Loading ...

Play interactive tourEdit tour

Analysis Report https://atendiendochagas.mundosano.org//kcontrol-inti/continue/new

Overview

General Information

Sample URL:https://atendiendochagas.mundosano.org//kcontrol-inti/continue/new
Analysis ID:383547
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Yara detected HtmlPhish6
Phishing site detected (based on image similarity)
Phishing site detected (based on logo template match)
HTML body contains low number of good links
HTML title does not match URL

Classification

Startup

  • System is w10x64
  • iexplore.exe (PID: 5380 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 5464 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5380 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\s[1].htmJoeSecurity_HtmlPhish_6Yara detected HtmlPhish_6Joe Security

    Sigma Overview

    No Sigma rule has matched

    Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Antivirus / Scanner detection for submitted sampleShow sources
    Source: https://atendiendochagas.mundosano.org//kcontrol-inti/continue/newSlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering
    Antivirus detection for URL or domainShow sources
    Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=dac088a708ae6303fab42af7ef5531da1c58854508a7ef4c78411292b1e75356777ff42bSlashNext: Label: Fake Login Page type: Phishing & Social Engineering

    Phishing:

    barindex
    Yara detected HtmlPhish6Show sources
    Source: Yara matchFile source: 445817.pages.csv, type: HTML
    Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\s[1].htm, type: DROPPED
    Phishing site detected (based on image similarity)Show sources
    Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/files/logo.pngMatcher: Found strong image similarity, brand: MicrosoftJump to dropped file
    Phishing site detected (based on logo template match)Show sources
    Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=dac088a708ae6303fab42af7ef5531da1c58854508a7ef4c78411292b1e75356777ff42bMatcher: Template: microsoft matched
    Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=dac088a708ae6303fab42af7ef5531da1c58854508a7ef4c78411292b1e75356777ff42bHTTP Parser: Number of links: 0
    Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=dac088a708ae6303fab42af7ef5531da1c58854508a7ef4c78411292b1e75356777ff42bHTTP Parser: Number of links: 0
    Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=dac088a708ae6303fab42af7ef5531da1c58854508a7ef4c78411292b1e75356777ff42bHTTP Parser: Title: Validation does not match URL
    Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=dac088a708ae6303fab42af7ef5531da1c58854508a7ef4c78411292b1e75356777ff42bHTTP Parser: Title: Validation does not match URL
    Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=dac088a708ae6303fab42af7ef5531da1c58854508a7ef4c78411292b1e75356777ff42bHTTP Parser: No <meta name="author".. found
    Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=dac088a708ae6303fab42af7ef5531da1c58854508a7ef4c78411292b1e75356777ff42bHTTP Parser: No <meta name="author".. found
    Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=dac088a708ae6303fab42af7ef5531da1c58854508a7ef4c78411292b1e75356777ff42bHTTP Parser: No <meta name="copyright".. found
    Source: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=dac088a708ae6303fab42af7ef5531da1c58854508a7ef4c78411292b1e75356777ff42bHTTP Parser: No <meta name="copyright".. found
    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll
    Source: unknownHTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.7:49701 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.7:49702 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.7:49719 version: TLS 1.2
    Source: msapplication.xml0.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x99404761,0x01d72c37</date><accdate>0x99404761,0x01d72c37</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
    Source: msapplication.xml0.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x99404761,0x01d72c37</date><accdate>0x99404761,0x01d72c37</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
    Source: msapplication.xml5.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x9942a99c,0x01d72c37</date><accdate>0x9942a99c,0x01d72c37</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
    Source: msapplication.xml5.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x9942a99c,0x01d72c37</date><accdate>0x9942a99c,0x01d72c37</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
    Source: msapplication.xml7.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x99476e5c,0x01d72c37</date><accdate>0x99476e5c,0x01d72c37</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
    Source: msapplication.xml7.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x99476e5c,0x01d72c37</date><accdate>0x9949d0d8,0x01d72c37</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
    Source: unknownDNS traffic detected: queries for: atendiendochagas.mundosano.org
    Source: msapplication.xml.1.drString found in binary or memory: http://www.amazon.com/
    Source: msapplication.xml1.1.drString found in binary or memory: http://www.google.com/
    Source: msapplication.xml2.1.drString found in binary or memory: http://www.live.com/
    Source: msapplication.xml3.1.drString found in binary or memory: http://www.nytimes.com/
    Source: msapplication.xml4.1.drString found in binary or memory: http://www.reddit.com/
    Source: msapplication.xml5.1.drString found in binary or memory: http://www.twitter.com/
    Source: msapplication.xml6.1.drString found in binary or memory: http://www.wikipedia.com/
    Source: msapplication.xml7.1.drString found in binary or memory: http://www.youtube.com/
    Source: new[1].htm.2.drString found in binary or memory: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/
    Source: {C3606EEE-982A-11EB-90E6-ECF4BB82F7E0}.dat.1.drString found in binary or memory: https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998
    Source: css[1].css0.2.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhv.woff)
    Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
    Source: unknownHTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.7:49701 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.7:49702 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 162.246.16.250:443 -> 192.168.2.7:49719 version: TLS 1.2
    Source: classification engineClassification label: mal72.phis.win@3/22@2/1
    Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C3606EEC-982A-11EB-90E6-ECF4BB82F7E0}.datJump to behavior
    Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user~1\AppData\Local\Temp\~DF0C8A3AED52636A93.TMPJump to behavior
    Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
    Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
    Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5380 CREDAT:17410 /prefetch:2
    Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5380 CREDAT:17410 /prefetch:2
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection1Masquerading1OS Credential DumpingFile and Directory Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    https://atendiendochagas.mundosano.org//kcontrol-inti/continue/new0%Avira URL Cloudsafe
    https://atendiendochagas.mundosano.org//kcontrol-inti/continue/new100%SlashNextFake Login Page type: Phishing & Social Engineering

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=dac088a708ae6303fab42af7ef5531da1c58854508a7ef4c78411292b1e75356777ff42b100%SlashNextFake Login Page type: Phishing & Social Engineering
    https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e98009980%Avira URL Cloudsafe
    http://www.wikipedia.com/0%URL Reputationsafe
    http://www.wikipedia.com/0%URL Reputationsafe
    http://www.wikipedia.com/0%URL Reputationsafe
    https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    atendiendochagas.mundosano.org
    162.246.16.250
    truefalse
      unknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=dac088a708ae6303fab42af7ef5531da1c58854508a7ef4c78411292b1e75356777ff42btrue
      • SlashNext: Fake Login Page type: Phishing & Social Engineering
      unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/?signin=d41d8cd98f00b204e9800998{C3606EEE-982A-11EB-90E6-ECF4BB82F7E0}.dat.1.drfalse
      • Avira URL Cloud: safe
      unknown
      http://www.wikipedia.com/msapplication.xml6.1.drfalse
      • URL Reputation: safe
      • URL Reputation: safe
      • URL Reputation: safe
      unknown
      http://www.amazon.com/msapplication.xml.1.drfalse
        high
        http://www.nytimes.com/msapplication.xml3.1.drfalse
          high
          https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/new[1].htm.2.drfalse
          • Avira URL Cloud: safe
          unknown
          http://www.live.com/msapplication.xml2.1.drfalse
            high
            http://www.reddit.com/msapplication.xml4.1.drfalse
              high
              http://www.twitter.com/msapplication.xml5.1.drfalse
                high
                http://www.youtube.com/msapplication.xml7.1.drfalse
                  high

                  Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public

                  IPDomainCountryFlagASNASN NameMalicious
                  162.246.16.250
                  atendiendochagas.mundosano.orgUnited States
                  19318IS-AS-1USfalse

                  General Information

                  Joe Sandbox Version:31.0.0 Emerald
                  Analysis ID:383547
                  Start date:07.04.2021
                  Start time:22:24:10
                  Joe Sandbox Product:CloudBasic
                  Overall analysis duration:0h 3m 9s
                  Hypervisor based Inspection enabled:false
                  Report type:light
                  Cookbook file name:browseurl.jbs
                  Sample URL:https://atendiendochagas.mundosano.org//kcontrol-inti/continue/new
                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                  Number of analysed new started processes analysed:17
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Detection:MAL
                  Classification:mal72.phis.win@3/22@2/1
                  Cookbook Comments:
                  • Adjust boot time
                  • Enable AMSI
                  Warnings:
                  Show All
                  • Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, SgrmBroker.exe, svchost.exe
                  • TCP Packets have been reduced to 100
                  • Excluded IPs from analysis (whitelisted): 104.42.151.234, 104.43.193.48, 23.54.113.53, 23.60.220.29, 172.217.168.10, 13.88.21.125, 95.100.144.120, 20.82.210.154, 152.199.19.161, 23.10.249.26, 23.10.249.43, 23.10.249.49, 23.10.249.16
                  • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, e12564.dspb.akamaiedge.net, go.microsoft.com, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, fonts.googleapis.com, fs.microsoft.com, ie9comview.vo.msecnd.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, skypedataprdcolcus15.cloudapp.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolwus16.cloudapp.net, skypedataprdcolwus15.cloudapp.net, cs9.wpc.v0cdn.net
                  • VT rate limit hit for: https://atendiendochagas.mundosano.org//kcontrol-inti/continue/new

                  Simulations

                  Behavior and APIs

                  No simulations

                  Joe Sandbox View / Context

                  IPs

                  No context

                  Domains

                  No context

                  ASN

                  No context

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  No context

                  Created / dropped Files

                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C3606EEC-982A-11EB-90E6-ECF4BB82F7E0}.dat
                  Process:C:\Program Files\internet explorer\iexplore.exe
                  File Type:Microsoft Word Document
                  Category:dropped
                  Size (bytes):30296
                  Entropy (8bit):1.8550934154288192
                  Encrypted:false
                  SSDEEP:192:rtZyZn2KW5t7mif3AmqmzMHmymBYmMmD1msfzAmzmjX:rDu2Jr76qb3s
                  MD5:DE8E5BFA31693771634DE34C26AEDCC2
                  SHA1:A3EA0A9F30B2A9D87F0213D4445BC1532D843C72
                  SHA-256:2D1181E7AE41B2007798E0C4CDDF1052625ABED89C0ED207B994BEBE9419F3A7
                  SHA-512:10E1740D871014158BE6443230A21D8CF44C23F2C953713D4A08DD43FAB03A40A44D06030523CEC59CFC2C5AD42700DAF4A1088EBD9D2E713D9A886D42A21751
                  Malicious:false
                  Reputation:low
                  Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C3606EEE-982A-11EB-90E6-ECF4BB82F7E0}.dat
                  Process:C:\Program Files\internet explorer\iexplore.exe
                  File Type:Microsoft Word Document
                  Category:dropped
                  Size (bytes):28992
                  Entropy (8bit):2.006501404335248
                  Encrypted:false
                  SSDEEP:96:rzZUQ86OBSLjB2ZWyMKGyOoRp+WOoRfAtOoRwOoRiOoRfOoR3JK4r:rzZUQ86OkLjB2ZWyMKGiTMK4r
                  MD5:5A40838FCC1C1ED205118F1718317B54
                  SHA1:112E5FC8241AFA4E829A8A945B87314A4ED772F0
                  SHA-256:AC715092E0A48A4C0BFA35D333EE243184B89DD9BD724A7540199F62DC2608CA
                  SHA-512:07558C413CB6BC1E4C88CDABCB60E437618B2701B94A16FB6F562421BD976518FDA6F9C5E2007E3E7DC746BC0A1B076D62142DE84C3758D5E3C103C75A21CB6E
                  Malicious:false
                  Reputation:low
                  Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C3606EEF-982A-11EB-90E6-ECF4BB82F7E0}.dat
                  Process:C:\Program Files\internet explorer\iexplore.exe
                  File Type:Microsoft Word Document
                  Category:dropped
                  Size (bytes):16984
                  Entropy (8bit):1.5660667465118974
                  Encrypted:false
                  SSDEEP:48:Iw2GcprbGwpaCG4pQuGrapbSI9GQpK2G7HpRoTGIpG:rqZ1Qy6gBSIHAhTsA
                  MD5:68D1743871C58D66B83ECCC6366D31D2
                  SHA1:53A656634D873573EDDCE0132D110F40B510B079
                  SHA-256:B66FA17BA3F7D98FC4EE706C9A6A69CB17F14AC2C1167727E0B3C61E64F2A3EA
                  SHA-512:FAC2E9C2D14AA06F93CA5DD22933B3D1DED5BDF8C1C4F7E91A57CA1E36801CC2488CDB6549596DD6C8A9A4ED148D16D97B10E67475FF9928D15B4B9B8636CB67
                  Malicious:false
                  Reputation:low
                  Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
                  Process:C:\Program Files\internet explorer\iexplore.exe
                  File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                  Category:dropped
                  Size (bytes):660
                  Entropy (8bit):5.10039813150491
                  Encrypted:false
                  SSDEEP:12:TMHdNMNxOEBCAnWimI002EtM3MHdNMNxOEBCAnWimI00OYVbkEtMb:2d6NxOcSZHKd6NxOcSZ7xb
                  MD5:7159783FD49F666D917B9B3D1B670CAB
                  SHA1:F14B110853A3F4FA4E4590B719835B2C0E0D509E
                  SHA-256:DD23553C1D042DE026FAD0E786C5737CF6CCD492B6E4D1240887C3C2230C63D7
                  SHA-512:C60470456DCFAC95C2BD956B611D3EA0DEC98CB9EAB79664D70F683D0864FA3E5A36C8A0E0D1BD1347679C69936AA502FD62887B8EDA68A8B1B0272B4AE1AEE6
                  Malicious:false
                  Reputation:low
                  Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x9942a99c,0x01d72c37</date><accdate>0x9942a99c,0x01d72c37</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x9942a99c,0x01d72c37</date><accdate>0x9942a99c,0x01d72c37</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..
                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
                  Process:C:\Program Files\internet explorer\iexplore.exe
                  File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                  Category:dropped
                  Size (bytes):657
                  Entropy (8bit):5.1569581672150955
                  Encrypted:false
                  SSDEEP:12:TMHdNMNxe2kEbvbAnWimI002EtM3MHdNMNxe2kEbvV4AnWimI00OYkak6EtMb:2d6Nxr5jESZHKd6Nxr5LVVSZ7Ja7b
                  MD5:E31BA8E817FBB57DB944AAB6CA17CC56
                  SHA1:427A12479D7AFBC207F5F167034CF9BEFD8A6F6E
                  SHA-256:9D8E8E9DC795AE6FF5FD366DBD2DD62E54F0E7CC8875DE1A09C8207255604CF5
                  SHA-512:024A5FCFB114C13083FFD415B6F67BBCE258D7FE32DC78334ACA695F37634289A5B3BD8A644072391CEF18901C20FDD01526A0CC7DD53F5829E2728234DDF271
                  Malicious:false
                  Reputation:low
                  Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x993b8284,0x01d72c37</date><accdate>0x993b8284,0x01d72c37</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x993b8284,0x01d72c37</date><accdate>0x993de4e9,0x01d72c37</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..
                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
                  Process:C:\Program Files\internet explorer\iexplore.exe
                  File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                  Category:dropped
                  Size (bytes):666
                  Entropy (8bit):5.102934179382578
                  Encrypted:false
                  SSDEEP:12:TMHdNMNxvL29AnWimI002EtM3MHdNMNxvL29AnWimI00OYmZEtMb:2d6Nxv3SZHKd6Nxv3SZ7Zb
                  MD5:C2EDCC1FDD3652033D90B2040C793DAB
                  SHA1:B7CA8AF01ABED3B2F99F2272E487E2985C019366
                  SHA-256:23F68CE9A8052959F678B1E672573E28740058EBDA801DEC2DE36ED6CA2224CC
                  SHA-512:DFE18BC0B076BBCF1D9296A31CE538FFCF8F4A7B094FD5F2FE0724F0FF7D7A6C245ECD0D85CBD2757E43A9F5D40C9F4EC1019A0A48D7B3B63E93A5CC707FC4B1
                  Malicious:false
                  Reputation:low
                  Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x99450c0a,0x01d72c37</date><accdate>0x99450c0a,0x01d72c37</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x99450c0a,0x01d72c37</date><accdate>0x99450c0a,0x01d72c37</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..
                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
                  Process:C:\Program Files\internet explorer\iexplore.exe
                  File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                  Category:dropped
                  Size (bytes):651
                  Entropy (8bit):5.139968750737814
                  Encrypted:false
                  SSDEEP:12:TMHdNMNxiZGAnWimI002EtM3MHdNMNxiZGAnWimI00OYd5EtMb:2d6NxmSZHKd6NxmSZ7qjb
                  MD5:52738D1D8965733D37D3A0CBEFE8E1B1
                  SHA1:BC272D16E79CAA0DF9271E3D5CAB95EFC9F7FF69
                  SHA-256:3AD45CD5D69F8FB692510CC89C808F0F6239A24CF5219A204A81A0CB3A365580
                  SHA-512:8ECEEAE6CF1DF1CEEEBEC9E881DD41A6605EE93228E9479014515BFF7D6347B2B1561E727C21D4A14132459264014121C7A0A4AB1D3130369421954DE84C139C
                  Malicious:false
                  Reputation:low
                  Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x99404761,0x01d72c37</date><accdate>0x99404761,0x01d72c37</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x99404761,0x01d72c37</date><accdate>0x99404761,0x01d72c37</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..
                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
                  Process:C:\Program Files\internet explorer\iexplore.exe
                  File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                  Category:modified
                  Size (bytes):660
                  Entropy (8bit):5.154851781146405
                  Encrypted:false
                  SSDEEP:12:TMHdNMNxhGwSoRoAnWimI002EtM3MHdNMNxhGwSoTAnWimI00OY8K075EtMb:2d6NxQ0SZHKd6NxQjSZ7RKajb
                  MD5:F44A48C75D35C1D3F920248D554DF54D
                  SHA1:97FD55B983DD17E3C6AAE535A4E14A3CB2812B4C
                  SHA-256:F4B392BD81FF38852708BCC3F07E9DC4D8FAB680366887757D6117EC91DE43F9
                  SHA-512:1C112C0EA4DE6A5490FCFA04E0AF4F739F3F399A02AEF3C5C2DB4A15945A7A52BD907F29574EC215044E7512FABCA10FA16A20A5F308924BA2EF01C9E32E0316
                  Malicious:false
                  Reputation:low
                  Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x99476e5c,0x01d72c37</date><accdate>0x99476e5c,0x01d72c37</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x99476e5c,0x01d72c37</date><accdate>0x9949d0d8,0x01d72c37</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..
                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
                  Process:C:\Program Files\internet explorer\iexplore.exe
                  File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                  Category:dropped
                  Size (bytes):657
                  Entropy (8bit):5.103880991190365
                  Encrypted:false
                  SSDEEP:12:TMHdNMNx0nBCAnWimI002EtM3MHdNMNx0nBCAnWimI00OYxEtMb:2d6Nx09SZHKd6Nx09SZ7+b
                  MD5:2EED03FFEE6DDC439450957F74197100
                  SHA1:63694536E30996DA484D87193B66DB6CB9A6BC2B
                  SHA-256:9DBCD871DB6AE369EA6ED38F7D86404A034539EEDFD3888DB58D228CFF27433A
                  SHA-512:30D098792E5973E8B1A3F4117407128602D40834F45DA2B923EE4F9A890AF3A8DEBAB66F4EB72B20B1C9099221C3B14221E4F5584C6560B1B7800E524A232ED2
                  Malicious:false
                  Reputation:low
                  Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x9942a99c,0x01d72c37</date><accdate>0x9942a99c,0x01d72c37</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x9942a99c,0x01d72c37</date><accdate>0x9942a99c,0x01d72c37</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..
                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
                  Process:C:\Program Files\internet explorer\iexplore.exe
                  File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                  Category:dropped
                  Size (bytes):660
                  Entropy (8bit):5.140496428753249
                  Encrypted:false
                  SSDEEP:12:TMHdNMNxxBCAnWimI002EtM3MHdNMNxxBCAnWimI00OY6Kq5EtMb:2d6NxXSZHKd6NxXSZ7Xb
                  MD5:37D9F354275B04CEA1D6D8E30C5FE4D0
                  SHA1:87B5F08522C8632107E1702856AE3BCA6965930B
                  SHA-256:2DCBB0F2257CF746AADEB99C116884FA332111BF151D900E2B47DD3C88E38655
                  SHA-512:C3605389C11F4E66993EE3CB1EDDBDC3D37D33C0A26B84D9C1A369A75D164492D221D1CD6A321A03C652A09CDBD9E79B6290C99F3BB808BBA86917408FC1BC20
                  Malicious:false
                  Reputation:low
                  Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x9942a99c,0x01d72c37</date><accdate>0x9942a99c,0x01d72c37</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x9942a99c,0x01d72c37</date><accdate>0x9942a99c,0x01d72c37</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..
                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
                  Process:C:\Program Files\internet explorer\iexplore.exe
                  File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                  Category:dropped
                  Size (bytes):663
                  Entropy (8bit):5.139221867009438
                  Encrypted:false
                  SSDEEP:12:TMHdNMNxcZGAnWimI002EtM3MHdNMNxcZGAnWimI00OYVEtMb:2d6NxASZHKd6NxASZ7Gb
                  MD5:75BF8AB533CFC2B93CFD1433C032CF8A
                  SHA1:B0DA5A93B7C48D227830A006D1CECDD271F0F0B2
                  SHA-256:EBF203DA7123207BB9E495D2F86C28CE3667A3F1348BADC8B4F8A9C57AD0AE1C
                  SHA-512:9BF654B6F51C2C9CA64FB9DD2270160635C19ED9D8FDA90B559F64F19577594A16EF739C9547D61AB3219BBCC3C0B4E91F095919BB1731C80B011CAD229271B4
                  Malicious:false
                  Reputation:low
                  Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x99404761,0x01d72c37</date><accdate>0x99404761,0x01d72c37</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x99404761,0x01d72c37</date><accdate>0x99404761,0x01d72c37</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..
                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
                  Process:C:\Program Files\internet explorer\iexplore.exe
                  File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                  Category:dropped
                  Size (bytes):657
                  Entropy (8bit):5.125202793229289
                  Encrypted:false
                  SSDEEP:12:TMHdNMNxfnZGAnWimI002EtM3MHdNMNxfnZGAnWimI00OYe5EtMb:2d6NxhSZHKd6NxhSZ7Fjb
                  MD5:BD05CF669BF6BB1F4E4216C3B6D0C652
                  SHA1:C59056EB6E450C0CAD2F159334D0CE968C0117C6
                  SHA-256:D96D6DC3A94EE87C74687C63B793026D2C0D64252B6079ABC4BDF8CA36A0140E
                  SHA-512:C34C5987EC79136EA4534A6C8407E15BC5631F08A1A54A336F37972228D2520C893D6BEEC455C215878424A6C28CEB3B2FB0C922C3EEFA07FABAA42171856F7D
                  Malicious:false
                  Reputation:low
                  Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x99404761,0x01d72c37</date><accdate>0x99404761,0x01d72c37</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x99404761,0x01d72c37</date><accdate>0x99404761,0x01d72c37</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\css[1].css
                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                  File Type:ASCII text, with very long lines, with CRLF line terminators
                  Category:downloaded
                  Size (bytes):15526
                  Entropy (8bit):5.721275823828831
                  Encrypted:false
                  SSDEEP:384:Ox5T7PuUyxgg2Ctjo/kohz2YDDD1fSCRdVI37Sm9:OjT7GDxgg2GE/kohz2YDDD1fS8oh9
                  MD5:63DF83784CADD3A339B776520600C21A
                  SHA1:69BB829612F3E3CB2F521323945C9284A2B0DCDE
                  SHA-256:2EE69AEF3AFB10B368BDE9FEA7E97CC75C030C890E3D2B8DC4AD19D498234DBF
                  SHA-512:FC1C4F31A0817471D1D2CA8ADEA7F3C39B67B0EA688CC58EB4F6C68F5F6558E236B9D3D2D8BA95EE296CFBF3C0197CE54DFECADBCCCE1B7497542FEE291441D5
                  Malicious:false
                  Reputation:low
                  IE Cache URL:https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/files/css.css
                  Preview: html {...line-height: 1.15;...-ms-text-size-adjust: 100%;...-webkit-text-size-adjust: 100%..}..body {...height: 100%;...margin: 0..}..article, aside, footer, header, nav, section {...display: block..}..h1 {...font-size: 2em;...margin: .67em 0..}..figcaption, figure, main {...display: block..}..figure {...margin: 1em 40px..}..hr {...box-sizing: content-box;...height: 0;...overflow: visible..}..pre {...font-family: monospace, monospace;...font-size: 1em..}..a {...background-color: transparent;...-webkit-text-decoration-skip: objects..}..abbr[title] {...border-bottom: none;...text-decoration: underline;...text-decoration: underline dotted..}..b, strong {...font-weight: inherit..}..b, strong {...font-weight: bolder..}..code, kbd, samp {...font-family: monospace, monospace;...font-size: 1em..}..dfn {...font-style: italic..}..mark {...background-color: #ff0;...color: #000..}..small {...font-size: 80%..}..sub, sup {...font-size: 75%;...line-height: 0;...position: relative;...vertical-align: b
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\logo[1].png
                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                  File Type:PNG image data, 226 x 48, 8-bit/color RGBA, non-interlaced
                  Category:downloaded
                  Size (bytes):3331
                  Entropy (8bit):7.927896166439245
                  Encrypted:false
                  SSDEEP:96:zHjOKn3csE3x5liVsCo4GcPIZpV6x5cge8oo9:zDOK3zE3x5TCwcP4LQNeq
                  MD5:EF884BDEDEF280DF97A4C5604058D8DB
                  SHA1:6F04244B51AD2409659E267D308B97E09CE9062B
                  SHA-256:825DE044D5AC6442A094FF95099F9F67E9249A8110A2FBD57128285776632ADB
                  SHA-512:A083381C53070B65B3B8A7A7293D5D2674D2F6EC69C0E19748823D3FDD6F527E8D3D31D311CCEF8E26FC531770F101CDAF95F23ECC990DB405B5EF48B0C91BA2
                  Malicious:false
                  Reputation:low
                  IE Cache URL:https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/files/logo.png
                  Preview: .PNG........IHDR.......0............sRGB.........IDATx..=w....G.z..L.4fN.k\dS..._`..........r...~.F..e._.RZ.0.K.\..CB...1.{qq/..^|.G..o.......?....Or.......y~....]..V.a.mM...M.\k*H..@B`s.$"n...)!.@"b#4. !.9...7.u...hD ....T.........:EJ.4"..X........<|.pgkk+....>~.....pju1i"b.J.&!.!...=T....k..D7.....O.<.?}......./..(.`0..!.C..'.?..e..~.....l6...._.x1rmR...$|E...l.WKDH...f..... ...Y.0R....>...{...-..o........,...E../......_....eM.Q....@Q...w sp5.9..l.W)...Pq... .]..B..).../M.G.g....].V...5$<......Eb.9.....>LYAk.Z.k..b..]N%>}4a....4!S...t..d..<.8AH+.../r...._...!qt.:q..fR.:..KW.._...T...5..>.0!.hq.rbND\...XR.,2.uX..Q.b...wQ......g..X...F...~.....ikZE...UA....V.I!..]..Mm..R.....~k.VC.n..V.*B#W...\..yI.3.....2........6c....2J....,g..5O1.s.4V2.....f..K..Obf\....;.w...|.F>F>6_z..P.dU<.wVV......?.q.?&........O.>....l.S.upp....59.C_.......fJ.M.={v,......]Y_....n.?UF....v<.$..AD...p.....:$r =p...C.k.3....n.v..~.TGd!...l.W...s..
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\s[1].htm
                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                  File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                  Category:dropped
                  Size (bytes):17394
                  Entropy (8bit):3.324079896074607
                  Encrypted:false
                  SSDEEP:384:rKp84GZw7WZ1v5jBi1FnJICqWqjbTSIHaTPqsHkEiroLOweZnZq5fy6CJP:r+WfhjDUS
                  MD5:474A9980C4D204E7D4B593832B226BEA
                  SHA1:DBDB72D920A55C1AB76FDA122271C9986C8F9389
                  SHA-256:163589FCFF3F5D67836D8DF3EC13D11E561E93C25B9679D3BA92B98F9D34EABF
                  SHA-512:DFC58C88418F96A98009D0FF7BF626C5679A20BD63B0FE20C7B792D6EB95CD26C3206978DAB6DE70DA6CDDEAA612663C3972BAB5930DC84ADF1820F407A5EB14
                  Malicious:true
                  Yara Hits:
                  • Rule: JoeSecurity_HtmlPhish_6, Description: Yara detected HtmlPhish_6, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\s[1].htm, Author: Joe Security
                  Reputation:low
                  Preview: ..<script type="text/javascript">....document.write(unescape('%3c%6d%65%74%61%20%63%68%61%72%73%65%74%3d%22%55%54%46%2d%38%22%20%6e%61%6d%65%3d%22%76%69%65%77%70%6f%72%74%22%20%63%6f%6e%74%65%6e%74%3d%22%77%69%64%74%68%3d%64%65%76%69%63%65%2d%77%69%64%74%68%2c%20%69%6e%69%74%69%61%6c%2d%73%63%61%6c%65%3d%31%2e%30%2c%20%6d%61%78%69%6d%75%6d%2d%73%63%61%6c%65%3d%31%2e%30%2c%20%6d%69%6e%69%6d%75%6d%2d%73%63%61%6c%65%3d%31%2e%30%2c%20%75%73%65%72%2d%73%63%61%6c%61%62%6c%65%3d%6e%6f%22%3e%0d%0a%09%3c%74%69%74%6c%65%3e%56%61%6c%69%64%61%74%69%6f%6e%3c%2f%74%69%74%6c%65%3e%0d%0a%09%3c%6c%69%6e%6b%20%72%65%6c%3d%22%73%74%79%6c%65%73%68%65%65%74%20%70%72%65%66%65%74%63%68%22%20%68%72%65%66%3d%22%68%74%74%70%73%3a%2f%2f%66%6f%6e%74%73%2e%67%6f%6f%67%6c%65%61%70%69%73%2e%63%6f%6d%2f%63%73%73%3f%66%61%6d%69%6c%79%3d%4f%70%65%6e%2b%53%61%6e%73%3a%36%30%30%22%3e%0d%0a%09%3c%6c%69%6e%6b%20%72%65%6c%3d%22%73%74%79%6c%65%73%68%65%65%74%22%20%68%72%65%66%3d%22%2e%2f%66%69%6c%65%73%2f%63%73%73%2e%63%73%7
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\css[1].css
                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                  File Type:ASCII text
                  Category:downloaded
                  Size (bytes):188
                  Entropy (8bit):5.119072399147113
                  Encrypted:false
                  SSDEEP:3:0SYWFFWlIYCiF15RI5XwDKLRIHDfFTo/TfqzrZqcdJ2dTi8EuRlGlL+9JYARNin:0IFFm15+56ZTo/Tizlpd0celdJNin
                  MD5:4CFC4658F748E1FC67D2EA27F9B3692F
                  SHA1:82C520D112F48E337E99DF00067BFAA75D0F9CA2
                  SHA-256:ABC5A61E85F95E54C925FE9589099AD680912480E7C97052AF0496CBC6D111B8
                  SHA-512:BFDDD6D4E0225EF444FD621B2CC20D022C02E30AB3E8AACA197E8F6304AA95E8C253815C6DC329646E5F39BBAF0B953A0667B296D15AB6BCECE788D1BFDC614B
                  Malicious:false
                  Reputation:low
                  IE Cache URL:https://fonts.googleapis.com/css?family=Open+Sans:600
                  Preview: @font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 600;. src: url(https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhv.woff) format('woff');.}.
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\new[1].htm
                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                  File Type:HTML document, ASCII text
                  Category:dropped
                  Size (bytes):274
                  Entropy (8bit):5.103985734252342
                  Encrypted:false
                  SSDEEP:6:pn0+Dy9xwol6hEr6VX16hu9nPhoA2Lc+Q6Q+KqD:J0+ox0RJWWPh5ET
                  MD5:0E241B8D33B2AE011B112941747BA154
                  SHA1:1F027D10066871A789A960053D74B17B81843920
                  SHA-256:2F3D726E8D6811D028A298E3BF49D01FBC0D12AD6D91993EE16CA5BDEC111295
                  SHA-512:011C5578E3BEA4EBF8DE11F141F0044AEB7AF3608DB15B1545C4EF23A3B5B8187D7888978C76C87B48D1ED44DF28203D37395617F075254B8CE67D6D1EC7A9C8
                  Malicious:false
                  Reputation:low
                  Preview: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/">here</a>.</p>.</body></html>.
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\pdf[1].png
                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                  File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                  Category:downloaded
                  Size (bytes):6830
                  Entropy (8bit):7.849424154989951
                  Encrypted:false
                  SSDEEP:192:n6ND9AxRGozwHD0Ksf+GQUAU6Z0WoYGoKUcsgYRU:6xWRXwHmtfYGLUYIU
                  MD5:F1E3F187F7C23FA8D1555004F3800356
                  SHA1:E71E52A142E754399AE39EF38584789B66E9EA00
                  SHA-256:DB307FCEF7F95139689007D7A623B340EC21282BD421C4E4B2BA09078F230545
                  SHA-512:BD568B1C92D7C3B586E2EA7E9C47B08FD1171FF6615FA4F670F12950DC62315B58E6BB5336F50B111FF42B27558398DFF9715054A8E44F0A8B9CD1541F0BC07D
                  Malicious:false
                  Reputation:low
                  IE Cache URL:https://atendiendochagas.mundosano.org/kcontrol-inti/continue/new/s/files/pdf.png
                  Preview: .PNG........IHDR.............\r.f... cHRM..z&..............u0...`..:....p..Q<....bKGD.............7IDATx..K....j.[....{..&....V6....np3...-.. $.qF..0.a....a6y...........&D.g.#.........;..aC..q.5.k....n..SU.T...Oj.[..w......:.....Nz....P.0..,..................b`..X........`10..,..................b`..X......U.@...?...Dfs..S....''.....y.I.'q.s...^.9........u.~qnn.......p.........?\u..Pz..&.>.E....)O....zzz.?..k.q#...;0..`Y...jaA.....S.\HF...#"...".dY:.O./..@.C)........f.I...<..;o.9..0... ..B.....I..&`.4...|..1..9z...o.E...P..h...R..P.q...l....1....8....$..v.....q.q.j6.4555Vw.g..=:TJ......v\.6.%.).H(...._'.._.>.f...s].&.......j.U]..?2..-..rs....U.....7T0._.p..<.......*.4.".|S...C....L@=...Q..(,.^.S...`?@...f...1x......w.6.~....F......7....{.\....z..B.....d..;........F.&.... 3\.T........q..Fcq...9|.&....A.....<........{..L 3,. ..1a...!(.`- .F.ASK&px..<p...D...d....*W~g].........h.j.0.Y.....d...4dK. .F...`.Y`j..\.7SQ{_.f.AS.............\....S..
                  C:\Users\user\AppData\Local\Temp\datADBF.tmp
                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                  File Type:Web Open Font Format, TrueType, length 2532, version 2.24904
                  Category:dropped
                  Size (bytes):2532
                  Entropy (8bit):7.627755614174705
                  Encrypted:false
                  SSDEEP:48:WGMiY6elIk7QuaqrjRh4pi6j4fN6+XRsnBBpr+bes:WRBLlIoQuHfRh4pi6sfPGnDFs
                  MD5:10600F6B3D9C9BE2D2B2CE58D2C6508B
                  SHA1:421CA4369738433E33348785FE776A0C839605D5
                  SHA-256:29B7A9358ABDC68C51DB5A5AF4A4F4E2E041A67527ADEE2366B1F84F116FE9A5
                  SHA-512:B6C04F3068EB7DAC8F782BDED0FE815B4FE5A9BECCF0B561D6CEAEAA7365919A39710B2D1AD58D252330476AA836629B3C62C84FABFA6DC4BCF1C8F055D66C1C
                  Malicious:false
                  Reputation:low
                  Preview: wOFF..................aH....................OS/2...D...H...`1Wp.cmap.......I...b..ocvt ....... ...*....fpgm...........Y...gasp................glyf.............Whead.......2...6.tJ.hhea...........$....hmtx................loca.............X.hmaxp...,....... .y..name...L...........Mpost...D....... .Q.}prep...X........x...x.c`aog......:....Q.B3_dHc..`e.bdb... .`@..`.....,9.|...V...)00...C..x.c```f.`..F.......|... ........\..K..n.,..g`@.I|.8"vYl.....p...0..........x.c.b.e(`h`X.......x............x.]..N.@..s$..'@:!.u*C....K$.%%...J.......n..b.........|.s...|v..G*)V.7........!O.6eaL.yV.e.j..kN..M.h....Lm....-b....p.N.m.v.....U<..#...O.}.K..,V..&...^...L.c.x.....?ug..l9e..Ns.D....D...K........m..A.M....a.....g.P..`....d.............x..R.K.1...$....g-.B.Vq..m..Z..T..@\t.E...7X...:.).c... ].{.Q.[7'...`.^...&....{y<..N.....t...6..f....\.K1..Z}{.eA-..x.{....0P7p.....l........E...r....EVQ.....Q_.4.A.Z..;...PGs.o..Eo...{t...a.P.~...b,Dz.}.OXdp."d4."C.X..&,u.g.......r.c..j
                  C:\Users\user\AppData\Local\Temp\~DF0C8A3AED52636A93.TMP
                  Process:C:\Program Files\internet explorer\iexplore.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):13029
                  Entropy (8bit):0.479485450420285
                  Encrypted:false
                  SSDEEP:24:c9lLh9lLh9lIn9lIn9loZM9loZc9lWZBbrombrCxCTtrmtr1:kBqoIJf5Kx
                  MD5:5C0AC0636250073CE93D9DD787D58D00
                  SHA1:A7CA31F2BD2B48D5E49CBF969E3B59C9EE17F850
                  SHA-256:396A9E268D9B27823597EC611B129B01462A815336F1CABE4B715AD07F264E96
                  SHA-512:3115B289B76F148B9A012A1B9B809F3C3341CF73CA1DB638BD271D70D55B81E0E9C5BDEC5AAB2A51F663C3DC8A887D438501A9EBBE43428587DEC0EF5ED9E745
                  Malicious:false
                  Reputation:low
                  Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                  C:\Users\user\AppData\Local\Temp\~DF84AE2014754A9AC1.TMP
                  Process:C:\Program Files\internet explorer\iexplore.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):36945
                  Entropy (8bit):0.6975538010708361
                  Encrypted:false
                  SSDEEP:96:kBqoxKAuvScS+Ks2/s2yOoR2OoRfAtOoRwOoRiOoRfOoR3J:kBqoxKAuqR+Ks2/s2nM
                  MD5:74EFD3E9D2C6FE4B058DC72E76896418
                  SHA1:F68BA38663D6181285AF24C71275D117817F3D5C
                  SHA-256:488BA42393D6DA61E5FE32BDA072FA1F898763F0F58146FDB8B0B7562CDE4CDA
                  SHA-512:BCCC6BFA234E2DC26EF9C69D4E89393E41FD7370FD9D709E5BEB8D74DA6C447F066CE04B8C8039F7FB0A1E391A7DAEE8758F58B596F4A2C3DF92EE1B1A0057CD
                  Malicious:false
                  Reputation:low
                  Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                  C:\Users\user\AppData\Local\Temp\~DFC00841A423CB62E8.TMP
                  Process:C:\Program Files\internet explorer\iexplore.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):25441
                  Entropy (8bit):0.28823281702123504
                  Encrypted:false
                  SSDEEP:24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laALy:kBqoxxJhHWSVSEabL
                  MD5:092D7E610A7D2444D86C2A03D1A6BE1F
                  SHA1:ABA23AFB83C08D3E9EDCC9D96B647D1DA79E7147
                  SHA-256:6189650B5A12FD42AB6F092BAA8186F865F5FA3834262CA09D85479C0AE797DD
                  SHA-512:538B23B34902C462A2186539954C64F6976B750E92C6921261EF4CB0C4D3E95C4B2D6BC577939F77B8CCEA89CC48365B9BB3EA5E0C71D92CFD12859C6210927B
                  Malicious:false
                  Reputation:low
                  Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  Static File Info

                  No static file info

                  Network Behavior

                  Network Port Distribution

                  TCP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Apr 7, 2021 22:25:02.803908110 CEST49701443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:02.804637909 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:02.900243044 CEST44349701162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:02.900382996 CEST49701443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:02.901508093 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:02.901607037 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:02.905191898 CEST49701443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:02.905230999 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:02.999414921 CEST44349701162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:02.999509096 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.000035048 CEST44349701162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.000081062 CEST44349701162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.000118971 CEST44349701162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.000148058 CEST44349701162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.000152111 CEST49701443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.000214100 CEST49701443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.000452042 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.000494957 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.000529051 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.000530958 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.000566006 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.000569105 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.000586033 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.000622034 CEST44349701162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.000627995 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.000672102 CEST49701443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.001461029 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.001554966 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.061130047 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.061157942 CEST49701443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.068130016 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.156522989 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.156550884 CEST44349701162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.156773090 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.156829119 CEST49701443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.162779093 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.162923098 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.166805983 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.281956911 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.282067060 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.284018993 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.383361101 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.383409977 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.383438110 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.383461952 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.383479118 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.383502007 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.383519888 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.383526087 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.383533001 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.383557081 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.383560896 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.383589029 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.383595943 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.383614063 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.383640051 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.383661985 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.383670092 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.383686066 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.478012085 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.478069067 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.478106976 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.478138924 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.478543043 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.569895029 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.570595026 CEST49701443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.571397066 CEST49704443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.665355921 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.665446043 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.665503025 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.665527105 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.665553093 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.665560961 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.665561914 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.665620089 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.665628910 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.665678978 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.665680885 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.665733099 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.665741920 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.665790081 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.665791035 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.665842056 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.665851116 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.665898085 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.665905952 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.665957928 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.665960073 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.666011095 CEST44349702162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.666021109 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.666069031 CEST44349701162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.666069031 CEST49702443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.666117907 CEST44349701162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.666131020 CEST49701443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.666153908 CEST44349701162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.666168928 CEST49701443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.666182041 CEST44349704162.246.16.250192.168.2.7
                  Apr 7, 2021 22:25:03.666203022 CEST49701443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.666254044 CEST49704443192.168.2.7162.246.16.250
                  Apr 7, 2021 22:25:03.670964956 CEST49704443192.168.2.7162.246.16.250

                  UDP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Apr 7, 2021 22:24:54.761615992 CEST5084853192.168.2.78.8.8.8
                  Apr 7, 2021 22:24:54.775556087 CEST53508488.8.8.8192.168.2.7
                  Apr 7, 2021 22:24:55.741329908 CEST6124253192.168.2.78.8.8.8
                  Apr 7, 2021 22:24:55.755732059 CEST53612428.8.8.8192.168.2.7
                  Apr 7, 2021 22:24:56.113961935 CEST5856253192.168.2.78.8.8.8
                  Apr 7, 2021 22:24:56.133100033 CEST53585628.8.8.8192.168.2.7
                  Apr 7, 2021 22:24:56.742326975 CEST5659053192.168.2.78.8.8.8
                  Apr 7, 2021 22:24:56.755217075 CEST53565908.8.8.8192.168.2.7
                  Apr 7, 2021 22:24:57.540426016 CEST6050153192.168.2.78.8.8.8
                  Apr 7, 2021 22:24:57.555461884 CEST53605018.8.8.8192.168.2.7
                  Apr 7, 2021 22:24:59.556821108 CEST5377553192.168.2.78.8.8.8
                  Apr 7, 2021 22:24:59.570269108 CEST53537758.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:00.741045952 CEST5183753192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:00.754621029 CEST53518378.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:01.517672062 CEST5541153192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:01.536029100 CEST53554118.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:01.784631014 CEST6366853192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:01.797283888 CEST53636688.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:02.778403044 CEST5464053192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:02.793426037 CEST53546408.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:03.013202906 CEST5873953192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:03.026741982 CEST53587398.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:03.564996004 CEST6033853192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:03.579899073 CEST53603388.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:04.310107946 CEST5871753192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:05.313422918 CEST5871753192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:06.329313993 CEST5871753192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:06.342281103 CEST53587178.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:07.191740990 CEST5976253192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:07.204735994 CEST53597628.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:08.236819983 CEST5432953192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:08.249572039 CEST53543298.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:09.701212883 CEST5805253192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:09.715349913 CEST53580528.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:11.253549099 CEST5400853192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:11.266268015 CEST53540088.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:12.409290075 CEST5945153192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:12.427269936 CEST53594518.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:14.658430099 CEST5291453192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:14.672621965 CEST53529148.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:15.431289911 CEST6456953192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:15.443916082 CEST53645698.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:17.703018904 CEST5281653192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:17.741902113 CEST53528168.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:19.074870110 CEST5078153192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:19.087193012 CEST53507818.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:19.575822115 CEST5423053192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:19.593240976 CEST53542308.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:20.358319998 CEST5491153192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:20.374270916 CEST53549118.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:21.426752090 CEST4995853192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:21.441679955 CEST53499588.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:22.874264002 CEST5086053192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:22.888067007 CEST53508608.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:30.556335926 CEST5045253192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:30.570895910 CEST53504528.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:31.742228031 CEST5973053192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:31.760682106 CEST53597308.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:32.336644888 CEST5931053192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:32.350929976 CEST53593108.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:32.782896042 CEST5973053192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:32.794764996 CEST53597308.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:33.501506090 CEST5931053192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:33.515902042 CEST53593108.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:33.784322023 CEST5973053192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:33.802401066 CEST53597308.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:34.568212986 CEST5931053192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:34.582298040 CEST53593108.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:36.000508070 CEST5973053192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:36.013094902 CEST53597308.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:36.581214905 CEST5931053192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:36.594811916 CEST53593108.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:40.003423929 CEST5973053192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:40.017159939 CEST53597308.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:40.597229004 CEST5931053192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:40.610726118 CEST53593108.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:47.992827892 CEST5191953192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:48.011295080 CEST53519198.8.8.8192.168.2.7
                  Apr 7, 2021 22:25:48.745847940 CEST6429653192.168.2.78.8.8.8
                  Apr 7, 2021 22:25:48.768342972 CEST53642968.8.8.8192.168.2.7

                  DNS Queries

                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                  Apr 7, 2021 22:25:02.778403044 CEST192.168.2.78.8.8.80x400bStandard query (0)atendiendochagas.mundosano.orgA (IP address)IN (0x0001)
                  Apr 7, 2021 22:25:19.575822115 CEST192.168.2.78.8.8.80x11b7Standard query (0)atendiendochagas.mundosano.orgA (IP address)IN (0x0001)

                  DNS Answers

                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                  Apr 7, 2021 22:25:02.793426037 CEST8.8.8.8192.168.2.70x400bNo error (0)atendiendochagas.mundosano.org162.246.16.250A (IP address)IN (0x0001)
                  Apr 7, 2021 22:25:19.593240976 CEST8.8.8.8192.168.2.70x11b7No error (0)atendiendochagas.mundosano.org162.246.16.250A (IP address)IN (0x0001)

                  HTTPS Packets

                  TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                  Apr 7, 2021 22:25:03.000622034 CEST162.246.16.250443192.168.2.749701CN=atendiendochagas.mundosano.org CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBSun Mar 21 01:00:00 CET 2021 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004Sun Jun 20 01:59:59 CEST 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                  CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=USCN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBMon May 18 02:00:00 CEST 2015Sun May 18 01:59:59 CEST 2025
                  CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBThu Jan 01 01:00:00 CET 2004Mon Jan 01 00:59:59 CET 2029
                  Apr 7, 2021 22:25:03.001461029 CEST162.246.16.250443192.168.2.749702CN=atendiendochagas.mundosano.org CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBSun Mar 21 01:00:00 CET 2021 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004Sun Jun 20 01:59:59 CEST 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                  CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=USCN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBMon May 18 02:00:00 CEST 2015Sun May 18 01:59:59 CEST 2025
                  CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBThu Jan 01 01:00:00 CET 2004Mon Jan 01 00:59:59 CET 2029
                  Apr 7, 2021 22:25:19.800096035 CEST162.246.16.250443192.168.2.749719CN=atendiendochagas.mundosano.org CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBSun Mar 21 01:00:00 CET 2021 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004Sun Jun 20 01:59:59 CEST 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,037f463bf4616ecd445d4a1937da06e19
                  CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=USCN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBMon May 18 02:00:00 CEST 2015Sun May 18 01:59:59 CEST 2025
                  CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBThu Jan 01 01:00:00 CET 2004Mon Jan 01 00:59:59 CET 2029

                  Code Manipulations

                  Statistics

                  Behavior

                  Click to jump to process

                  System Behavior

                  General

                  Start time:22:25:00
                  Start date:07/04/2021
                  Path:C:\Program Files\internet explorer\iexplore.exe
                  Wow64 process (32bit):false
                  Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
                  Imagebase:0x7ff7cd130000
                  File size:823560 bytes
                  MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low

                  General

                  Start time:22:25:01
                  Start date:07/04/2021
                  Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                  Wow64 process (32bit):true
                  Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5380 CREDAT:17410 /prefetch:2
                  Imagebase:0x870000
                  File size:822536 bytes
                  MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low

                  Disassembly

                  Reset < >