b767b24deefa605b73f165ea8d39567ab68ead71f22dad

SHA512
0934f2219f352636a7ff929131a369c19aa354ee1083e967e75271736ad1215f8e09f00eb39b1f6efe30f5e16421a6bd514cefc94d9fe1332975249730151fc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IO0LJX84\DOCUMENTO%20CON%20EL%20COMPROBANTE%20DE%20PAGO%20No-555502215651544141[1].rev

Filesize
2.0MB

MD5
069318d0b501974c596a418c508e9970

SHA1
92cef9425286a1b99d0e855c1cf4366727dda57d

SHA256
48385f21671a3d5922e6f7549fd515a3f132641947637d886e3f44dc808ad099

SHA512
935c1415c0b4045612bd889f2cb8ca7ce860de928c23921848e4d3a8ce35d693f77964be06da78b28529ea869c9c23e5dd9136f56004477479f5dd5f7b7ccc9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab982A.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9C18.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
11ae8afdfb0e043d8ad09df0e62543d9

SHA1
169cccb36a3efe57bfdfb76e31fd2dc4b2621966

SHA256
304d9e90ea74257002af68ff9bf9e41cc4322a450e8229c00829381426f9bb1b

SHA512
315153f13c60d560d7cbda79e861d09d72ee8d6d00f9f31ec53c678388704fa6726a920300603ef262e502451d5fbd2ecc549afaf19a23d73702f41f5da7fceb

Download Submit
C:\Users\Admin\Downloads\DOCUMENTO CON EL COMPROBANTE DE PAGO No-555502215651544141.exe

Filesize
4.8MB

MD5
c2d0d5c27e3c4fc38306703c78051eec

SHA1
0db365db36ed4990906b456fd914c7ec3091d89d

SHA256
46dd6d0c0e05b3bccaf2a6b44cc2fc77f02e693eae0ea566631211d0ebb56535

SHA512
c25191caf75e9e320221a52385d118d76b71f97e0b34dd5452ad27281dfecbca85417562d0d91c842f52243c22461035e60e6f3fec24b8cd951e27d491791af3

Download Submit
memory/1996-109-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-4954-0x00000000067C0000-0x000000000685A000-memory.dmp

Filesize
616KB

Download
memory/1996-4956-0x0000000000F50000-0x0000000000FA4000-memory.dmp

Filesize
336KB

Download
memory/1996-4955-0x0000000000E00000-0x0000000000E4C000-memory.dmp

Filesize
304KB

Download
memory/1996-69-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-71-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-73-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-75-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-77-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-79-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-83-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-87-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-89-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-91-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-93-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-95-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-97-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-99-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-101-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-103-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-105-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-107-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-111-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-113-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-115-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-117-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-119-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-123-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-125-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-127-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-129-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-131-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-121-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-85-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-81-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-68-0x0000000005E80000-0x00000000060D8000-memory.dmp

Filesize
2.3MB

Download
memory/1996-67-0x0000000005E80000-0x00000000060DE000-memory.dmp

Filesize
2.4MB

Download
memory/1996-66-0x00000000012E0000-0x00000000017AA000-memory.dmp

Filesize
4.8MB

Download