Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\Downloads\FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 22:08:29 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 22:08:28 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 22:08:28 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 22:08:29 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 22:08:28 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\Downloads\012301b8-d4a6-4e56-81d7-61a09fb43fd8.tmp
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\Downloads\FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip.crdownload (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
Chrome Cache Entry: 59
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
downloaded
|
||
|
Chrome Cache Entry: 60
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2016,i,16869703180556477407,8708892340595785305,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://docs.google.com/uc?export=download&id=1gucHUhrnC0jRDGAhRfRkCK8rYqf0o3cv"
|
|
|
|
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip"
|
||
|
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\qhqxwr2q.1y1" "C:\Users\user\Downloads\FALLO
SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
docs.google.com
|
142.250.186.78
|
||
|
drive.usercontent.google.com
|
142.250.184.193
|
||
|
www.google.com
|
216.58.206.68
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.186.78
|
docs.google.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.250.184.193
|
drive.usercontent.google.com
|
United States
|
||
|
192.168.2.8
|
unknown
|
unknown
|
||
|
216.58.206.68
|
www.google.com
|
United States
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2B63000
|
trusted library allocation
|
page read and write
|
||
|
51C000
|
stack
|
page read and write
|
||
|
DC7000
|
trusted library allocation
|
page execute and read and write
|
||
|
E0E000
|
stack
|
page read and write
|
||
|
26F0000
|
heap
|
page read and write
|
||
|
D70000
|
trusted library allocation
|
page read and write
|
||
|
4D1E000
|
stack
|
page read and write
|
||
|
2AF1000
|
trusted library allocation
|
page read and write
|
||
|
27AE000
|
stack
|
page read and write
|
||
|
2500000
|
heap
|
page read and write
|
||
|
B2F000
|
stack
|
page read and write
|
||
|
E5E000
|
stack
|
page read and write
|
||
|
4F5A000
|
stack
|
page read and write
|
||
|
99B000
|
heap
|
page read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
2B73000
|
trusted library allocation
|
page read and write
|
||
|
2BA3000
|
trusted library allocation
|
page read and write
|
||
|
A09000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
2B40000
|
trusted library allocation
|
page read and write
|
||
|
2B9A000
|
trusted library allocation
|
page read and write
|
||
|
7FAB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B69000
|
trusted library allocation
|
page read and write
|
||
|
960000
|
trusted library allocation
|
page read and write
|
||
|
9DC000
|
heap
|
page read and write
|
||
|
D5F000
|
stack
|
page read and write
|
||
|
2B4D000
|
trusted library allocation
|
page read and write
|
||
|
2BAE000
|
trusted library allocation
|
page read and write
|
||
|
2B2E000
|
trusted library allocation
|
page read and write
|
||
|
99E000
|
heap
|
page read and write
|
||
|
523F000
|
stack
|
page read and write
|
||
|
EA0000
|
heap
|
page execute and read and write
|
||
|
8FB000
|
stack
|
page read and write
|
||
|
4FFE000
|
stack
|
page read and write
|
||
|
D82000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BB1000
|
trusted library allocation
|
page read and write
|
||
|
DAA000
|
trusted library allocation
|
page execute and read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
D8A000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
C5F000
|
stack
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
2BA8000
|
trusted library allocation
|
page read and write
|
||
|
4C8E000
|
stack
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
2B8F000
|
trusted library allocation
|
page read and write
|
||
|
3AF1000
|
trusted library allocation
|
page read and write
|
||
|
65C000
|
stack
|
page read and write
|
||
|
513E000
|
stack
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
2BA0000
|
trusted library allocation
|
page read and write
|
||
|
2B52000
|
trusted library allocation
|
page read and write
|
||
|
8F9000
|
stack
|
page read and write
|
||
|
2B2C000
|
trusted library allocation
|
page read and write
|
||
|
4E5D000
|
stack
|
page read and write
|
||
|
DBA000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B92000
|
trusted library allocation
|
page read and write
|
||
|
2BAB000
|
trusted library allocation
|
page read and write
|
||
|
50FE000
|
stack
|
page read and write
|
||
|
D9A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B66000
|
trusted library allocation
|
page read and write
|
||
|
2B60000
|
trusted library allocation
|
page read and write
|
||
|
2B70000
|
trusted library allocation
|
page read and write
|
||
|
2BB6000
|
trusted library allocation
|
page read and write
|
||
|
2B55000
|
trusted library allocation
|
page read and write
|
||
|
2B20000
|
trusted library allocation
|
page read and write
|
||
|
DB2000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B9D000
|
trusted library allocation
|
page read and write
|
||
|
DCB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B89000
|
trusted library allocation
|
page read and write
|
||
|
2B47000
|
trusted library allocation
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
5240000
|
trusted library allocation
|
page read and write
|
||
|
8F6000
|
stack
|
page read and write
|
||
|
2BB4000
|
trusted library allocation
|
page read and write
|
||
|
26F5000
|
heap
|
page read and write
|
||
|
93E000
|
stack
|
page read and write
|
||
|
97E000
|
stack
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
93E000
|
stack
|
page read and write
|
||
|
B68000
|
heap
|
page read and write
|
||
|
2B8C000
|
trusted library allocation
|
page read and write
|
||
|
D90000
|
trusted library allocation
|
page read and write
|
||
|
5C6000
|
heap
|
page read and write
|
||
|
9CD000
|
heap
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
E80000
|
trusted library allocation
|
page read and write
|
||
|
D5F000
|
stack
|
page read and write
|
||
|
E90000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B25000
|
trusted library allocation
|
page read and write
|
||
|
4E1D000
|
stack
|
page read and write
|
||
|
A0E000
|
heap
|
page read and write
|
||
|
75D000
|
stack
|
page read and write
|
||
|
80E000
|
stack
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
9E4000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
D9C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B38000
|
trusted library allocation
|
page read and write
|
||
|
D92000
|
trusted library allocation
|
page execute and read and write
|
||
|
9B6000
|
heap
|
page read and write
|
There are 92 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://drive.usercontent.google.com/download?id=1gucHUhrnC0jRDGAhRfRkCK8rYqf0o3cv&export=download
|
|