hxxps://drive[.]google[.]com/uc?id=1Qox4cFZqAPiCfql6SBNNgOKzBTlbxAn7&export=download&authuser=0

Analysis

max time kernel
184s
max time network
184s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
04-12-2024 17:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/uc?id=1Qox4cFZqAPiCfql6SBNNgOKzBTlbxAn7&export=download&authuser=0

Score

7^/10

discovery

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Source.vbs	CUENTA DE COBRO_CARTERA AVANZADA.pdf.exe

Executes dropped EXE 1 IoCs

pid	Process
1612	CUENTA DE COBRO_CARTERA AVANZADA.pdf.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
9	drive.google.com
10	drive.google.com

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1612 set thread context of 4540	1612	CUENTA DE COBRO_CARTERA AVANZADA.pdf.exe	103

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CUENTA DE COBRO_CARTERA AVANZADA.pdf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_compiler.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133778054634880528"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2088	chrome.exe
2088	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2088	chrome.exe
2088	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
4080	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 3396	2088	chrome.exe	80
PID 2088 wrote to memory of 3396	2088	chrome.exe	80
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4556	2088	chrome.exe	81
PID 2088 wrote to memory of 4532	2088	chrome.exe	82
PID 2088 wrote to memory of 4532	2088	chrome.exe	82
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83
PID 2088 wrote to memory of 1664	2088	chrome.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/uc?id=1Qox4cFZqAPiCfql6SBNNgOKzBTlbxAn7&export=download&authuser=0
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x21c,0x1f8,0x7ffbc7bacc40,0x7ffbc7bacc4c,0x7ffbc7bacc58
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1756,i,12870624953262719803,2128411900674284944,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1660 /prefetch:2
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1872,i,12870624953262719803,2128411900674284944,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,12870624953262719803,2128411900674284944,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,12870624953262719803,2128411900674284944,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,12870624953262719803,2128411900674284944,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4288,i,12870624953262719803,2128411900674284944,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4596 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4780,i,12870624953262719803,2128411900674284944,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4916,i,12870624953262719803,2128411900674284944,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2852

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4132

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1344

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1836

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\CUENTA DE COBRO_CARTERA AVANZADA.pdf\" -ad -an -ai#7zMap1550:134:7zEvent8091
1⤵
- Suspicious use of FindShellTrayWindow
PID:4080

C:\Users\Admin\Downloads\CUENTA DE COBRO_CARTERA AVANZADA.pdf\CUENTA DE COBRO_CARTERA AVANZADA.pdf.exe
"C:\Users\Admin\Downloads\CUENTA DE COBRO_CARTERA AVANZADA.pdf\CUENTA DE COBRO_CARTERA AVANZADA.pdf.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1612
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
38220e1d80ee694cf382fa778517026b

SHA1
1d44ce735ea597fb1769f098b561e48fde2acdf0

SHA256
245e5df6197cf615f47f4d5e8386c872725039876a64c71b3e18102728a9761c

SHA512
047ae8c2d796e9d76e947b3b60794bb8385191fe2a903f9b2b5ef006cf79b18bf7457b3ef6c4c9efcab86cb27828f31e1f39c3fb6f11a424fd14c4f87e1c9fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
42a7d96883641a056bda32a943a87efd

SHA1
cde2492e54fe87453c33987f496ae4445648470d

SHA256
786183671facb5010eebf378c598e7e26cc6f9c48d9c39eebfc8bf5b6adddc0b

SHA512
d0bcac6e8cffb4568163a5a8860102824d0dcd9dc29a1f6441883c159441193e9a9e4fb2836070cc6b14716890b51333c6bc77db0b3a83a7600a8d6c45d37272

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
ed05cfd14cc9150f6f6b92ec8df2b72c

SHA1
b8221ee18d985076f68f83d67ab2bc079f2ebe56

SHA256
0a5046c278aa52af0a7e6f573c25eb7c18dcf2c52bfd5d8151556bdf55b7f5fe

SHA512
f716f6ad228e220f25e2e03befab4f1c70b5162c8dd0cb04ea1db17a3cc762ebf37758c1a3582e1cb5028d0a5bb831183ac46b924f95f21f915997cdb52c0b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0a53713285a25db7158a96d65d0cbf6d

SHA1
1eca9cd38d12cce0193ef1081b85c3d2119399f0

SHA256
246dad41b38202870ead3ec8522b5eee3b39eb37c78b6e924d105137856e207a

SHA512
350eb87fde32e54abe35276bd552349f7a520bb1e7687e454d69f4a50092fc64acc4cd147d53ef257e8ae23cb2db0e377f31476f54714c2f8de99fdf8a78a6a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
39b5bf4421b8d5d7b5d94f57c2cdcd25

SHA1
277e859bf3e163fe525ea2cc33e86bfdeca9d23a

SHA256
6d3556349df4a9b1225c45cf7379b659ad3574b294cda4e7b1668072935cf7c9

SHA512
b6a2aecae5702e9595da91d5f22a1bfe19c1ae1c1cfa7f95d4a45e850cb4cf0611602510efe6198ad514f3990d7fa1050be8c782b30582be67a14846607620b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
976b77d32666d815b2018c505c87be04

SHA1
876a9eeda0c5dc21d0e20a2fb6f5440bb80581e4

SHA256
3a034732eae8b30e94e09583689609eb56c3225ceaabf1f018b54079f78f3758

SHA512
85b26297eed9828783357126e9e553425859e88ed9c8f2df48c022c8f3804ee3c8bbd13882f099c37da5173cb363f51795fb4ca04489772f3b4f10be51430790

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d66e9ca33cd2b67896afbbf4d1dc4a7c

SHA1
6af946a1b7a76f21fabd89e25526379c0e1a5581

SHA256
61435c32b5f35d25994dd241a147ead9ed7e6aa258344d416daa195db9f5298f

SHA512
5ae3faeb11e0ac7732e2b9f690d46d08277785e9f3f83ddaf909113dee4efe94096406b207757fdd77f6cc8b07a23c033c54a9ab9ff57e700e19c58459ac2a9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2edceb4423de42c2ce5c92b744287a71

SHA1
2018aa255e5c8c2e989b3ca99e0be4e341929522

SHA256
d3389f0526df1ed40bc7cd2b19e351529c2f8af1f4f1dc232666c818f396804a

SHA512
105cd40e04c17cc36cea26b38e2399e4b2af532c5e289db3efc1ee4be77c4ac0094bd01d5035ea424d431a75a496cbd832062116777be9ba5393b25b43537e52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0ccdf8ce76ad5d9023c7b3d113721f38

SHA1
ca59cb15ef01eff074d96b879622cd048f6a5991

SHA256
1fbe967dde99c01d11b7fce18c3d214e08ec132892100a5d8b57817626a1cc7a

SHA512
128304f0f2ba6110bfe17c979927901f42bb10f0abf9f2909797d07ccb450348ce379c2850c393a3edd9b0a4100b3c0ef8cbf4540639460ab98d11368544ee0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
15cc5fbea1bee2c97cc56e408b86fcf6

SHA1
caa5c2ed8f2f5d60eea84b0c2abbd5f4bf6e451d

SHA256
a428c3d908ff5a385a946a4507fc3ead81ad5ccc31c50e47e0e5c24f243979b4

SHA512
7e744a576978cf22cc78224a5dbd89fdc54681583be961ee791885fbee1739af9732e0c18c7f992700bd361903efa5b63238f333530d8af3fd8c90f4c2ac2826

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8cba082e0f469779f14970c4f69b9f79

SHA1
6a176be85c03327a50f164c79ffbde52d534c632

SHA256
3d3c90cfce31747748d5d55b51248970f8b9be4785efcd55e4caea37b8b58fb7

SHA512
71102fb2cfd74e4bf0a9eb9062ed8365b02eb0525fb2af642c6b15ec8384927d0c77503d811dc9b34218c26eb198ba7ded17494d5ef216a751bdef00eaca6a00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fba143303d9620e500ee79779536b628

SHA1
8f17e70ab91843042bbcda3a78715cf409912c04

SHA256
7242bb2ff4da58b317e24731b1cdbcb98c963ce3fe879d652dae9e78264fa278

SHA512
eeca64ab5d5974065b303d51027a8ab5e0de230576ff97c968efd1e2373568153440dc8afce7c52a217e9fd7d8311137bd9b4460fc1ad2323abbed89dc3c24c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
62a2252b67c3098b1adf68cc64f65e49

SHA1
9dc47a303ed563ca0989a26a225d616627243557

SHA256
f52ac0f05bbda4e0c38e13c86dcc7860c8a9077e13623001fd6cf7e9dafced95

SHA512
c7fdf8a1b2ca0af7f3032a63a5ec37f179a8e0254ff1b51db89e92f3a75a1061515ea8794998de13de586e42c7b89da7b08034ee29c3176cd74af4f2f60fc362

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
de242f203b7e3035c8f0dbe35dff196d

SHA1
4be9df3d48e32d2ea86b2b522bdc56421a5e87fc

SHA256
5afc5d27b4da97a9a5d022dad0265084e7be5bb953ac860a1658faaf0c9497b9

SHA512
0c55d4befc426f9715b6b1168c391270750ac7887242746706ab108349df6ec9110aa2356ef371404e5ddc204c1ae27bd4c85ef71daeca013aa0addb19e90041

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
58814ee124335206bf4bd8bdd09de047

SHA1
5e130f1a786f729c38fd0f9531a10ad061550c9c

SHA256
afb9617f9e5b30564881a007ccf3063872486a2b21723c052acd1a518020f821

SHA512
f56c2fcd312203b70b3c1349bc2ccfd2342c8438bbeae2395bca815d36826537d9f3f68387b571494a12d07972a925664b827c9e47066c84998ddfde657a78ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
1c285302ea551cae8acd03b9f96524ce

SHA1
8110d528e7c6a2b69a0b23a2c9b926cd2c337f55

SHA256
d55f0506eeb774d44c6a1db73a98ab5b9f26b6282f68060981793b3a15dda2e4

SHA512
9fcc9fbe91d9d59609c13910eca1bb1997494d66c1473f3f161a82cfbadc11d08c8a0f0af78d0c9e9988f90f0586e57b8e812f848985a99d94c96c0319202597

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
feb12b3c40053899a4a8517ea39a94f7

SHA1
c48d2694b4ece5ee5f1815af62a08a9349b1bec8

SHA256
ad3648f23f258c23faf31d7f1c94c3ffb436ec1b46042eee2a42ccbdde56a0a3

SHA512
96664c07bf9bebd426f29ba958bbe5d1d98c641b505631b8b225a8080ae802d644012cfb1846be56d8e371589ebeef991e872b799fd367639b63e7f0c345bd81

Download Submit
C:\Users\Admin\Downloads\CUENTA DE COBRO_CARTERA AVANZADA.pdf.rar.crdownload

Filesize
1.2MB

MD5
69766774bde3e67f034122f2ca86844f

SHA1
e3574ed9d21f05a915ea00a6225b0a114131feea

SHA256
73638f46543d91af0f44334f4051c0010c1f3b1fe17ea4346857ae048213551f

SHA512
5e80516d3d2f0b0599cb645e6ccd130ba937e01c10655c19e900ae8eda035b111d61975f4b928956befeb1844a7e0ae3fde99896c18076e6a4b7a94c708a6c07

Download Submit
C:\Users\Admin\Downloads\CUENTA DE COBRO_CARTERA AVANZADA.pdf\CUENTA DE COBRO_CARTERA AVANZADA.pdf.exe

Filesize
1.8MB

MD5
dc047d9bfe167d07e21ba32993b5f049

SHA1
3203edbfb3657218e8bfb0c6c71bcd1fa632f8ac

SHA256
acde3277bf25ca5e61fb533711fa38be45dc77bd3e67a9e65c593bc1eeb3a8a0

SHA512
6e0dfd044a788f98896390a160dfde682afd627326f1b533039e56671f08c5c33e6ad271431b839dea48a5296de977d9a54e2e989a70f0e12b1a8a4f5d07a05a

Download Submit
memory/1612-159-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-137-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-185-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-183-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-177-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-175-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-173-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-171-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-169-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-167-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-165-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-163-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-161-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-181-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-157-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-153-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-151-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-149-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-155-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-147-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-145-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-143-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-139-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-179-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-135-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-133-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-127-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-125-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-123-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-141-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-131-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-129-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/1612-1307-0x00000000052C0000-0x000000000531E000-memory.dmp

Filesize
376KB

Download
memory/1612-1308-0x0000000005320000-0x000000000536C000-memory.dmp

Filesize
304KB

Download
memory/1612-1309-0x0000000005400000-0x0000000005454000-memory.dmp

Filesize
336KB

Download
memory/1612-118-0x0000000000390000-0x0000000000558000-memory.dmp

Filesize
1.8MB

Download
memory/1612-119-0x0000000005030000-0x000000000511E000-memory.dmp

Filesize
952KB

Download
memory/1612-120-0x00000000056D0000-0x0000000005C76000-memory.dmp

Filesize
5.6MB

Download
memory/1612-121-0x0000000005220000-0x00000000052B2000-memory.dmp

Filesize
584KB

Download
memory/1612-122-0x0000000005030000-0x0000000005118000-memory.dmp

Filesize
928KB

Download
memory/4540-1315-0x0000000004FA0000-0x0000000005006000-memory.dmp

Filesize
408KB

Download
memory/4540-1344-0x0000000006110000-0x0000000006186000-memory.dmp

Filesize
472KB

Download
memory/4540-1345-0x0000000005360000-0x0000000005384000-memory.dmp

Filesize
144KB

Download
memory/4540-1346-0x00000000060C0000-0x00000000060DE000-memory.dmp

Filesize
120KB

Download
memory/4540-1314-0x0000000004E90000-0x0000000004F2C000-memory.dmp

Filesize
624KB

Download
memory/4540-1313-0x0000000004B10000-0x0000000004B1A000-memory.dmp

Filesize
40KB

Download
memory/4540-1312-0x00000000005C0000-0x00000000005DA000-memory.dmp

Filesize
104KB

Download