c188e44d9df36bd2ec75049d9158b7a6182c0a0e439ea0633001fbcde870baac

Analysis

max time kernel
138s
max time network
119s
platform
windows7_x64
resource
win7-20250207-en
resource tags

arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
submitted
28/03/2025, 02:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RV_ DOCUMENTOS PARA EL REGIMEN ESPECIAL ZESE DE INDUSTRIAS PRISM.eml
Size

17.4MB
MD5

63bd8dd9d6a0781534cdd57382e55a50
SHA1

8b7127c4097d84fd9ee767b1fdf9e705c2806cea
SHA256

c188e44d9df36bd2ec75049d9158b7a6182c0a0e439ea0633001fbcde870baac
SHA512

bd0f074c42521e210ea2870fca6bfec73d6993a9e49438d0f28ca49cf50c359b4a9a118c539db114804d8a660ac925ffa6a444f718084642b8a7559761b3be84
SSDEEP

49152:tZ4h4qjPtBAfnBhakY5kYmem8KsRhXKJNVtCizzd7stp2FZMFaaPey4b5rNOg5ui:Z

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 14 IoCs

description	ioc	Process
File created	C:\Windows\system32\perfc00C.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc010.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh011.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh007.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc009.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh009.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh00A.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh00C.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh010.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc011.dat	OUTLOOK.EXE
File created	C:\Windows\SysWOW64\PerfStringBackup.TMP	OUTLOOK.EXE
File opened for modification	C:\Windows\SysWOW64\PerfStringBackup.INI	OUTLOOK.EXE
File created	C:\Windows\system32\perfc007.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc00A.dat	OUTLOOK.EXE

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\inf\Outlook\outlperf.h	OUTLOOK.EXE
File opened for modification	C:\Windows\inf\Outlook\outlperf.h	OUTLOOK.EXE
File created	C:\Windows\inf\Outlook\0009\outlperf.ini	OUTLOOK.EXE
File opened for modification	C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\PDFFile_8.ico	OUTLOOK.EXE
File opened for modification	\??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico	OUTLOOK.EXE

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OUTLOOK.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000672F4-0000-0000-C000-000000000046}\TypeLib\Version = "9.4"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630ED-0000-0000-C000-000000000046}\ProxyStubClsid32	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063039-0000-0000-C000-000000000046}\ProxyStubClsid32	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0006303B-0000-0000-C000-000000000046}\TypeLib\ = "{00062FFF-0000-0000-C000-000000000046}"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630DF-0000-0000-C000-000000000046}\TypeLib\Version = "9.4"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063034-0000-0000-C000-000000000046}\ = "_MailItem"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0006305C-0000-0000-C000-000000000046}\ = "_UserDefinedProperty"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063033-0000-0000-C000-000000000046}\TypeLib\ = "{00062FFF-0000-0000-C000-000000000046}"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063020-0000-0000-C000-000000000046}\TypeLib\Version = "9.4"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000672F5-0000-0000-C000-000000000046}	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063089-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0006300B-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0006307B-0000-0000-C000-000000000046}	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0006309D-0000-0000-C000-000000000046}\TypeLib	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630F3-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	OUTLOOK.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063046-0000-0000-C000-000000000046}\ = "FormDescription"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630CB-0000-0000-C000-000000000046}\ProxyStubClsid32	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063044-0000-0000-C000-000000000046}\ProxyStubClsid32	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0006300D-0000-0000-C000-000000000046}\ = "ResultsEvents"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630FE-0000-0000-C000-000000000046}\TypeLib\ = "{00062FFF-0000-0000-C000-000000000046}"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063038-0000-0000-C000-000000000046}\TypeLib	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063037-0000-0000-C000-000000000046}\TypeLib\ = "{00062FFF-0000-0000-C000-000000000046}"	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000672DD-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063001-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0006302D-0000-0000-C000-000000000046}\ = "_PropertyAccessor"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063003-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630DA-0000-0000-C000-000000000046}\ProxyStubClsid32	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630C9-0000-0000-C000-000000000046}\TypeLib	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630A5-0000-0000-C000-000000000046}\ProxyStubClsid32	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063081-0000-0000-C000-000000000046}\TypeLib\Version = "9.4"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000672DA-0000-0000-C000-000000000046}\ProxyStubClsid32	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630DC-0000-0000-C000-000000000046}	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063083-0000-0000-C000-000000000046}\TypeLib\Version = "9.4"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0006304D-0000-0000-C000-000000000046}	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630E6-0000-0000-C000-000000000046}\ = "_NavigationPane"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630CB-0000-0000-C000-000000000046}\TypeLib	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063105-0000-0000-C000-000000000046}\ProxyStubClsid32	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063105-0000-0000-C000-000000000046}\TypeLib\ = "{00062FFF-0000-0000-C000-000000000046}"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0006304F-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00067367-0000-0000-C000-000000000046}	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0006307F-0000-0000-C000-000000000046}\TypeLib\ = "{00062FFF-0000-0000-C000-000000000046}"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0006303F-0000-0000-C000-000000000046}\TypeLib	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063001-0000-0000-C000-000000000046}\TypeLib\Version = "9.4"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0006303C-0000-0000-C000-000000000046}	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0006302D-0000-0000-C000-000000000046}\TypeLib\ = "{00062FFF-0000-0000-C000-000000000046}"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630A8-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0006302B-0000-0000-C000-000000000046}\TypeLib	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630EB-0000-0000-C000-000000000046}\TypeLib\ = "{00062FFF-0000-0000-C000-000000000046}"	OUTLOOK.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000672DE-0000-0000-C000-000000000046}\ProxyStubClsid32	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000672DE-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000672F0-0000-0000-C000-000000000046}	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063042-0000-0000-C000-000000000046}\TypeLib	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630DF-0000-0000-C000-000000000046}\ = "_SenderInAddressListRuleCondition"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630D2-0000-0000-C000-000000000046}	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063083-0000-0000-C000-000000000046}\TypeLib\ = "{00062FFF-0000-0000-C000-000000000046}"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063105-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00063103-0000-0000-C000-000000000046}\ProxyStubClsid32	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000630F8-0000-0000-C000-000000000046}\ProxyStubClsid32	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0006302F-0000-0000-C000-000000000046}\TypeLib\ = "{00062FFF-0000-0000-C000-000000000046}"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00067368-0000-0000-C000-000000000046}\ = "OlkTimeZoneControlEvents"	OUTLOOK.EXE

NTFS ADS 64 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\agosto 2022.pdf:Zone.Identifier	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\planilla diciembre - enero 2024 (2).pdf:Zone.Identifier	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\abril 2020.pdf:Zone.Identifier	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\febrero 2020.pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\octubre 2020.pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\febrero 2021.pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\planilla abril - mayo 2023.pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\planilla octubre - noviembre 2023.pdf:Zone.Identifier	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\planilla mayo - junio 2024.pdf:Zone.Identifier	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\EXTRAJUICIO Y CERTIFICACION ZESE 2024 INDUSTRIAS PRISMA LTDA..pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\certificado de camara de comercio industrias prisma ltda.pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\septiembre 2021.pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\diciembre 2022.pdf:Zone.Identifier	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\febrero 2022.pdf:Zone.Identifier	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\mayo 2020.pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\julio 2022.pdf:Zone.Identifier	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\planilla agosto - septiembre 2023.pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\planilla diciembre 22 - enero 2023.pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\planilla enero - febrero 2024.pdf:Zone.Identifier	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\octubre 2021.pdf:Zone.Identifier	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\planilla diciembre 23 - enero 2024.pdf:Zone.Identifier	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\planilla septiembre - octubre 2023.pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\planilla octubre - noviembre 2024.pdf:Zone.Identifier	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\planilla noviembre - diciembre 2024.pdf:Zone.Identifier	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\planilla junio - julio 2024.pdf:Zone.Identifier	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\noviembre 2022.pdf:Zone.Identifier	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\planilla abril - mayo 2024.pdf:Zone.Identifier	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\abril 2020.pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\junio 2021.pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\abril 2022.pdf:Zone.Identifier	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\abril 2022.pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\agosto 2020.pdf:Zone.Identifier	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\enero 2021.pdf:Zone.Identifier	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\noviembre 2021.pdf:Zone.Identifier	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\planilla enero - febrero 2023.pdf:Zone.Identifier	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\planilla octubre - noviembre 2023.pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\mayo 2020.pdf:Zone.Identifier	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\mayo 2021.pdf:Zone.Identifier	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\septiembre 2021.pdf:Zone.Identifier	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\planilla febrero - marzo 2023.pdf:Zone.Identifier	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\planilla mayo - junio 2023.pdf:Zone.Identifier	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\planilla diciembre - enero 2024.pdf:Zone.Identifier	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\planilla enero - febrero 2024.pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\EXTRAJUICIO Y CERTIFICACION ZESE 2024 INDUSTRIAS PRISMA LTDA .pdf:Zone.Identifier	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\planilla diciembre - enero 2024.pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\planilla septiembre - octubre 2024.pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\planilla enero - febrero 2023.pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\planilla noviembre - diciembre 2023.pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\enero 2020.pdf:Zone.Identifier	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\diciembre 2021.pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\noviembre 2021.pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\julio 2022.pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\marzo 2022.pdf:Zone.Identifier	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\planilla agosto - septiembre 2024.pdf:Zone.Identifier	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\julio 2020.pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\enero 2022.pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\febrero 2022.pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\planilla junio - julio 2024.pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\planilla agosto - septiembre 2024.pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\planilla marzo - abril 2023.pdf:Zone.Identifier	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\certificado de camara de comercio industrias prisma ltda.pdf:Zone.Identifier	OUTLOOK.EXE
File created	C:\Users\Admin\Downloads\New folder\marzo 2020.pdf\:Zone.Identifier:$DATA	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\octubre 2020.pdf:Zone.Identifier	OUTLOOK.EXE
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\julio 2021.pdf:Zone.Identifier	OUTLOOK.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2640	OUTLOOK.EXE

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2640	OUTLOOK.EXE
1540	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2640	OUTLOOK.EXE

Suspicious use of SetWindowsHookEx 37 IoCs

pid	Process
2640	OUTLOOK.EXE
2640	OUTLOOK.EXE
2640	OUTLOOK.EXE
2640	OUTLOOK.EXE
2640	OUTLOOK.EXE
2640	OUTLOOK.EXE
2640	OUTLOOK.EXE
2640	OUTLOOK.EXE
2640	OUTLOOK.EXE
2640	OUTLOOK.EXE
2640	OUTLOOK.EXE
2640	OUTLOOK.EXE
2640	OUTLOOK.EXE
2640	OUTLOOK.EXE
2640	OUTLOOK.EXE
2640	OUTLOOK.EXE
2640	OUTLOOK.EXE
2640	OUTLOOK.EXE
2640	OUTLOOK.EXE
2640	OUTLOOK.EXE
2640	OUTLOOK.EXE
2640	OUTLOOK.EXE
2640	OUTLOOK.EXE
2640	OUTLOOK.EXE
2640	OUTLOOK.EXE
2640	OUTLOOK.EXE
2640	OUTLOOK.EXE
1540	AcroRd32.exe
1540	AcroRd32.exe
1540	AcroRd32.exe
1540	AcroRd32.exe
1540	AcroRd32.exe
1540	AcroRd32.exe
1540	AcroRd32.exe
1540	AcroRd32.exe
1540	AcroRd32.exe
1540	AcroRd32.exe

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE /eml "C:\Users\Admin\AppData\Local\Temp\RV_ DOCUMENTOS PARA EL REGIMEN ESPECIAL ZESE DE INDUSTRIAS PRISM.eml"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- NTFS ADS
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1792

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\New folder\abril 2020.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1540

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\New folder\abril 2022.pdf"
1⤵
- System Location Discovery: System Language Discovery
PID:1616

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\New folder\EXTRAJUICIO Y CERTIFICACION ZESE 2024 INDUSTRIAS PRISMA LTDA..pdf"
1⤵
- System Location Discovery: System Language Discovery
PID:1572

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\New folder\febrero 2021.pdf"
1⤵
- System Location Discovery: System Language Discovery
PID:1952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

Filesize
240KB

MD5
934398e46b3c7a2cf44a5b6aeed841ea

SHA1
cc76510be31c228fbfaf13d2d005e6dc55f9c40d

SHA256
a35d80845f91978548fe6905a65e153b3d8a112de03ec7c23af82751d87a6ac6

SHA512
6091f35cd6d2f82b1cf655e296f3630cc9bb4d3758555390e4806251d44d27fe7d51b34b38785c4c2313c52ada1bad571ef36852ecdd20abe926bda11684283a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf

Filesize
1KB

MD5
48dd6cae43ce26b992c35799fcd76898

SHA1
8e600544df0250da7d634599ce6ee50da11c0355

SHA256
7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a

SHA512
c1b9322c900f5be0ad166ddcfec9146918fb2589a17607d61490fd816602123f3af310a3e6d98a37d16000d4acbbcd599236f03c3c7f9376aeba7a489b329f31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\TBVBPT61\agosto 2020.pdf:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
2b87635bc6a15f76abbc889768cb5028

SHA1
1e8abf4bcf27e943282dd2b52158aa0a8b97c781

SHA256
bd57c1f571dc78a9a6e621beb74f0ec6c461d0e996dc412db731bfcf2c3b7211

SHA512
7ab092777aec416ba9fa63f94a4ac17461d751045bd17aa766f972c338419ab5884ed39c3aef79cd352008165b20540bc928957b861257964649a86cd90bf0f6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\New folder\EXTRAJUICIO Y CERTIFICACION ZESE 2024 INDUSTRIAS PRISMA LTDA..pdf

Filesize
674KB

MD5
fa1ebcaa60c4fee364b34dbc6916de66

SHA1
4408ced8f907948fdadfa28dc5ed9d85fcdfb207

SHA256
5c1d11abcf0d69a14934951e5807fb9de00aa77df1fb41113740eb63614e1a1e

SHA512
ab85268a0d6fd08709f144f8b129bfe843b10e4d0d439b1624434b9c87bc0b2fef809b601fb887ea58ab4273bc241a48d8b839ac424015f6c03c08995c6ba761

Download Submit
C:\Users\Admin\Downloads\New folder\abril 2020.pdf

Filesize
223KB

MD5
68d4c97576703fab98b7aac9b3fdd898

SHA1
3f0306529d50da72fd9792c9e8f8a23d655885fe

SHA256
d98fad63cc08c63740ba9d673577ffaa1edf4344cb4ab0bd12ee7f542ec7b62a

SHA512
638d2dadaf9c3db47777633379c3126775f6f0e9bf5523d840a414a4d7126d0be386dd0e7e6fc9831bde2517247f105decd5179d6a9e11ef65de20241475890d

Download Submit
C:\Users\Admin\Downloads\New folder\abril 2021.pdf

Filesize
231KB

MD5
deb933d5f6d152b307d547dc714a190d

SHA1
9f663a44c3f5a507c144fe1677da492deeaba508

SHA256
d97897bd43b98aac68f967219ac8341459b1e0d6ed9872a4bdcf629df65c6fd9

SHA512
14c48a2df2528963b6a90b57acaed2916371100d25387b16b29ca3af45f3a0555ee37585645b7309f77f14af6137127d041cb90cd8328325bd2f066b01a498eb

Download Submit
C:\Users\Admin\Downloads\New folder\abril 2022.pdf

Filesize
263KB

MD5
2f4c07e698d043a07363ec85f38acdbf

SHA1
a07660da7f5761050096c8c7b087f66535034251

SHA256
5c39f1c3700a3f7e7be316e0eb8c3f6b9da4a5efd8b9f3704586adb0b49fc917

SHA512
806f0910b56d60ea1a6ae0a40200b6fec2b6d7c4ba91a32ea77d3a40c6154e3b770d16c2d09141a090551354c792a584b372cdb8c2c8c62f676c483c66eb64f0

Download Submit
C:\Users\Admin\Downloads\New folder\agosto 2020.pdf

Filesize
224KB

MD5
d43b8d3c9c62ff9b365bbd35b0bdfbe8

SHA1
05b6738256a1b0feba49f896b837a0bea5de5d79

SHA256
e35e9a316ba518a514820344aad2a9c97d5f9badd8fb4d7326dfb9c66dd5d0fa

SHA512
128c3aaea614c2e6e973d23169bc665982e78359c780baee050dd0774c05e6e74e9e8fb2c1a0d30434cea951c825dfc01c017965fcea051dd97f1ce7f852dca7

Download Submit
C:\Users\Admin\Downloads\New folder\agosto 2021.pdf

Filesize
215KB

MD5
6e85ac1c5ad415f1a6b04d42519c92aa

SHA1
016fc82339274d61b13619821f3547c4ed827f44

SHA256
eea62fecf1ae0e101b86d3da6371bc3284db69143cf9e663f320268cbbff89c4

SHA512
1497f57c05d0e3bab4f73bd2dbf24bc49d85e3c42e85a9aef55d0a16964eb5aa85238b1ef5d28143add0062b7a334171ab5477ee66e68e918d560184049d4fe4

Download Submit
C:\Users\Admin\Downloads\New folder\agosto 2022.pdf

Filesize
271KB

MD5
172ecfdf237d4a31f9f31b1a5daa8daa

SHA1
19c8f3561666ef40b3d4a18a874a5fbb4b633978

SHA256
e65c5f0cdc906c08aa756b86f5a6d0af7916a85d11ef4c79b573dcff033d37fd

SHA512
e376815dc0fadf16daf57999b36fcdb2d1c0bffe24cfad10287447811d733ddcec93bc9c64046a91048908bbd581bf7b2a856fe25de71f5a8a71b556e06ae7a9

Download Submit
C:\Users\Admin\Downloads\New folder\certificado de camara de comercio industrias prisma ltda.pdf

Filesize
306KB

MD5
13aa8336900a3719658cfd0de55e6a91

SHA1
60e615280e27ab255b4f640bd2dfa85fe3a7b841

SHA256
12404f72694459d12fbe4288eeea1f2feb2aac67b763a22d82aeb51407519557

SHA512
7bcd0947e990d033bcf6ef2508eed80a73caa03b5db1502596a6737bd0e53965859392a1f960618b280ef674e6decc5ee868e6f851f7468a9b127cae48b78b64

Download Submit
C:\Users\Admin\Downloads\New folder\diciembre 2020.pdf

Filesize
225KB

MD5
1cd8cb71c12496f8503ee0a8e8bb92d7

SHA1
7968b829d88201b03658d04ee745875c3b3fcf65

SHA256
13ffb8b2e19ea408d6245ca45cc2ae667604693481d053c59b0a8c522d0caae5

SHA512
88dd308f5ff0b6047110103bbba8f3b4fa455b2aff0aac2b62dcc1029249d501c6e7099151e660a75ed6adeea02296e61994bf9d1fd3fbebd6cd235610b33b6b

Download Submit
C:\Users\Admin\Downloads\New folder\diciembre 2021.pdf

Filesize
224KB

MD5
b6cc9af7202cdd38121b06d47702c124

SHA1
492b8e78df9db130b4b7211f7cb9c80155883a5e

SHA256
51b340a921f887b16166043ebd3b17c8e1cdd281c8626d638f424510557e40ff

SHA512
162cfaba48dcd8f14ea0b907cc800e3c0e72d5acae06249c76c2c3242140a16fd8c55d24c6dfd294c6c8c6aca163b284d55633b2d2c0e372b0da61c1f3f710b2

Download Submit
C:\Users\Admin\Downloads\New folder\diciembre 2022.pdf

Filesize
285KB

MD5
eb4d328eb888799063c3ab3050997c0d

SHA1
272c13fa07a8cf9cbc6907197c9c65b3fa04e12a

SHA256
cd43a5910d1b93d74d898d53dab003b28a7853fccfa657a667e45caf0b94e973

SHA512
36c9ead2f19bf5e95b840048cf162aaaf766822fb4cd0872ad084dcd32db378230ad06720999867d5c835758eeb56453d15bd077f55d9d7d37ca5d1f7d14a63a

Download Submit
C:\Users\Admin\Downloads\New folder\enero 2020.pdf

Filesize
208KB

MD5
34931bfea5e4a175167b4c77977a4f45

SHA1
1d275d4ddb04380f13af74340c34530cda57dda3

SHA256
3c19e584b8a652b2302eed7675bddfc050ec453988c1ff1593221dc504440a49

SHA512
a432bc08933e7e3b078cabc92c2167c76fd51f0b5d7cac1035b3c42888df90980da85282e1cba9960ad2607db7b9f87429e67123186365326b123dcdcf22a3e5

Download Submit
C:\Users\Admin\Downloads\New folder\enero 2021.pdf

Filesize
198KB

MD5
1ab1e1b7d2a70a5a637fe9fd591faa93

SHA1
2040a9f0d8bc510e49415111a664f46d38332b66

SHA256
1c854a272120934b21bdf5a79a208935a0199539398438cdc5f189c9ba363f52

SHA512
33aa780bc1e5bf073e4ef163ef45db3fcfd3378667674b3682ddcaa8eae73ad76c8f5d92fbb51cc2382cd6e8e6da921d275ca6b5eaa2cfc4ff9566425ab1955b

Download Submit
C:\Users\Admin\Downloads\New folder\enero 2022.pdf

Filesize
252KB

MD5
4f1e7b9e74a6ed51d4b39601d3639bdc

SHA1
462f0b01349a2a986c89a4868b9c83eaccff3f02

SHA256
005aa5922e9d72ee8a132efd730807404777323056cb883fbf65f0a5408db1b8

SHA512
b7297898082f7ce7edacfd37997e97039745b8089db58da46a8601ef3306b3874a6364cae10aa12a6acd82f85eb29248e34f958a958f4ea198a74f402191c79d

Download Submit
C:\Users\Admin\Downloads\New folder\febrero 2020.pdf

Filesize
208KB

MD5
7bfc8b174a0cfcb3d396f08d58ae0635

SHA1
bf0406ad2c0454e9bab8807fde776ed514581b75

SHA256
2c06478150274c85ec6cf3ad348e649eb27fc9e635e3840834b4e0b673ac434a

SHA512
83a84d3b155ed15ddbe4215c220b2b0ce6dc98bcc94cec94e2e42cb6c36837c913277212e4ae1c5010f3d4a75d59d69fee3867ab8a75dc2c9b04de07c7596d61

Download Submit
C:\Users\Admin\Downloads\New folder\febrero 2021.pdf

Filesize
244KB

MD5
67f728ba71b09fd4f0b78e7c854fc484

SHA1
3ccd66ec3fb814ff497dc72bac4e4636cd4dba77

SHA256
901537e70eca2975593dacf4b02354040cf43798617baae4136507b8e4470de3

SHA512
bd0754e84a4add0e0afb95da068e134484aebea870f9c441f49765dd69868c5c59b23ab59b67d1a97890c1046743050d730d07ba4847a799b14a19fb940338a2

Download Submit
C:\Users\Admin\Downloads\New folder\febrero 2022.pdf

Filesize
251KB

MD5
ba401d1fc50c0b5c6b200ae33201866e

SHA1
f8409618ab242f772d615b8d02902653a48489bd

SHA256
576b6d8766bee7f5ab463a53865521b536f02b23a5eea488f3342e14a0b6373f

SHA512
f74c0031e05b94b4c87393284f27e96f899ca4a5c458a15921d10fed8ea2ca08fe0d546ddc8f93d9a74c7bcabfd28cf7b52fdf7e219c01b654d92b8bec922f3b

Download Submit
C:\Users\Admin\Downloads\New folder\julio 2020.pdf

Filesize
223KB

MD5
0ba53ff186104cd7acb96a8f34f135ca

SHA1
d30eabf3780d9fe5dd9f4914715ea4d8bb84feee

SHA256
6b35bd884a58f14546f644c4f27627bc900da1850a7cc4fd0ea88f7ef88f96af

SHA512
f3bea77c1c87d0b2f1674215eca4b89e53a35478f8387e339c45975511e67eb973675ce4cf6dc71e58e1a3750f63412d54a4ef0835ab8b29026b76342aa2ecb4

Download Submit
C:\Users\Admin\Downloads\New folder\julio 2021.pdf

Filesize
222KB

MD5
1d364b458e674ea8f54602f982900f68

SHA1
4ef1afff87493c7f540bdfc43d3ab0c363c4698d

SHA256
4fb7407d4315cdf0f367b06ed90f46c95dfafec99d390ab558edd0c3b9139041

SHA512
fae43279bf68601f8f1af8a9e64efc98de9633c1833215e9b40cbd5a351ef2a82367795f440bf7309bdd478d3d3f1abb4a1e27a530f292aead8cfed882d34206

Download Submit
C:\Users\Admin\Downloads\New folder\julio 2022.pdf

Filesize
264KB

MD5
06d4eccfa3262d40f2dc313554f792d9

SHA1
3c4e4683d47f0606314b013ac18a05aea2ba968b

SHA256
2ec76aec1c93ac3f751f315534c8123c5c679002e23f3b9787a11cc3ea24810e

SHA512
f2fe39c3c2cc7403f1c1bce1e4c34ad4a5d8b70e93efffd638731701d966f001388aef82ad58a23ad2e23ecea69c04cab5093f9f366e26f1486d78ddff5273d6

Download Submit
C:\Users\Admin\Downloads\New folder\junio 2020.pdf

Filesize
224KB

MD5
5cb09ff50cefc25f7213bc1053adc093

SHA1
118f2cf7949590527030ba9ccaf7df44473c073e

SHA256
513b66ffed12e109192abdf66ec358c9884a83d53cef4fb20a12926ecf0c6ec1

SHA512
d674756c11299cf10c8bfbee030e8203be25a857f6a93b4bb82d0124d4e4194cbf3bbebf898a458cd29456b77525eb6abfef3fcef579ca4cf024b27722fbf8c3

Download Submit
C:\Users\Admin\Downloads\New folder\junio 2021.pdf

Filesize
199KB

MD5
b4ac57da1cb4f0ae71a245aaad4f8188

SHA1
f1d1cb1dc699567fbf2819833101cb7734b2741f

SHA256
bdcad648c4dca84055a134710e02c172828443f2ca12223a0c9adb2cdd0d9a68

SHA512
d2bee42745111d2976d99bc68623396eb8c5b98711fc6c854834c912b8fab2a335c126b02e75219140ecebbf267f7163ff3a8f5ded74b1e85cbcf4e4d3f3c174

Download Submit
C:\Users\Admin\Downloads\New folder\junio 2022.pdf

Filesize
262KB

MD5
5f2be89307ce72467d7069c6a68bf72d

SHA1
da3927bb793bb0cabcd850d557257f41cf6c7167

SHA256
889c570fccf3027c1633bd8bcce33c356432427796a2b5447db4e62648ae9733

SHA512
e5053e8039ac4e0dd7bb63c0e59cd3fbd4dea7ce3e654fa7ce28e1cc70c61f2fa02231fbd530636887222042a2af7554acda97d67d2e8adea9e6a644c1267015

Download Submit
C:\Users\Admin\Downloads\New folder\marzo 2020.pdf

Filesize
222KB

MD5
f5da926f0e459e977b85b94beadcfeb0

SHA1
f9839a9ac3d430bf36634557db83c7e6cec49b95

SHA256
40e6064669f16a91e65d2f5de8c2ad61b62316013b8cec762158fb1890660428

SHA512
217641699f418799450223d7fd2182e8dd3fffa2ceca370291b8811d50d94d65480a50e2b0469bb7d448d54c4a77f96b8382cb239dd9c25eaac7d22e77813bb6

Download Submit
C:\Users\Admin\Downloads\New folder\marzo 2020.pdf

Filesize
230KB

MD5
f27f2599ca824b1debddff6b9ba5e918

SHA1
862c158f898ad3d3b98e54306557943887a24321

SHA256
fe28a4d207cedb30efa1fbe13b326d21b9c868f5fda351a1f7cc2c095d34488d

SHA512
05e37452a42c1cd16037854004cc4be4fe1d093252c6b42775576da6bd74f8adc408819ca961217f274aa1471ce6930174b3c08fb29fd531dbd09335e6113779

Download Submit
C:\Users\Admin\Downloads\New folder\marzo 2022.pdf

Filesize
264KB

MD5
194413dffa16cf4073a5ee4b3df8b060

SHA1
1af3b4cfbd4ba4f11fc5823933455632b5b54f6e

SHA256
44018102f199a065e33eacfbc7f9de82d711c5cb2bf882507d016973521c3df7

SHA512
7ee2d1d1900f98d7d66e6ba2e40c1ae66171f505031849b125a35a182f2618dc3b32e0f7cc904b105ebbc3a6f47ee5925d82f7e87a7830079ea12d5b04d00fb5

Download Submit
C:\Users\Admin\Downloads\New folder\mayo 2020.pdf

Filesize
220KB

MD5
72b0adb1749f62afee5d9ad82319dca1

SHA1
bf061fbfce4b10393033fd5fe21e607a6aed5151

SHA256
db253c23c729a4687c0d7e12f4c0b4820fd315e242ee0f31c6df2722397a3745

SHA512
361e0ed2d584ac4e894284e8dc28485e49d216509046e7e714c7a3c5a5bf0d20ef764968e9896d1be11a6836f81a7da61ac39a42c3da83fe385bea3126d4fe2b

Download Submit
C:\Users\Admin\Downloads\New folder\mayo 2021.pdf

Filesize
224KB

MD5
d882b675d08cdc65c36622760588eb1a

SHA1
5bd250626a65679b5a3b06dbc470595bd081334b

SHA256
1466f28b089a435887954640bf88f0e48fd953b325384aeeda45ce005c577c9c

SHA512
9f3e4fc5a0f0a9594b8a21b098ed9374a2994c9ca36d0995bc2479b7a8d2ef60a8760bf38778c990cb9b3a16cc90d7aac85853ddc61b55f67aec088ddbe3448a

Download Submit
C:\Users\Admin\Downloads\New folder\mayo 2022.pdf

Filesize
264KB

MD5
c320293b9fc2e62418f5d3c9056bcbb6

SHA1
48810518529716f3b43d986dea5f93d148601892

SHA256
09977654bdba41e4bf918faa73f1809511003ff8009018b8ad3d987e50499ada

SHA512
380fecf2cf96ca904d3c89d12ecedd7a7c4a54e93d08a9593249b1577b94f87332555ab10f46e050a0044caff52a7ba0f0c039dfe1a76461d79cb63e0d325394

Download Submit
C:\Users\Admin\Downloads\New folder\noviembre 2020.pdf

Filesize
221KB

MD5
48910f0b78f08ed06ecc251df0495017

SHA1
9ca4d0646a074254daa53682e826251b457b157e

SHA256
f8dce67e06a629093f3a331e5bd72f155c534b0328da672002b4560655929e99

SHA512
7b5eab1eb38435ec9a2182825583487d08d4c341ccc000d5cbdb128666b335c7a4dabda929a7025120af6e1aa21b8892fb228a943dd4f337a2d20c39423a3360

Download Submit
C:\Users\Admin\Downloads\New folder\noviembre 2021.pdf

Filesize
222KB

MD5
f4bd059b99bfc354b3d65c2d88b17f6e

SHA1
19c1a6b44e8ee47cf1d766801fd05dd3b48c73fb

SHA256
e13ae0be836e9b413e9aebe27b4f554a5f9518713c1856d2c2182e3e500c1c8c

SHA512
a7775330f0d8164cd0be954e62ad78794f29e99425f9a97f7b1748f324237b6f13f77b5d387fd8a43c0af4e580abab87ad6783669b490c8a45ff99740ad7754a

Download Submit
C:\Users\Admin\Downloads\New folder\noviembre 2022.pdf

Filesize
289KB

MD5
4e738e9468d58e65da92ad8cdc162e98

SHA1
36e26095259527aa5b8718b79ae9c1c42fe2d028

SHA256
9bf24f3f4cc78091f9ab1d2a250c87b08ecf093c2e4131be3514c8effb9fcc2b

SHA512
82639d0b53f45f4197c7def881092bb5a88699f783bae7c3047ea05d7ecacbc1f436b7d97b0d6655df8b9f2fe14628a2199181bbb762bf10467d0f471cdb5f1a

Download Submit
C:\Users\Admin\Downloads\New folder\octubre 2020.pdf

Filesize
219KB

MD5
15886992461f1650026c3e17b5b46461

SHA1
ee5e5f717f0a5b26ae92df4d9ad973be6840d723

SHA256
53f6aa466d3e62e46a9b4f711d171f79df43d2f43ddb7ad0d954aa9159b0a6f0

SHA512
0bb81c731c3f66e6aa3a9483820a60678881578512ce31db8769cd599e37b2772127bd072eac615fb434f54e9b169512baad60f37d8caaee1305dc43ab3a2cac

Download Submit
C:\Users\Admin\Downloads\New folder\octubre 2021.pdf

Filesize
223KB

MD5
5cd8ac4a954f70a8f9e51bd367a8aa77

SHA1
a080a65ff79fe378ae967ef36f983800e043f84e

SHA256
4393bc2b7b0da281b61f0dde176e379f909f50cd403f76327d5aea8872aef3ee

SHA512
15cb944e601db7f92c7774b50208accccde8e821cf49c3737b1252ed13406495de1e8aefd3c6b585358de7a54a55a4047eae8a9cd0a9c18af688f9ea19839d18

Download Submit
C:\Users\Admin\Downloads\New folder\octubre 2022.pdf

Filesize
281KB

MD5
5809a06c9f6bddb05b3df44222f05dc3

SHA1
5dad5ad83a2c44666d55d664ecb50ecfba07f122

SHA256
861ef7797791d6dc0f52cc33c1bc8f219f68234552b20337a46727670213c4ae

SHA512
4f50527e3700edd4f7b18a805dc7fd252d1b344836b585f5527b6175b0979337db80df4d22eaa09071a1fd3daa17bd49d1f8e77dcc70a2164c92ba5a5a801eae

Download Submit
C:\Users\Admin\Downloads\New folder\planilla abril - mayo 2023.pdf

Filesize
135KB

MD5
6c755849524211c539ad641a5090b828

SHA1
0c69d2a1eeee08a09f7c064661cc14f47164113b

SHA256
2fd612e0eb76fcf12f4cddeea0bd469aae3ebd60abd971e1024f818b050efca8

SHA512
f98e38a1125547e365f06822bbc02eea29604d090a93831e1a29e332c419c5d48c1d2e3b3f538e5605843b75064bac62fb3ff042c31896b68b2b8fd6f51450f2

Download Submit
C:\Users\Admin\Downloads\New folder\septiembre 2020.pdf

Filesize
200KB

MD5
50f38b67efc9c1d6e39b6afad97bdc28

SHA1
3dc76f0483f133045275c653a3b3e8df9d5b7fa8

SHA256
6176906ba9cfbc626a15b539b614538e6dddb1994e0783ecfb6e7c41c7dde41a

SHA512
856412472c963198ada93bb9c2dfb11f1e54e18db5ce703c8cfe9eaad237a67e578d25eb742baae3d914e482a10ae270db3f73fbb034d978250dd46fd16acd1d

Download Submit
C:\Users\Admin\Downloads\New folder\septiembre 2021.pdf

Filesize
225KB

MD5
aa9bc2baa73fbb9f543e087707296151

SHA1
eceb92c03a944c9ba762bd88a8372d41bf327e4a

SHA256
775c81d5455933971c00f206e36b5e5a02ee614ac5553cfd7e37a60e0b1d58d3

SHA512
c67477ca5e8191b8aa5b8bf33e73b02312e0d9626c6763da5049e042012ee9b9dc1e4128a8ab6141a47350a1bfcfdd8f48dc8f6aebf0da7d6495187028eebc10

Download Submit
C:\Users\Admin\Downloads\New folder\septiembre 2022.pdf

Filesize
270KB

MD5
559adb0c81ff4ad02a492c826fdbb1b3

SHA1
83b2ff88f5c2598340ae3de04be58c017529770d

SHA256
153620106456f5409e514ea5ea8c0ce830f40824bfa744a9c6c0cb1ca5ec9092

SHA512
f83c887770a31870f03b066edeb1116ee909a4428c119aa82a5b160a76fecbe1c9b61fa501bd02c801ee6141ba7adde9b813d0031ab57b883dd7f43146a5940a

Download Submit
memory/1540-847-0x0000000000C00000-0x0000000000C0A000-memory.dmp

Filesize
40KB

Download
memory/1540-846-0x0000000000C00000-0x0000000000C0A000-memory.dmp

Filesize
40KB

Download
memory/1540-853-0x0000000000C00000-0x0000000000C0A000-memory.dmp

Filesize
40KB

Download
memory/1540-852-0x0000000000C00000-0x0000000000C0A000-memory.dmp

Filesize
40KB

Download
memory/2640-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2640-1-0x0000000073E1D000-0x0000000073E28000-memory.dmp

Filesize
44KB

Download
memory/2640-124-0x0000000073E1D000-0x0000000073E28000-memory.dmp

Filesize
44KB

Download
memory/2640-242-0x000000000B960000-0x000000000B962000-memory.dmp

Filesize
8KB

Download