hxxps://cdn[.]discordapp[.]com/attachments/1260738968887230494/1261306800230367302/Blank-Estudiante[.]rar?ex=66927aff&is=6691297f&hm=d477246528115f1c269dc2295c5414450d48afaaecd25318405fccd53853b14b&

Analysis

max time kernel
375s
max time network
367s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
12/07/2024, 14:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1260738968887230494/1261306800230367302/Blank-Estudiante.rar?ex=66927aff&is=6691297f&hm=d477246528115f1c269dc2295c5414450d48afaaecd25318405fccd53853b14b&

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Blank-Estudiante.rar:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3808	msedge.exe
3808	msedge.exe
2320	msedge.exe
2320	msedge.exe
3896	msedge.exe
3896	msedge.exe
2424	msedge.exe
2424	msedge.exe
4688	identity_helper.exe
4688	identity_helper.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	2652	7zG.exe
Token: 35	2652	7zG.exe
Token: SeSecurityPrivilege	2652	7zG.exe
Token: SeSecurityPrivilege	2652	7zG.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2652	7zG.exe
1196	AcroRd32.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1196	AcroRd32.exe
1196	AcroRd32.exe
1196	AcroRd32.exe
1196	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 1344	2320	msedge.exe	78
PID 2320 wrote to memory of 1344	2320	msedge.exe	78
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3804	2320	msedge.exe	79
PID 2320 wrote to memory of 3808	2320	msedge.exe	80
PID 2320 wrote to memory of 3808	2320	msedge.exe	80
PID 2320 wrote to memory of 3676	2320	msedge.exe	81
PID 2320 wrote to memory of 3676	2320	msedge.exe	81
PID 2320 wrote to memory of 3676	2320	msedge.exe	81
PID 2320 wrote to memory of 3676	2320	msedge.exe	81
PID 2320 wrote to memory of 3676	2320	msedge.exe	81
PID 2320 wrote to memory of 3676	2320	msedge.exe	81
PID 2320 wrote to memory of 3676	2320	msedge.exe	81
PID 2320 wrote to memory of 3676	2320	msedge.exe	81
PID 2320 wrote to memory of 3676	2320	msedge.exe	81
PID 2320 wrote to memory of 3676	2320	msedge.exe	81
PID 2320 wrote to memory of 3676	2320	msedge.exe	81
PID 2320 wrote to memory of 3676	2320	msedge.exe	81
PID 2320 wrote to memory of 3676	2320	msedge.exe	81
PID 2320 wrote to memory of 3676	2320	msedge.exe	81
PID 2320 wrote to memory of 3676	2320	msedge.exe	81
PID 2320 wrote to memory of 3676	2320	msedge.exe	81
PID 2320 wrote to memory of 3676	2320	msedge.exe	81
PID 2320 wrote to memory of 3676	2320	msedge.exe	81
PID 2320 wrote to memory of 3676	2320	msedge.exe	81
PID 2320 wrote to memory of 3676	2320	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1260738968887230494/1261306800230367302/Blank-Estudiante.rar?ex=66927aff&is=6691297f&hm=d477246528115f1c269dc2295c5414450d48afaaecd25318405fccd53853b14b&
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffd26b3cb8,0x7fffd26b3cc8,0x7fffd26b3cd8
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,1796922396658126951,3510785400561229459,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,1796922396658126951,3510785400561229459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,1796922396658126951,3510785400561229459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1796922396658126951,3510785400561229459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1796922396658126951,3510785400561229459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1796922396658126951,3510785400561229459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,1796922396658126951,3510785400561229459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,1796922396658126951,3510785400561229459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,1796922396658126951,3510785400561229459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1796922396658126951,3510785400561229459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1796922396658126951,3510785400561229459,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1796922396658126951,3510785400561229459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1796922396658126951,3510785400561229459,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,1796922396658126951,3510785400561229459,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2480 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1736

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:868

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Blank-Estudiante\" -spe -an -ai#7zMap17581:94:7zEvent32215
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2652

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Blank-Estudiante\System\Antivirus.txt
1⤵
PID:1148

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Blank-Estudiante\System\MAC Addresses.txt
1⤵
PID:1896

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Blank-Estudiante\System\System Info.txt
1⤵
PID:1456

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Blank-Estudiante\Credentials\Chrome\Chrome Passwords.txt
1⤵
PID:3336

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Blank-Estudiante\Credentials\Edge\Edge History.txt
1⤵
PID:3600

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Blank-Estudiante\Games\Roblox\Roblox Cookies.txt
1⤵
PID:2872

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Blank-Estudiante\Credentials\Chrome\Chrome Passwords.txt
1⤵
PID:3188

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Blank-Estudiante\Messenger\Discord\Discord Tokens.txt
1⤵
PID:2192

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Blank-Estudiante\Common Files\Desktop\Actividad 24 DE MARZO.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1196
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  PID:4428
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9F9DBDB8F1646D22A832951D6D5851FF --mojo-platform-channel-handle=1780 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1724
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=93243654E35DBFD64E108CAF87BAD035 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=93243654E35DBFD64E108CAF87BAD035 --renderer-client-id=2 --mojo-platform-channel-handle=1808 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2880
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CA9757EBC95DF370F97FB14C3FDCCBC9 --mojo-platform-channel-handle=2332 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1044
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C383D39F2E1E8574EB40842801963FA2 --mojo-platform-channel-handle=2472 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:996
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=98599D07C3B4243DE488FD14DCDE3239 --mojo-platform-channel-handle=2448 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:740
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=55DAE88A90514A72BB3635F16BE7225D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=55DAE88A90514A72BB3635F16BE7225D --renderer-client-id=7 --mojo-platform-channel-handle=2332 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2540

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{5AAABB05-F91B-4BCE-AB18-D8319DEDABA8}
1⤵
PID:4784

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Blank-Estudiante\Messenger\Discord\Discord Tokens.txt
1⤵
PID:3256

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Blank-Estudiante\System\Task List.txt
1⤵
PID:3228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240712140533Z-163.bmp

Filesize
63KB

MD5
9ac294a51823dcdee20fe3cc85425bb3

SHA1
0a5d708977cb5803c6fa79c543728c4c937174bc

SHA256
41003bbcc8f3acddc708da40710fcb2f4651dea54590bf33941492ee576ae486

SHA512
7bed6a5edc97bbdab0f3bd75a3d6686de4090c486b8343482141f7cecd42a040444922b65acdf565434c314f3e70e117ae66cbf9c7af4a64f886bfcf9e9a553c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc52695a78aa4e8734d73b7446ba59d1

SHA1
15dfb5759ff566206ebd6b8a864e9e43182d7f44

SHA256
fc18d4b0cbcbb89e7f9cbe630c18c94ddecf8b59e74718cc5ad1f66fe638cf9e

SHA512
dbddeb1e9678141910933db917260164cfd07d5f2fcf3c7e82fc2c6db486be7dc47fb193a676e7a23d4ad6936c946ede8def1c555332e41a829d94c207cbfd51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce971e4ab1f7a51b5b9def5887018d15

SHA1
2f280b61a4c3297a3129d59b84ae971e90fdf9d9

SHA256
12e7606eaa7e67b697c8b098266fcb8cb066cd9f8f60ce43ba8405102a63af1b

SHA512
5358fb373e7ef29ac278c33161fbd06b4ac59b24be16e4c34f37ae88383655a182e30fa71cb7881cffc3af5ab055aad25d57f53f3114e6d79b946dbfaa228594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
094ab275342c45551894b7940ae9ad0d

SHA1
2e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e

SHA256
ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3

SHA512
19d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
91ba286624c4fd441504e42567073224

SHA1
0d7a5ee7679c35f33e0de1465b4b42ea694f66fd

SHA256
e91d5d19254309702701c4eafa5b776f7b1410f3bfc16699da2c8d3ea71d4af2

SHA512
f37b6bf18673a8957a02820089462c4d37d4d6023f0a574f04de6279b272d712ef013397780f50ae918ad5c909aac790158c0ae1db4abf53b9054867e17b41cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e9504399f6af1bbcf5f12a79e203500c

SHA1
b8256bdaf269a17127b5dfe298442feab80332a0

SHA256
babc1ae514bc14a6939de6c00930b021e0c9d570030b6ea6e013413a2b48a753

SHA512
d3bbe896da313e2057324b0e35a33b2a23e9e9c63ae9a10c4e3b766d8eb3a065b4e7bcebd5d0f386d20bee0b6ed6e1455f57317e20ddbe577e2efad73cf2a6b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cec0c291f301b7a3ef4942606c791577

SHA1
42441b0f721136aa95a3302feb6c526847435c75

SHA256
dd8332e62287b03ec683a00aca5aafcf30f7576754133e5ed3447f6bfb89aa5c

SHA512
60950ef8c95b50b3acbb9b98ec377c3fc63597cdfdc55b4187b5a1bc80bfba568250cee608b47f1f9e328a947d5cab29da9aeb974bddbe3c3288ca14a1966d81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fdbe4af6f860fc8c191f2c864d6a6f19

SHA1
849b968d4c397eefb7ef008055ed85acbcc790f8

SHA256
1b2c1a5debb592118c0589838c097b78e635403de1b31ea92d11fdb9889b19c3

SHA512
5bd0dd44f203c3ce6610a1241ed0c31627cd022ed7340915db22d0fed83fcc11a3dd283a0fe0c9e37af09704a3985c07869298a5c6a73bf9978dd97ed52444f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
159540eb28aff24f8ed15b6e3fdcef2b

SHA1
7a086bdc13dca05f40619bfbdc34e865df994f84

SHA256
094f9ab4ae079a6abe2f09347f3e3e9aeed9998466c3e1cc7e922625dd3ca87c

SHA512
e80d6eb51c3ab135bf871ee884afa5b95d0319068ee63f80165fe9aa5c00ac7b00f102c2f2cddea9b6a95988df70d2b7353adc4dcaed8a00bcde141f7524cbc6

Download Submit
C:\Users\Admin\Downloads\Blank-Estudiante.rar

Filesize
1.8MB

MD5
6c6cc2767d7252935f8d3fc973800b61

SHA1
3c48fb5a9e128b246683d582d1bf7928dfad6896

SHA256
c3a41cd45b0ce852a5535b3ee7b0fb6336817fa76e951ce824bedc6ade546c55

SHA512
db0c0528bf75547537a4e6c5194bd1d694b94e1e20c0c25fa7fa247d6e89fc5ca3327ca289ce860e5835340d4771f859b30e9d375230b09c320db40e5284b494

Download Submit
C:\Users\Admin\Downloads\Blank-Estudiante.rar:Zone.Identifier

Filesize
228B

MD5
739129863a524923da250098b7a9398e

SHA1
e7c116f1f33798a60c783a4a5cabd4d60372131d

SHA256
f7cac3a997d56074edafb00d8656512dece95b1cdc78ed7ad197d444c49cd903

SHA512
9a54cfccc3d7a9318a13cd1b706299929d215dfc40ede034163dabf5e912f1c639b931efdb8d9cc951605cece9fb91b102d8132f3f9433b6583731f72ce83e25

Download Submit
C:\Users\Admin\Downloads\Blank-Estudiante\Common Files\Desktop\Actividad 24 DE MARZO.pdf

Filesize
638KB

MD5
8ce14f5d1b84e94a64752a9c60aac7b1

SHA1
93fb435cff90823dd45a63dec0f1d6cfd663e8ed

SHA256
31848edeba84c1c2df3cff48e1785d746326b6eeb4d297bf8b023729bfa25c50

SHA512
75f2ca2bf393dd9802f4f19b367c5343e61472d87af8c9ba18f27fb98c969e68f0cdc8e4af81ae0c8d7f6484ef1b0d22443c96083a68b806d6e51ec6be86a2f2

Download Submit
C:\Users\Admin\Downloads\Blank-Estudiante\Credentials\Chrome\Chrome Passwords.txt

Filesize
158B

MD5
167d80aaa9734459b5e8a9eb8a37dd40

SHA1
499676f5b54b20c12a7bd82a7cd4aa482ed7388e

SHA256
c8c3d895a258aa1cdb8e1f2301025680d6a4ee23efcf284e319300237d6a66f4

SHA512
b2dc091f9df337ba1de8a28d5b6de02e1e329de7cecff1657010e83733568db76a94a52d9289532c8e1a62ebd35a40e640585ac6320c631ab309ce0ffd519e9d

Download Submit
C:\Users\Admin\Downloads\Blank-Estudiante\Credentials\Edge\Edge History.txt

Filesize
5KB

MD5
21aa40d2c220c83666a39a408e9661c2

SHA1
657358002393b85e01fe5f32ddbdf8d9189e8c0b

SHA256
bcac9ab5ef4434f9cb2f69141b48225f43594d428e371acd1ab43bab051704ff

SHA512
a7ba76f0d41c59c150417f4d96b4dd6bbccbbb8e456bb50133966b78c63a848e5b4cf848f59e0992d726a0cefb85a2dad5be9b2c450708e8fc7d094f3a508f99

Download Submit
C:\Users\Admin\Downloads\Blank-Estudiante\Games\Roblox\Roblox Cookies.txt

Filesize
1KB

MD5
b2ef3836c4647c89cad6cf3f1c7636c9

SHA1
e512d2f7f75d68845bbead967fd03078ac9d0a9f

SHA256
86b82134f4bb01146dc52dad593c2136e0007e8b8c6a344b162b153c7925542f

SHA512
77867c4b4702ecc9a16fb1ef4f882928636e6007767a7fd74e58af2927f12faefc1c3fbd7f1fe923f8714aa8881d077b21a4876b96c54530b2b0b46ddd253f2f

Download Submit
C:\Users\Admin\Downloads\Blank-Estudiante\Messenger\Discord\Discord Tokens.txt

Filesize
1KB

MD5
f2e095afd59bd010631e89fc4268ba6c

SHA1
d457580b2d2a1bab8934c1ef8641ba277bece793

SHA256
c5c829648ebd934f6635bc1913007ce37064fa62c0f6401e8cf6e50e7137b766

SHA512
161c24b018eedeb7b5138dfef532adc6122a47dd3eeb9242de67bdae4c1b24fd0b8f2f26dc71654dc1f7f3eb1b9bc0ea5ec22f7294cd2e25e877c069ee7f08a0

Download Submit
C:\Users\Admin\Downloads\Blank-Estudiante\System\Antivirus.txt

Filesize
16B

MD5
01daefe4caf17be6854e1a9a0dece70c

SHA1
fee51c1ab6684f18e59f3ffa9c0296ed1e5dbd28

SHA256
2331be85a81c008dedbfef3bfb0d68ef76ac6bee37cf9e653591790a21dbbf32

SHA512
aa934777ecb3097cd820eded81c9c7baf68039a7e448cec067317565427212882301ba517adfb5f63a6677e7d80baf15837f05dc8c9a9d2bd80f3ca65234ed16

Download Submit
C:\Users\Admin\Downloads\Blank-Estudiante\System\MAC Addresses.txt

Filesize
278B

MD5
60d58d08382a3d849fa4f45540c98001

SHA1
42bfd2fc873a5a284ec89f17e7243d93b829b522

SHA256
075fa87d92b04c8441bc551dad57bfae2a5424d33e3b5d890190cf48430e24dd

SHA512
eca82bec0f10139641c61222ab450c7fd7c01d02807d74146e1c2454f0f9bceaacb236f95ca0dad4d3cb3cdcf23660f8814cb38521f4c00f2582fc022254b1b1

Download Submit
C:\Users\Admin\Downloads\Blank-Estudiante\System\System Info.txt

Filesize
4KB

MD5
cb13ec5ad0bd0f3a0b9af3de7316de1b

SHA1
a4fbbf976639699d68b4b3dcc9056ea2231ce987

SHA256
698a8d686b8a202cc6fa4d960e859da9f89a0d39e7e1e0b250ec1775b1e05ad2

SHA512
4f83580461315f427490444d4ebc9b934dc494afc3bb628dfe3409d7b42813e2dca3c040ea0620efde60a2fa47b167c204533fc96a54d263b01ed114e63eb7b5

Download Submit
C:\Users\Admin\Downloads\Blank-Estudiante\System\Task List.txt

Filesize
26KB

MD5
7d876e961630eeec7ccaaa6689e3c5a5

SHA1
576a209189a555fc4da1fe0d77a03de4dfa28e32

SHA256
38b9e08c44df72bebf56b1c34c11a899f8ae5f9f0894be1b2856753be7240d35

SHA512
06300622e09acbf7736a04d719d96282b524cd41586d686d3db0fa9a135279278bae279e14821d7a6e70d37734f3c060f9f3b61b4c2683164f10e73a4e027711

Download Submit