Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 12:41:58 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 12:41:58 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 12:41:58 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 12:41:58 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 12:41:58 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
Chrome Cache Entry: 100
|
Unicode text, UTF-8 text, with very long lines (64935), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 101
|
TrueType Font data, digitally signed, 15 tables, 1st "DSIG", 13 names, Microsoft, language 0x409, Copyright 2014-2017 Indian
Type Foundry (info@indiantypefoundry.com)PoppinsRegular3.010;ITFO;Pop
|
downloaded
|
||
Chrome Cache Entry: 102
|
ASCII text, with very long lines (65369)
|
downloaded
|
||
Chrome Cache Entry: 103
|
Unicode text, UTF-8 (with BOM) text, with very long lines (65532), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 104
|
HTML document, ASCII text
|
downloaded
|
||
Chrome Cache Entry: 105
|
Unicode text, UTF-8 text, with very long lines (64935), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 106
|
PNG image data, 1024 x 229, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 107
|
Unicode text, UTF-8 text, with very long lines (65309)
|
downloaded
|
||
Chrome Cache Entry: 108
|
Unicode text, UTF-8 text, with very long lines (51208)
|
downloaded
|
||
Chrome Cache Entry: 109
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 111
|
Unicode text, UTF-8 (with BOM) text, with very long lines (25631), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 112
|
Unicode text, UTF-8 (with BOM) text, with very long lines (969), with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 113
|
ASCII text, with very long lines (13312)
|
dropped
|
||
Chrome Cache Entry: 114
|
Unicode text, UTF-8 (with BOM) text, with very long lines (6897), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 115
|
Unicode text, UTF-8 (with BOM) text, with very long lines (704), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 116
|
Unicode text, UTF-8 (with BOM) text, with very long lines (31444), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 117
|
ASCII text, with very long lines (572)
|
downloaded
|
||
Chrome Cache Entry: 118
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 119
|
ASCII text, with very long lines (39553)
|
dropped
|
||
Chrome Cache Entry: 120
|
Unicode text, UTF-8 (with BOM) text, with very long lines (15300), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 121
|
ASCII text, with very long lines (1145), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 122
|
Unicode text, UTF-8 (with BOM) text, with very long lines (7337), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 123
|
ASCII text, with very long lines (58392), with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 124
|
Unicode text, UTF-8 (with BOM) text, with very long lines (7337), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 125
|
PNG image data, 1024 x 229, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 126
|
Unicode text, UTF-8 text, with very long lines (6743), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 127
|
Unicode text, UTF-8 (with BOM) text, with very long lines (25631), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 128
|
ASCII text, with very long lines (65451)
|
dropped
|
||
Chrome Cache Entry: 129
|
ASCII text, with very long lines (13312)
|
downloaded
|
||
Chrome Cache Entry: 130
|
Unicode text, UTF-8 (with BOM) text, with very long lines (15300), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 131
|
Unicode text, UTF-8 (with BOM) text, with very long lines (6897), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 132
|
ASCII text, with very long lines (1145), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 133
|
Unicode text, UTF-8 (with BOM) text, with very long lines (969), with CRLF line terminators
|
dropped
|
||
Chrome Cache Entry: 134
|
Unicode text, UTF-8 (with BOM) text, with very long lines (31444), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 135
|
ASCII text, with very long lines (65451)
|
downloaded
|
||
Chrome Cache Entry: 136
|
ASCII text, with very long lines (572)
|
dropped
|
||
Chrome Cache Entry: 137
|
Unicode text, UTF-8 (with BOM) text, with very long lines (65532), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 138
|
ASCII text, with very long lines (39553)
|
downloaded
|
||
Chrome Cache Entry: 139
|
Unicode text, UTF-8 (with BOM) text, with very long lines (704), with no line terminators
|
dropped
|
There are 36 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=2020,i,17856063402612142213,5279298645434871693,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ceamse.sixon.com.ar:443/CEAMSE_OFICINA_VIRTUAL_PROD/com.ceamseoficinavirtual.usuarioreestablececontrasena?dYGxvk7ZP01PA9Vs/AdNmg=="
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://ceamse.sixon.com.ar:443/CEAMSE_OFICINA_VIRTUAL_PROD/com.ceamseoficinavirtual.usuarioreestablececontrasena?dYGxvk7ZP01PA9Vs/AdNmg==
|
|||
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/com.ceamseoficinavirtual.usuarioreestablececontrasena?gxevent=8722e2ea52fd44f599d35d1534485d8e06820f9acc2be7f87c2d392b5184cafb&dYGxvk7ZP01PA9Vs/AdNmg==&gx-no-cache=1728567751743
|
186.189.231.215
|
||
https://ceamse.sixon.com.ar/favicon.ico
|
186.189.231.215
|
||
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/static/DVelop/Bootstrap/Shared/fontawesome_v5/css/all.min.css?202373116571723
|
186.189.231.215
|
||
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/static/DVelop/Mask/jquery.mask.js?202373116571723
|
186.189.231.215
|
||
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/static/Resources/GLMsuit.png
|
186.189.231.215
|
||
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/static/Resources/Spanish/Poppins-Regular.ttf
|
186.189.231.215
|
||
https://github.com/silviomoreto/bootstrap-select/blob/master/LICENSE)
|
unknown
|
||
https://getbootstrap.com/)
|
unknown
|
||
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/static/DVelop/DVMessage/DVMessage.css?202373116571723
|
186.189.231.215
|
||
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/static/DVelop/Bootstrap/Panel/BootstrapPanelRender.js?202373116571723
|
186.189.231.215
|
||
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/static/usuarioreestablececontrasena.js?20233161415526
|
186.189.231.215
|
||
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/static/DVelop/Shared/WorkWithPlusCommon.js?202373116571723
|
186.189.231.215
|
||
https://fontawesome.com/license/free
|
unknown
|
||
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/static/DVelop/Bootstrap/Shared/fontawesome_v5/css/fontawesome.min.css?202373116571723
|
186.189.231.215
|
||
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/static/Resources/Spanish/WorkWithPlusTheme.css?202373116571723
|
186.189.231.215
|
||
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/static/DVelop/DVMessage/pnotify.custom.js?202373116571723
|
186.189.231.215
|
||
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/static/DVelop/WorkWithPlusUtilities/BootstrapSelect.js?202373116571723
|
186.189.231.215
|
||
https://fontawesome.com
|
unknown
|
||
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/static/gxgral.js?154974
|
186.189.231.215
|
||
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/com.ceamseoficinavirtual.usuarioreestablececontrasena?gxevent=8722e2ea52fd44f599d35d1534485d8e06820f9acc2be7f87c2d392b5184cafb&dYGxvk7ZP01PA9Vs/AdNmg==&gx-no-cache=1728567737426
|
186.189.231.215
|
||
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/static/jquery.js?154974
|
186.189.231.215
|
||
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/static/gxcfg.js?20233161415440
|
186.189.231.215
|
||
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/static/bootstrap/css/bootstrap.min.css?202373116571723
|
186.189.231.215
|
||
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/static/bootstrap/js/bootstrap.min.js?202373116571723
|
186.189.231.215
|
||
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/static/DVelop/Bootstrap/Shared/DVelopBootstrap.css?202373116571723
|
186.189.231.215
|
||
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/static/DVelop/Bootstrap/Shared/DVelopBootstrap.js?202373116571723
|
186.189.231.215
|
||
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/static/DVelop/WorkWithPlusUtilities/WorkWithPlusUtilitiesRender.js?202373116571723
|
186.189.231.215
|
||
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/com.ceamseoficinavirtual.usuarioreestablececontrasena?gxevent=8722e2ea52fd44f599d35d1534485d8e06820f9acc2be7f87c2d392b5184cafb&dYGxvk7ZP01PA9Vs/AdNmg==&gx-no-cache=1728567792323
|
186.189.231.215
|
||
https://github.com/twbs/bootstrap/blob/master/LICENSE)
|
unknown
|
||
https://wiki.genexus.com/commwiki/wiki?49859
|
unknown
|
||
https://indiantypefoundry.comThis
|
unknown
|
||
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/static/DVelop/DVMessage/DVMessageRender.js?202373116571723
|
186.189.231.215
|
||
http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL
|
unknown
|
||
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/static/messages.spa.js?202373116571723
|
186.189.231.215
|
||
http://silviomoreto.github.io/bootstrap-select)
|
unknown
|
||
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/com.ceamseoficinavirtual.usuarioreestablececontrasena?dYGxvk7ZP01PA9Vs/AdNmg==
|
|||
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/DVelop/Bootstrap/Shared/fontawesome_v5/css/v4-shims.min.css
|
186.189.231.215
|
There are 27 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
ceamse.sixon.com.ar
|
186.189.231.215
|
||
www.google.com
|
142.250.181.228
|
||
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
239.255.255.250
|
unknown
|
Reserved
|
||
142.250.181.228
|
www.google.com
|
United States
|
||
192.168.2.7
|
unknown
|
unknown
|
||
192.168.2.9
|
unknown
|
unknown
|
||
186.189.231.215
|
ceamse.sixon.com.ar
|
Argentina
|
||
192.168.2.5
|
unknown
|
unknown
|
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/com.ceamseoficinavirtual.usuarioreestablececontrasena?dYGxvk7ZP01PA9Vs/AdNmg==
|
||
https://ceamse.sixon.com.ar/CEAMSE_OFICINA_VIRTUAL_PROD/com.ceamseoficinavirtual.usuarioreestablececontrasena?dYGxvk7ZP01PA9Vs/AdNmg==
|