asyncrat | 6768f27cadd154e4f98704f815901825550609b11d2a3f871aa3db97d351dc52

Analysis

max time kernel
447s
max time network
449s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
24-07-2024 19:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7-CITACION DEMANDA EN SU CONTRA -JUZGADO 03 LABORAL CIRCUITO ESPECIALIZADO EXTINXION-3.svg
Size

358KB
MD5

4e13471212cb4ed7b3800d329c3860bf
SHA1

5647ce87843802b740ed953c50d80453823dd8f8
SHA256

6768f27cadd154e4f98704f815901825550609b11d2a3f871aa3db97d351dc52
SHA512

6fca249d5601b08f778b42495e01396865d2cb736369a5eba80ee1662fa4e39519c17bf6bc2e9fb44c2034fc0af973336cbae67167bdfdfe9a2826e60f590928
SSDEEP

3072:RCkLBpCoMXyV1d/Cl+XlwdgrJGwS4BHKlge41unusvrvlvfvwvsvQv+xJWv46zwU:RfBpCoK21dE+XlpJGwSsKldhLsuCd

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

melo2024.kozow.com:8000

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_file
AnsyFelix
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Suspicious use of SetThreadContext 6 IoCs

description	pid	Process	procid_target
PID 2192 set thread context of 4880	2192	01 NOTIFICACION DEMANDA..exe	132
PID 4880 set thread context of 3872	4880	cmd.exe	135
PID 3676 set thread context of 2276	3676	01 NOTIFICACION DEMANDA..exe	141
PID 2276 set thread context of 4972	2276	cmd.exe	143
PID 4976 set thread context of 2088	4976	01 NOTIFICACION DEMANDA..exe	145
PID 2088 set thread context of 3152	2088	cmd.exe	149

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	01 NOTIFICACION DEMANDA..exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	01 NOTIFICACION DEMANDA..exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	01 NOTIFICACION DEMANDA..exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 60 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\International	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\International\CNum_CpCache = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E746541B-49F6-11EF-A8A8-6E4A691D7979} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31120899"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50fde90404deda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\International	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c00000002000000030000000083ffff0083ffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000debc2266799c244dbced532ae65bc0ec0000000002000000000010660000000100002000000034cd7b9386fc134f78ea59abbaddfaec3538a211f15c3d526c7330c8a28e8356000000000e80000000020000200000003e02080a9ac801d8ea5ae596635480e25719d5927f9a2296c4de2e12f7a16b38200000003f165e5b2bdbc0f4cb7e1e7e1bf3cc2c209e60e00f83653fabc6d71e3783710640000000c5c2977a8c258a5f72568cde02e59175e31d22f9646a3fd8f11dc9b09acd51932faec16ac09322f1ccd08f909d51def8fc7a152540583231c8f797c559d65819	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0292cbc03deda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31120899"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000debc2266799c244dbced532ae65bc0ec00000000020000000000106600000001000020000000648c1da433dc1bc62c4bd6d2deb4c3f978d652cb1e13cd874cfc2116e970374e000000000e800000000200002000000039c46100295d585212a59589b6539a0d8a5e876934883ab8e125f286a5c4c0672000000083ebd41f3343bcfaecb219ba277bd974a6588b2901cf5f8586d8c18bc8f2c9f140000000678acbe8285d87f668a3ad801ca49233ee101339cb55a4d40f7430447f943016065b0a9dbb6a6b2113f53df45a5a6eed7ac7ec28b32ede8d0edafc91ab7f4ed2	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000debc2266799c244dbced532ae65bc0ec00000000020000000000106600000001000020000000a2015d4c32050587f63791206d40e4d2ffc8fc2c662b94550ab7e15620a380fb000000000e800000000200002000000084f10838243691fd8aa7e15ababa6f80d2275d929d1c44b911d6737eb1e08c9b20000000e9c93ae835acf19dd43ce780332d09a1e666fae5a15e2e64e3afede15779856840000000435ba40a7e93ec55b339577ddccd82c382067887747c16dd4e21d05427749f5e8dff59b6b2c84ce7fdb833287559b4b9f44bd6962e264fa2226cc15613e85ce2	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "428616001"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpCache = e9fd0000	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpCache = e9fd0000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\International\CNum_CpCache = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30a1330004deda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3147798561"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0e430bc03deda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3147798561"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31120899"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000debc2266799c244dbced532ae65bc0ec00000000020000000000106600000001000020000000d20a0ac962f53072cae8a1c819a77263d207f47c755b7f547386dd8640fcd2a9000000000e80000000020000200000003908f00f84e1ad14d4ef9d235bb3445790f1ea2a2860f515de70edec0c574ba620000000098d31d48669bd33c186febea38139b97dc18348420b9ba3b4bc62629912be2d400000007aeb0c5bb6dcccfe980d1eecc3c41e521b1786d06dfcca83306f14c52f3a617b13f918691abdbce990001d79aec7dafadfe13a7d63786e93b682eebc0d742d67	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3153267039"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133663247899931998"	chrome.exe

Suspicious behavior: EnumeratesProcesses 51 IoCs

pid	Process
4696	iexplore.exe
4696	iexplore.exe
4924	chrome.exe
4924	chrome.exe
2192	01 NOTIFICACION DEMANDA..exe
2192	01 NOTIFICACION DEMANDA..exe
2192	01 NOTIFICACION DEMANDA..exe
4880	cmd.exe
4880	cmd.exe
4880	cmd.exe
4880	cmd.exe
4384	chrome.exe
4384	chrome.exe
4384	chrome.exe
4384	chrome.exe
3872	MSBuild.exe
3872	MSBuild.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
3676	01 NOTIFICACION DEMANDA..exe
3676	01 NOTIFICACION DEMANDA..exe
3676	01 NOTIFICACION DEMANDA..exe
2276	cmd.exe
2276	cmd.exe
2276	cmd.exe
2276	cmd.exe
4976	01 NOTIFICACION DEMANDA..exe
4976	01 NOTIFICACION DEMANDA..exe
4976	01 NOTIFICACION DEMANDA..exe
2088	cmd.exe
2088	cmd.exe

Suspicious behavior: MapViewOfSection 9 IoCs

pid	Process
2192	01 NOTIFICACION DEMANDA..exe
4880	cmd.exe
4880	cmd.exe
3676	01 NOTIFICACION DEMANDA..exe
2276	cmd.exe
2276	cmd.exe
4976	01 NOTIFICACION DEMANDA..exe
2088	cmd.exe
2088	cmd.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4696	iexplore.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
3524	IEXPLORE.EXE
3524	IEXPLORE.EXE
3524	IEXPLORE.EXE
3524	IEXPLORE.EXE
3524	IEXPLORE.EXE
3524	IEXPLORE.EXE
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
3524	IEXPLORE.EXE
3524	IEXPLORE.EXE
3524	IEXPLORE.EXE
3524	IEXPLORE.EXE
3524	IEXPLORE.EXE
3524	IEXPLORE.EXE
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe
1156	taskmgr.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
4696	iexplore.exe
4696	iexplore.exe
3524	IEXPLORE.EXE
3524	IEXPLORE.EXE
3524	IEXPLORE.EXE
3524	IEXPLORE.EXE
3784	IEXPLORE.EXE
3784	IEXPLORE.EXE
3784	IEXPLORE.EXE
3784	IEXPLORE.EXE
3784	IEXPLORE.EXE
3784	IEXPLORE.EXE
3524	IEXPLORE.EXE
3524	IEXPLORE.EXE
2652	winrar-x64-701es.exe
2652	winrar-x64-701es.exe
2652	winrar-x64-701es.exe
3872	MSBuild.exe
3524	IEXPLORE.EXE
3524	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4696 wrote to memory of 3524	4696	iexplore.exe	84
PID 4696 wrote to memory of 3524	4696	iexplore.exe	84
PID 4696 wrote to memory of 3524	4696	iexplore.exe	84
PID 4696 wrote to memory of 3784	4696	iexplore.exe	111
PID 4696 wrote to memory of 3784	4696	iexplore.exe	111
PID 4696 wrote to memory of 3784	4696	iexplore.exe	111
PID 4924 wrote to memory of 1576	4924	chrome.exe	114
PID 4924 wrote to memory of 1576	4924	chrome.exe	114
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 4960	4924	chrome.exe	115
PID 4924 wrote to memory of 2124	4924	chrome.exe	116
PID 4924 wrote to memory of 2124	4924	chrome.exe	116
PID 4924 wrote to memory of 3824	4924	chrome.exe	117
PID 4924 wrote to memory of 3824	4924	chrome.exe	117
PID 4924 wrote to memory of 3824	4924	chrome.exe	117
PID 4924 wrote to memory of 3824	4924	chrome.exe	117
PID 4924 wrote to memory of 3824	4924	chrome.exe	117
PID 4924 wrote to memory of 3824	4924	chrome.exe	117
PID 4924 wrote to memory of 3824	4924	chrome.exe	117
PID 4924 wrote to memory of 3824	4924	chrome.exe	117
PID 4924 wrote to memory of 3824	4924	chrome.exe	117
PID 4924 wrote to memory of 3824	4924	chrome.exe	117
PID 4924 wrote to memory of 3824	4924	chrome.exe	117
PID 4924 wrote to memory of 3824	4924	chrome.exe	117
PID 4924 wrote to memory of 3824	4924	chrome.exe	117
PID 4924 wrote to memory of 3824	4924	chrome.exe	117
PID 4924 wrote to memory of 3824	4924	chrome.exe	117
PID 4924 wrote to memory of 3824	4924	chrome.exe	117
PID 4924 wrote to memory of 3824	4924	chrome.exe	117
PID 4924 wrote to memory of 3824	4924	chrome.exe	117
PID 4924 wrote to memory of 3824	4924	chrome.exe	117
PID 4924 wrote to memory of 3824	4924	chrome.exe	117
PID 4924 wrote to memory of 3824	4924	chrome.exe	117
PID 4924 wrote to memory of 3824	4924	chrome.exe	117
PID 4924 wrote to memory of 3824	4924	chrome.exe	117
PID 4924 wrote to memory of 3824	4924	chrome.exe	117

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\7-CITACION DEMANDA EN SU CONTRA -JUZGADO 03 LABORAL CIRCUITO ESPECIALIZADO EXTINXION-3.svg"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4696
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4696 CREDAT:17410 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3524
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4696 CREDAT:17414 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe2271cc40,0x7ffe2271cc4c,0x7ffe2271cc58
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,566169617306953156,11974332477993724585,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2208,i,566169617306953156,11974332477993724585,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,566169617306953156,11974332477993724585,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2312 /prefetch:8
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,566169617306953156,11974332477993724585,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3276,i,566169617306953156,11974332477993724585,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4600,i,566169617306953156,11974332477993724585,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4800,i,566169617306953156,11974332477993724585,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4956,i,566169617306953156,11974332477993724585,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5068,i,566169617306953156,11974332477993724585,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4832,i,566169617306953156,11974332477993724585,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3712 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4700,i,566169617306953156,11974332477993724585,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4648 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4384

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4472

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3276

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3592

C:\Users\Admin\Downloads\01-CITACION DEMANDA EN SU CONTRA -JUZGADO PENAL 01 CIRCUITO ESPECIALIZADO EXTINXION-01\01-CITACION DEMANDA EN SU CONTRA -JUZGADO PENAL 01 CIRCUITO ESPECIALIZADO EXTINXION-01\01 NOTIFICACION DEMANDA..exe
"C:\Users\Admin\Downloads\01-CITACION DEMANDA EN SU CONTRA -JUZGADO PENAL 01 CIRCUITO ESPECIALIZADO EXTINXION-01\01-CITACION DEMANDA EN SU CONTRA -JUZGADO PENAL 01 CIRCUITO ESPECIALIZADO EXTINXION-01\01 NOTIFICACION DEMANDA..exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:2192
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\SysWOW64\cmd.exe
  2⤵
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:4880
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:3872

C:\Users\Admin\Downloads\01-CITACION DEMANDA EN SU CONTRA -JUZGADO PENAL 01 CIRCUITO ESPECIALIZADO EXTINXION-01\01-CITACION DEMANDA EN SU CONTRA -JUZGADO PENAL 01 CIRCUITO ESPECIALIZADO EXTINXION-01\winrar-x64-701es.exe
"C:\Users\Admin\Downloads\01-CITACION DEMANDA EN SU CONTRA -JUZGADO PENAL 01 CIRCUITO ESPECIALIZADO EXTINXION-01\01-CITACION DEMANDA EN SU CONTRA -JUZGADO PENAL 01 CIRCUITO ESPECIALIZADO EXTINXION-01\winrar-x64-701es.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2652

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1156

C:\Users\Admin\Downloads\01-CITACION DEMANDA EN SU CONTRA -JUZGADO PENAL 01 CIRCUITO ESPECIALIZADO EXTINXION-01\01-CITACION DEMANDA EN SU CONTRA -JUZGADO PENAL 01 CIRCUITO ESPECIALIZADO EXTINXION-01\01 NOTIFICACION DEMANDA..exe
"C:\Users\Admin\Downloads\01-CITACION DEMANDA EN SU CONTRA -JUZGADO PENAL 01 CIRCUITO ESPECIALIZADO EXTINXION-01\01-CITACION DEMANDA EN SU CONTRA -JUZGADO PENAL 01 CIRCUITO ESPECIALIZADO EXTINXION-01\01 NOTIFICACION DEMANDA..exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:3676
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\SysWOW64\cmd.exe
  2⤵
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:2276
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4972

C:\Users\Admin\Downloads\01-CITACION DEMANDA EN SU CONTRA -JUZGADO PENAL 01 CIRCUITO ESPECIALIZADO EXTINXION-01\01-CITACION DEMANDA EN SU CONTRA -JUZGADO PENAL 01 CIRCUITO ESPECIALIZADO EXTINXION-01\01 NOTIFICACION DEMANDA..exe
"C:\Users\Admin\Downloads\01-CITACION DEMANDA EN SU CONTRA -JUZGADO PENAL 01 CIRCUITO ESPECIALIZADO EXTINXION-01\01-CITACION DEMANDA EN SU CONTRA -JUZGADO PENAL 01 CIRCUITO ESPECIALIZADO EXTINXION-01\01 NOTIFICACION DEMANDA..exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:4976
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\SysWOW64\cmd.exe
  2⤵
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:2088
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3152

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\bc684f393ef148ea80b445ef7da9753e /t 1520 /p 2652
1⤵
PID:1156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
bb581a5b925937d564d129d8f45c6983

SHA1
aeb5132263a02e62b72eff74587169a409cba42d

SHA256
882af9b74e7e2a20520b72fb024c6406aa92b764daaafd82b6a0db29fe764278

SHA512
cafc103c37e93bdc4181dd75de57c8ab77d5599158ad2448ec701391ebccbf2fd38e348e2800fb19229941475c4a46dfe0d5abacea9576a9417819f805f9b5d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d870e7556b75d1c259af97c3283e3b45

SHA1
993af4ba27024ca9c035364b673520907402997c

SHA256
9244a0960267cf26e26b6b8111d39bbde1d59b9c871444b8a3f2c3e6e2db2e0b

SHA512
e52a826b7f15d597d95cd88cf72b158c7da4d4c3d45478c3677734ae8024945e9f9d1f896bab195d40edf42326f47bd4de3ec8a7215fdc863bbcbbf38f3eb138

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
d2a8bce4b4049366810221c323c6a2a7

SHA1
913310e88c9417ab54635ff3c74eb232d92068a0

SHA256
3b48d172520e3f0ea6cc7e8e8335f9d570b507afeaa953beb526eba2fc6cec57

SHA512
b31cced6c65a4f9cee8d90524aaf8f458b4f0ae1c7528faec90429ef47d4125b4b94dde8eb26daf26c0487ea2b6c73d2bd104b13f0fb3fa513861e6b2f88f6b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
a8b5b68c82086e4a046f30406b7c0d5a

SHA1
1372f13e23ebb9f584dceb1e851d4b55fa9ea5c5

SHA256
899fd406b5ca33837f5c3119f4d68f9e239334c05a6a1ce82e35197cee52ff49

SHA512
7d5b9f9603bdc1e7b0e160d0bdaad62e62b73a0b9cfba3feaf14f95c6aabb51c4ec02e1b93ee41d7a3d5d1d6d8fd529c2891dc9961841be5490bc3eea439447d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3699477af2a0f2cecf46a3b43785ba67

SHA1
9d42cd7ee75e7fcb62fc3582d836bff7a79c0b55

SHA256
9e5e61adf2e1ccb6750da64bba454f4aaf4007fe315a2d0bdd9c2f537c8e52ce

SHA512
bfb0e5af7bad2659aa41745102c972cf58faca1eac195f2c55858fa1c133f9e33498474dbb48d723faa1439d4da735d1274c966e6b94b2023f62179c78331247

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b70506814b2fd689d50664c905492cb9

SHA1
de66efb190a96d72bbf801b6d0408678fbf6fb75

SHA256
d543f854dbd2976963154a704ef471c5c4560216665dc6a644a7affcb72b7ebb

SHA512
616625c05bc487fecf05e80b68f54210398736cf9791f346f5d05e984c2a9bcf804a2d7f2016f8f19a01e039cfddf38d48e03b379adeca6dbd616c4215d043b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
17e4a2e9323d0ccb8f8e01fd82ea27c4

SHA1
a9e9dafac7b3354e56d45ea92c547233ea751415

SHA256
e82d337a01f46dd93ca6ae54c61f8678589e25bdbbfd92f7027800414258f7d8

SHA512
136efc997d4d02eb1ccdf3d30c461a41292d2c5d1dbabc27c2213b3bedb824b10c20b75ba5c52453473b9cdad72a3e2f1d223d9221728983862d700f252f4afc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c2504db9759f377578420d5d3b56e9c8

SHA1
b94f3e09c3ad91cd4577889236035357594b9175

SHA256
3794dfc3888e5ea5d986b0832d56b147c07ebd23395dfe915dc488241c232986

SHA512
c354f3b508b21d0293f2c34ce8f5c7c93e256de72162d11c90054007f7edfc06dd0d6587c1ee90c6a08877d7efed278dc505bdc7940fbeb8e429c46e2f7277c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cbb941b7e83b226e186d7fd5b42d0e52

SHA1
a11071f5ebce341f89490c88169ee804ef565bf6

SHA256
c20ccb0b26ffda4f761e54e39ff303de5e75750e0c02f7612cf16e1eb25a28cf

SHA512
316383263543ac9e80ea9f4051fd31ead2dd858dbaa78e1cba6952708a16147eb7e0dd48af879c9f38c71894270187dc2c4a485908903ceef535db9318eadb21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7d2cf6cd75f66c60bbed3a98f9a35478

SHA1
22a40a768ee20db7480d699bc888b812f3b37089

SHA256
d23b35b978e6cf85926fc37f2d265bbe007cd66b7fab57b4ee0e6fb63415e855

SHA512
061ee42c358cf9425e1780e2c534e227b39ad55df96c8a69714ad07195044b9de1e986330b9933efa3420c467f742c653bbd1f3d65aca82a592a43cc2bc00dcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c0fa7cb0c3555c6379fc65e6a96cfcf3

SHA1
eeb38db045a0e00907c4f2b7bdcbdf4493464479

SHA256
a76587c570e930259dee02aba05159b1cfb0f12b5d142b0851f716858c086eee

SHA512
f9b83e15f9e8ca6599555bffee2a3afdf66efbfa4c32afe648e7560683699c97fbf78b9345be9a6d2883c5377828a331b9667d5590f9b4e213b985ceb5775009

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b5eb35d772068f76b43d9689004f4bfa

SHA1
3f63055a2b39dc32f39deb84018a9b270f74a51f

SHA256
c7484d72b18e33d9fea02d7b9c6f9bcee71c1613ea9b8073e4d1d14185aa161b

SHA512
4a027234b514459f7d2b8ef156f2137aaf1826126f2af1484e291bc64867d066fa8031df25f8b548f2f078f3adebec568668fbb3b2935401db80fd3fec0c2613

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d88c8fe2f2ea2a2228ad5fe8f6b4ae7c

SHA1
b453dfbcfb671d3d3982d703c15ba23e1093883f

SHA256
99983b46df140b3869de8a68820acde62916423ada65cb4533a6aed51850a183

SHA512
4c92103d5ae589bdf1cc95cadc94105f87e07204f4c2fa74d8bd60f43b5f0a985d55fb6b280a12a6bf503ade6ee4f4a55f4cc2c23c7fc864507034d3fe41272a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e533e8e7ca0ea095ff2172038a0e3df0

SHA1
23c2d803a1afc6a7a9bd60da66b51e724f6f434d

SHA256
88379607506c186fe4c132f6aa036d9f7317e435414603680fd20c0f46dbcd58

SHA512
c8a7693d1a88b486c56be20e15b8643903f0ffcda3e32721450616ebfae67429778967ec9b0cd7ed996afc8d2f30398e84c9382b57b00af8aefeb63ad95d72fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3a8b2961571e6925854ddb347413c962

SHA1
3df2b56e253b62963046a10c09b6c3e296f28dd6

SHA256
3477d520a9bb25e16b94fb671c50e5da8d63a0420b60b267c4b2acdae20f7300

SHA512
360b7a47dde375f7b7bebd5e256a4d6afec233928e2597534c9bf8b9a826d208d7a5f4d481a23d2094f5e9ca0df3ac4d1cba9e926414e659df86969c74a6f7f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
613eb89371857756fed9ab238d94a3f5

SHA1
7c8be3345cb1a91e86c44dc109f9550d996d957f

SHA256
281140d40e19cc62219208ab995989f73187215fecd74c2a0765b46c9824b79b

SHA512
51d6499edca1535adb6b3993ef4d67a1b15a17e470f4356095ee3eb7f65a66d4c9f825683eeee8839a490284c04b489839d046ef47ba07893a21b3c8c6b2d167

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7e1d2e06612ce9e2e202240bd7246caa

SHA1
27ff89b804790be6b4b2ee8329b4d31dbb215c78

SHA256
6aa9b733003870a70762fb8192b0263061edffb122960e4705ab7e508a58d0f0

SHA512
9c5ead0e5997dea747af08df98e4b7da824c7b4b07ba58e4db5a341e223a71cc0d2746a99650298c5402e3684e2979af82f11baf4059e0d40b33558f6f3879f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
219b11dab599e119ccd840c8476dcb7e

SHA1
e6f34d28bce6e52811ea35d73bb1f52e4d89bc1a

SHA256
52c8fd668faf50f4d9522ad081bf00c365e0ad255344a934b7c92dae159cf6d7

SHA512
0055e43f63e0e94a077fe25d077c884d154bb765d02840b3542117b64a82552d758cee425dbed603dee5a340f88ce285214b25b7a8794cb458390a315b044e81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b2dad6d5e824ca95cd07641383a5e0d8

SHA1
e9f639d9d1b2b01daf9155cdf9416703c262b553

SHA256
a5680c4bb18d900c083ea6216aa3b4799bb17ba257696de116ca47ee41655e26

SHA512
8d5e65cbd93aef9b4d91f09a09d632fe565c202ff4ec76ff77b1e250b34ee7cf1389e425e783c3aa4fb0dca9c107436533eed4d4f35a34c0df7b59fa38cc89b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
45b3924c567dad5382810e8f1c7b3037

SHA1
3a3ee1d9437daa034c9c22b04f50c3d1db2538e4

SHA256
33ac8679becd99b4b965c4a4b6fc9205b677684eacf3f80800c15f57e99c61f6

SHA512
afa7d13376b30481c2e16e90fd168f1fc38e597d65f04a1578870e7dc433b0188d87aa18c43c1536c662c1e46dfbbe85a812bc797a8a3b058f7bc8c35ff64e33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5c9b436991a71e97e15bf1b8c9cbbfc3

SHA1
4ea3df13db51610bcf13040eea0a2d4620dc2ce9

SHA256
4c3b5acc84ae60af04a2f25177078e5909e30edfe4b7447ec51c6861d5527db9

SHA512
4f70dc39c2ca1f1970c17dec587ba41abc5d5bd0409ca6311254a569f85315eb6b6f2c5c75ba7480a41606b1acab606fd5760b096c74902021d46a5cfe216222

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6da5a366cbcc232e3793f43fbbd36e00

SHA1
96e7d4fb08972cebc3615ff2c8b5789d6e9396ac

SHA256
817ca91617b1ef2330f6967dc1389714ea5b1557ffc1581ec82a0687a85fc3d5

SHA512
53f09006c0919c437bba3c70f80a63a9b8f627ccd7eaa892ce79c591749d6d50c1fe0fe96dc863fa880e4527e16b2f26456492222bd33f622be4785fd1770e3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
32df4c0ee1773600c79644f94e6ae316

SHA1
65d20f1dea7ce8daffd1e1e8af63d231f30d82e5

SHA256
6e3bc49d49ecdf8c599406b3495227e9eb5622d3dd39013dd3f11790a21c3619

SHA512
4e9b79a9928e8485cb22fc0d803f21aad7afb6bc5bec28d0630a4975af7c0555569c5fe51024ac8750289f6ec8e82d132105e8aa50e1fff3a820e2dff261ac76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1730c9b2de6012b0393e3d26f96cfda1

SHA1
ee1be6e11a3051ca83c8ff67f40b5aac5a918cfd

SHA256
0766e844ac953b6c0bb15f6b0d36494d65d32731728607c4290bdfbeaa3f421b

SHA512
378b12a7c115cb6280e79697d0f2a18848168673a640b646109d4f6961c92b7fa12d46e6bc76e0bef841b893b62087ab79ca9b48de22d7042d14f3ed454cfb7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
187KB

MD5
7531eb326d42c7348cd918ec69d9c246

SHA1
7f00b5834e6ae05ec3160711eda96eacb98e9463

SHA256
09ad08106c55fdd2ddb893e9d1044d64deb4f4dd34284f248f7297b6fdeb22eb

SHA512
dd13f0916a8f2e675c18aa9b1762bf6645e2165ac5377b52475f87c5042c65bf3b3935bdd3b573efc9f2533d6819199f3609f66fb70d63dc3ba5bdfeb21858e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
187KB

MD5
71ba629889c021c33c296dd6ddc29ac5

SHA1
ea3cc3d416d8fdefdcff2f4faede7459b1de23f7

SHA256
7736f7628dffb1e99b758bc6b814378f346ce35a27f6f83b94e7f00ea1c76a91

SHA512
4d8426965f5827022a90244c6d4dfbdb97da6581217c9d3c7ba70533f819e9e6bd5c982cdd126c7afe4965e6baffd4167350634529b9df0de93275ccfaf87f75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
c2a9ef60a374c084fd35358a291040b9

SHA1
725ca54021b14b8525ec8559e8edf4b3908fd389

SHA256
490952e37879e1b2864d9239446a1db25a8fb2838d52e6ee3f3cfdeae44bcddb

SHA512
6ef98fa6993b1dac8d1bc1d92a2978430789c0a87b856fb0fc9acea1fd5191121b1dc13a1dca06cdb1d24459d344e4836d039a604e7bde522b65c85e1d8157ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\bc1c09ae-e016-4ab1-90c9-454ae5255f84.tmp

Filesize
187KB

MD5
f02b37c37bf8c1986a65f5b4d045366e

SHA1
cb17d3711e4d855dc1ffaa675f08ebd3421a4cb5

SHA256
cf2fe426e1be15d47ff1613a0ac1fe26dd01be16ffb68d9f245e8ab66a906db6

SHA512
2c94c485e5579984454f63fdaf88b64a2197d00b5ecf58abdba9264d44fd07dc57658c6e6680c0e24a1c6e63d39446b3ed05e82dda37280d3177e4551b8cfc7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log

Filesize
425B

MD5
4eaca4566b22b01cd3bc115b9b0b2196

SHA1
e743e0792c19f71740416e7b3c061d9f1336bf94

SHA256
34ba0ab8d1850e7825763f413142a333ccbc05fa2b5499a28a7d27b8a1c5b4bb

SHA512
bc2b1bf45203e3bb3009a7d37617b8f0f7ffa613680b32de2b963e39d2cf1650614d7035a0cf78f35a4f5cb17a2a439e2e07deaefd2a4275a62efd0a5c0184a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\4btwkvu\imagestore.dat

Filesize
5KB

MD5
aaed8f41df1f5f914e61de90c8915eb2

SHA1
1555a8cb24042c8025c4cbc4ade75f9b593e6b35

SHA256
f8004bc614c1210640eed92177ff4cf95887191b962a5bb6e2e8b231bac71788

SHA512
776c9b35e52231c122b3ee35ea2cb86957a07e4c596c52b02150882a3623e0758f0fa02717ac08462bc2eea29676f47bc6bc3ae489f5876f89a8b1696d53973c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9BZ4M0X6\favicon[1].ico

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WZ04RUV6\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\addac628

Filesize
774KB

MD5
b451918e43721d6b4693e45ac90163f8

SHA1
7b0ac03553b262e957574a7b524940c88e41706e

SHA256
019aa860fd81dab7437ef0efe3ffb03c82f38797973da15e5260fda56e72fd3d

SHA512
39a9bf9fbe7a411d8cd0b32bc1ffc835890327fba27d4702fe37b0cadd98fa9d93a326562cd8e817e174c91fd5bb4a39c7db76926928829ea15974e0ff0256fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\dc45b959

Filesize
774KB

MD5
2cb8cbf7d0dbcd0ad514f6154c8d64ed

SHA1
0934d6a7dcc44d7ec4ac849382d6aff0ce1e5c89

SHA256
879deb5336ae40f1ea342d284f02fea96cf3d0fdbf928ecc6472d2ee89fbc0b8

SHA512
1ad9f6de738278adc54e5db380043c9121548f89bb5af9e69fd920afa7e2a9441d692655fe33dbf8d3d2676c8227370d88bc197900de3f4e31e9a9eee23cce0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ea79ccf

Filesize
774KB

MD5
8b1a3e959db2beb9062d1b5f651c72a4

SHA1
0e14e3960ef7e5502a89a5574ca0ab42ddd102a9

SHA256
d9eec6e1f7f2b107a73a2bcf20687fabc9047e005e3ffc8fa80d391941961c98

SHA512
5a1cfb945fe6e18e23e328e17e51c6fe29a498c367dbfa648c260728b307e6cd46509db7378337d411f6fc43e3cae69ea2862d71fa7082e673a7da723bd89059

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF02ADFB0C7E7C46AB.TMP

Filesize
20KB

MD5
65e57f8055fc1d785e6484c6f5d1b400

SHA1
a75dfd02aefb695164b3e5717659d86559d55cd9

SHA256
304800074b62679fb6f76f49e7088ad0f19650e71d2a3070c00b0795c7ef2941

SHA512
1e96278196c371da775137448c7e878e34aea7244fe1523e4b7d88198ebb070019919196656cd68914b76c13cf1e0143e8dda8483a78e09c8628c333f7c0d1c8

Download Submit
C:\Users\Admin\AppData\Roaming\apppower\aigret.eps

Filesize
650KB

MD5
b16a26aee27cdc91b7f545e03877f9c0

SHA1
7eb68256ac0a97e4ee0ddc1db648968987406910

SHA256
b3abdc2b792cb4b0160bdcc291dcb13b31078d852bd20ae01ae0908a0b46b72f

SHA512
25b8a3155c9b30df90b64690b8f4d16b1de1dd321efe05f9c8e5e939e0884acd2e4cf07797dc7f1a87600793246640ef6e5ff3b2a82229406cce674fef15b446

Download Submit
C:\Users\Admin\AppData\Roaming\apppower\madbasic_.bpl

Filesize
210KB

MD5
e03a0056e75d3a5707ba199bc2ea701f

SHA1
bf40ab316e65eb17a58e70a3f0ca8426f44f5bef

SHA256
7826395127e791a883359ea81308174700da0af8052cc9853b19fd29c2e4badb

SHA512
b0a3cfb6b34832f048fe0fc70c6fa76ae16a2cacda930f6529a83a967d6e8de1c69b93e0de3dc2126c5385d85e814687e695a0a4131399a69633141cad98da2a

Download Submit
C:\Users\Admin\AppData\Roaming\apppower\maddisAsm_.bpl

Filesize
63KB

MD5
ef3b47b2ea3884914c13c778ff29eb5b

SHA1
dc2b1fa7c7547d8f1ad3f20f9060f7bc686118e0

SHA256
475f7cdffd8ed4d6f52bd98ae2bb684f1c923a1be2a692757a9af788a39b1d87

SHA512
9648d951d8d3640436c8029fd0f06786f7ff8f52191cd6959569c87868bb6c40ac8c7e495c09377a8a5c85e8d3942551c37eb84e916b5c16327d8d43a167820e

Download Submit
C:\Users\Admin\AppData\Roaming\apppower\madexcept_.bpl

Filesize
436KB

MD5
98e59596edd9b888d906c5409e515803

SHA1
b79d73967a2df21d00740bc77ccebda061b44ab6

SHA256
a6ca13af74a64e4ab5ebb2d12b757cecf1a683cb9cd0ae7906db1b4b2c8a90c0

SHA512
ba617227849d2eb3285395e2d1babfe01902be143144be895011f0389f1860d0d7f08c6bbc4d461384eba270f866cce3351f52af1dc9ef9719c677619de79e42

Download Submit
C:\Users\Admin\AppData\Roaming\apppower\rtl120.bpl

Filesize
1.1MB

MD5
1681f93e11a7ed23612a55bcef7f1023

SHA1
9b378bbdb287ebd7596944bce36b6156caa9ff7d

SHA256
7ed5369fcf0283ea18974c43dbff80e6006b155b76da7c72fa9619eb03f54cef

SHA512
726e8f58648a6abaf1f2d5bebcf28c1d8320551a3b6e7eef0cf8d99f9ef941e30e7004c24c98e9b5e931a86128d26de7decba202390665a005e972dcbe87ab93

Download Submit
C:\Users\Admin\AppData\Roaming\apppower\vcl120.bpl

Filesize
1.9MB

MD5
1384dcc24a52cf63786848c0ed4a4d1b

SHA1
ea63180c94ea2d0417ad1860128980dd18c922ef

SHA256
d19f51871484cc4a737196bdb048193ad73f7f6bd061ec813766516eba26e406

SHA512
d405911672e3ea7abcbc898d7b807b9bc1dcbf4f83663d70bd8adab075960cf3d904b2710adbdafbcbb99ba4a41b9a40c64b7171e845255a91a042871b1ce8a3

Download Submit
C:\Users\Admin\AppData\Roaming\apppower\vclx120.bpl

Filesize
222KB

MD5
3cb8f7606940c9b51c45ebaeb84af728

SHA1
7f33a8b5f8f7210bd93b330c5e27a1e70b22f57b

SHA256
2feec33d1e3f3d69c717f4528b8f7f5c030caae6fb37c2100cb0b5341367d053

SHA512
7559cdf6c8dbea052242f3b8129979f7d2d283f84040f1d68ae10438548072715a56a5af88b8562aeea7143194e7c5bddac3fdb01ded411a0b1cac9f0c6eef3f

Download Submit
C:\Users\Admin\Downloads\01-CITACION DEMANDA EN SU CONTRA -JUZGADO PENAL 01 CIRCUITO ESPECIALIZADO EXTINXION-01.zip.crdownload

Filesize
6.7MB

MD5
da0f823b67bc093b75d381f2a105ecb6

SHA1
11e82222f4070fbadc8c4c2f194ba65d9fa60ac5

SHA256
ed88b5c4a8be75f5da0400817a9514bdcb38e602aa3fe463d39cec523dcd3268

SHA512
3d2986bf2b9d6fc9c7251934f68eab8995dc33b1cf3886c2360afebdc2f9f35a088a2e0d92002a3c225a07095a5213677df78a4bf95ed77842d98a998b1e1016

Download Submit
memory/1156-327-0x000002B7A3FE0000-0x000002B7A3FE1000-memory.dmp

Filesize
4KB

Download
memory/1156-323-0x000002B7A3FE0000-0x000002B7A3FE1000-memory.dmp

Filesize
4KB

Download
memory/1156-322-0x000002B7A3FE0000-0x000002B7A3FE1000-memory.dmp

Filesize
4KB

Download
memory/1156-321-0x000002B7A3FE0000-0x000002B7A3FE1000-memory.dmp

Filesize
4KB

Download
memory/1156-333-0x000002B7A3FE0000-0x000002B7A3FE1000-memory.dmp

Filesize
4KB

Download
memory/1156-332-0x000002B7A3FE0000-0x000002B7A3FE1000-memory.dmp

Filesize
4KB

Download
memory/1156-331-0x000002B7A3FE0000-0x000002B7A3FE1000-memory.dmp

Filesize
4KB

Download
memory/1156-330-0x000002B7A3FE0000-0x000002B7A3FE1000-memory.dmp

Filesize
4KB

Download
memory/1156-329-0x000002B7A3FE0000-0x000002B7A3FE1000-memory.dmp

Filesize
4KB

Download
memory/1156-328-0x000002B7A3FE0000-0x000002B7A3FE1000-memory.dmp

Filesize
4KB

Download
memory/2088-433-0x00007FFE31590000-0x00007FFE31785000-memory.dmp

Filesize
2.0MB

Download
memory/2192-226-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/2192-220-0x000000006FFC2000-0x000000006FFC4000-memory.dmp

Filesize
8KB

Download
memory/2192-229-0x0000000050120000-0x000000005030D000-memory.dmp

Filesize
1.9MB

Download
memory/2192-230-0x0000000050310000-0x0000000050349000-memory.dmp

Filesize
228KB

Download
memory/2192-222-0x000000006FFB0000-0x000000007012B000-memory.dmp

Filesize
1.5MB

Download
memory/2192-224-0x0000000000400000-0x0000000000698000-memory.dmp

Filesize
2.6MB

Download
memory/2192-221-0x000000006FFB0000-0x000000007012B000-memory.dmp

Filesize
1.5MB

Download
memory/2192-228-0x0000000057800000-0x0000000057812000-memory.dmp

Filesize
72KB

Download
memory/2192-227-0x0000000057000000-0x000000005703F000-memory.dmp

Filesize
252KB

Download
memory/2192-211-0x00007FFE31590000-0x00007FFE31785000-memory.dmp

Filesize
2.0MB

Download
memory/2192-225-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/2192-210-0x000000006FFB0000-0x000000007012B000-memory.dmp

Filesize
1.5MB

Download
memory/2276-389-0x00007FFE31590000-0x00007FFE31785000-memory.dmp

Filesize
2.0MB

Download
memory/2276-390-0x000000006C470000-0x000000006C5EB000-memory.dmp

Filesize
1.5MB

Download
memory/3152-457-0x0000000073930000-0x0000000074B84000-memory.dmp

Filesize
18.3MB

Download
memory/3676-377-0x0000000050120000-0x000000005030D000-memory.dmp

Filesize
1.9MB

Download
memory/3676-353-0x00007FFE31590000-0x00007FFE31785000-memory.dmp

Filesize
2.0MB

Download
memory/3676-374-0x0000000057000000-0x000000005703F000-memory.dmp

Filesize
252KB

Download
memory/3676-373-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/3676-378-0x0000000050310000-0x0000000050349000-memory.dmp

Filesize
228KB

Download
memory/3676-372-0x0000000000400000-0x0000000000698000-memory.dmp

Filesize
2.6MB

Download
memory/3676-370-0x000000006C470000-0x000000006C5EB000-memory.dmp

Filesize
1.5MB

Download
memory/3676-376-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/3676-352-0x000000006C470000-0x000000006C5EB000-memory.dmp

Filesize
1.5MB

Download
memory/3872-275-0x0000000005F00000-0x0000000005F66000-memory.dmp

Filesize
408KB

Download
memory/3872-271-0x0000000005670000-0x0000000005C14000-memory.dmp

Filesize
5.6MB

Download
memory/3872-272-0x00000000052A0000-0x0000000005332000-memory.dmp

Filesize
584KB

Download
memory/3872-273-0x0000000005280000-0x000000000528A000-memory.dmp

Filesize
40KB

Download
memory/3872-269-0x0000000000580000-0x0000000000596000-memory.dmp

Filesize
88KB

Download
memory/3872-256-0x0000000073930000-0x0000000074B84000-memory.dmp

Filesize
18.3MB

Download
memory/3872-274-0x0000000005E60000-0x0000000005EFC000-memory.dmp

Filesize
624KB

Download
memory/4880-243-0x000000006FFB0000-0x000000007012B000-memory.dmp

Filesize
1.5MB

Download
memory/4880-232-0x00007FFE31590000-0x00007FFE31785000-memory.dmp

Filesize
2.0MB

Download
memory/4972-392-0x0000000073930000-0x0000000074B84000-memory.dmp

Filesize
18.3MB

Download
memory/4976-425-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/4976-429-0x0000000050120000-0x000000005030D000-memory.dmp

Filesize
1.9MB

Download
memory/4976-430-0x0000000050310000-0x0000000050349000-memory.dmp

Filesize
228KB

Download
memory/4976-422-0x000000006C470000-0x000000006C5EB000-memory.dmp

Filesize
1.5MB

Download
memory/4976-405-0x00007FFE31590000-0x00007FFE31785000-memory.dmp

Filesize
2.0MB

Download
memory/4976-404-0x000000006C470000-0x000000006C5EB000-memory.dmp

Filesize
1.5MB

Download