Windows Analysis Report
https://w2globaldata.cabildodeagayu.com/1/?e=bGVzLmZyZWVsYW5kQHcyZ2xvYmFsZGF0YS5jb20=

Overview

General Information

Sample URL:	https://w2globaldata.cabildodeagayu.com/1/?e=bGVzLmZyZWVsYW5kQHcyZ2xvYmFsZGF0YS5jb20=
Analysis ID:	626007

Detection

HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish10

Yara detected Captcha Phish

Phishing site detected (based on image similarity)

HTML body contains low number of good links

Invalid T&C link found

Suspicious form URL found

No HTML title found

Classification

Signatures

Phishing

Phishing site detected (based on favicon image match)

Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php

Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish10

Source: Yara match

File source: 67398.3.pages.csv, type: HTML

Yara detected Captcha Phish

Source: Yara match

File source: 04956.1.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php	Matcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php	Matcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php	Matcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php	Matcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php	Matcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php	Matcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php	Matcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php	Matcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php	Matcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php	Matcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F

HTML body contains low number of good links

Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php	HTTP Parser: Number of links: 0
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php	HTTP Parser: Number of links: 0

Invalid T&C link found

Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php	HTTP Parser: Invalid link: Terms of use
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php	HTTP Parser: Invalid link: Privacy & cookies
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php	HTTP Parser: Invalid link: Terms of use
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php	HTTP Parser: Invalid link: Privacy & cookies

Suspicious form URL found

Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php	HTTP Parser: Form action: action.php
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php	HTTP Parser: Form action: action.php

No HTML title found

Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php	HTTP Parser: HTML title missing
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php	HTTP Parser: HTML title missing

Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php	HTTP Parser: No <meta name="author".. found
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php	HTTP Parser: No <meta name="author".. found

Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php	HTTP Parser: No <meta name="copyright".. found
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 190.8.176.18:443 -> 192.168.2.3:56397 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 190.8.176.18:443 -> 192.168.2.3:56396 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 9MB

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 54070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56755
Source: unknown	Network traffic detected: HTTP traffic on port 55137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56397 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54181
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57093
Source: unknown	Network traffic detected: HTTP traffic on port 63116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64258
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64458
Source: unknown	Network traffic detected: HTTP traffic on port 52352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52607
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56400
Source: unknown	Network traffic detected: HTTP traffic on port 63164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57387
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61637
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54070
Source: unknown	Network traffic detected: HTTP traffic on port 64458 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61637 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52607 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57394 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56399 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58642
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57394
Source: unknown	Network traffic detected: HTTP traffic on port 54566 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61244
Source: unknown	Network traffic detected: HTTP traffic on port 53286 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53119
Source: unknown	Network traffic detected: HTTP traffic on port 61244 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64562 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64258 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63164
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54566
Source: unknown	Network traffic detected: HTTP traffic on port 57387 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55137
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56396
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56397
Source: unknown	Network traffic detected: HTTP traffic on port 60860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56399
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53286
Source: unknown	Network traffic detected: HTTP traffic on port 56396 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58642 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64562
Source: unknown	Network traffic detected: HTTP traffic on port 53119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63116

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 65.9.63.90
Source: unknown	TCP traffic detected without corresponding DNS query: 65.9.63.90
Source: unknown	TCP traffic detected without corresponding DNS query: 65.9.63.90
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 65.9.63.90
Source: unknown	TCP traffic detected without corresponding DNS query: 65.9.63.90
Source: unknown	TCP traffic detected without corresponding DNS query: 65.9.63.90
Source: unknown	TCP traffic detected without corresponding DNS query: 65.9.63.90
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 65.9.63.90
Source: unknown	TCP traffic detected without corresponding DNS query: 65.9.63.90
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown	TCP traffic detected without corresponding DNS query: 104.17.24.14

Source: unknown	HTTPS traffic detected: 190.8.176.18:443 -> 192.168.2.3:56397 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 190.8.176.18:443 -> 192.168.2.3:56396 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\alfredo\AppData\Local\Temp\3ecff3c8-ba34-4dea-b8a0-895d33f6caea.tmp

Source: classification engine

Classification label: mal68.phis.win@26/78@5/211

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation --single-argument https://w2globaldata.cabildodeagayu.com/1/?e=bGVzLmZyZWVsYW5kQHcyZ2xvYmFsZGF0YS5jb20=
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1740,8602215867310856610,17025399359111384958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1740,8602215867310856610,17025399359111384958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-627EBCB4-628.pma

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.99	unknown	United States	15169	GOOGLEUS	false
142.250.203.106	unknown	United States	15169	GOOGLEUS	false
104.17.24.14	unknown	United States	13335	CLOUDFLARENETUS	false
104.18.10.207	unknown	United States	13335	CLOUDFLARENETUS	false
216.58.215.227	gstaticadssl.l.google.com	United States	15169	GOOGLEUS	false
142.250.203.100	www.google.com	United States	15169	GOOGLEUS	false
142.250.203.110	unknown	United States	15169	GOOGLEUS	false
142.250.185.238	clients.l.google.com	United States	15169	GOOGLEUS	false
142.250.185.227	unknown	United States	15169	GOOGLEUS	false
104.18.11.207	stackpath.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
142.250.186.109	accounts.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
65.9.63.90	unknown	United States	16509	AMAZON-02US	false
142.251.36.99	unknown	United States	15169	GOOGLEUS	false
190.8.176.18	w2globaldata.cabildodeagayu.com	Colombia	52335	ColombiaHostingCO	false
142.250.184.227	unknown	United States	15169	GOOGLEUS	false
74.125.162.166	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
127.0.0.1

Contacted Domains

Name	IP	Active
stackpath.bootstrapcdn.com	104.18.11.207	true
gstaticadssl.l.google.com	216.58.215.227	true
accounts.google.com	142.250.186.109	true
www.google.com	142.250.203.100	true
clients.l.google.com	142.250.185.238	true
w2globaldata.cabildodeagayu.com	190.8.176.18	true
clients2.google.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://www.google.com/recaptcha/api2/bframe?hl=en&v=0aeEuuJmrVqDrEL39Fsg5-UJ&k=6LcJNLsfAAAAAFLIycbaJnhsCkE1TOU4w9VVo21f	false	high
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcJNLsfAAAAAFLIycbaJnhsCkE1TOU4w9VVo21f&co=aHR0cHM6Ly93Mmdsb2JhbGRhdGEuY2FiaWxkb2RlYWdheXUuY29tOjQ0Mw..&hl=en&v=0aeEuuJmrVqDrEL39Fsg5-UJ&size=normal&cb=qvdjcd90eylf	false	high
https://w2globaldata.cabildodeagayu.com/1/main/	true	unknown
https://w2globaldata.cabildodeagayu.com/1/main/main.php	true	unknown

ID:	626007
Product:	CloudBasic
Start time:	13:16:19
Start date:	13.05.2022
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\2cad7255-ef11-4d17-a149-cb7cbc0da973.tmp	data	D43E217D38B30517C241DD35AAB238EA	3DEFD7A63BD161EC1604CD43DFA4876956034677	5DCBDB55F51B3D8119DB6DF2CCB363C8FF1FB342F111FB0ADAB34B3FD14BE434
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\4848847f-91c1-4e53-b8ed-35fa07f882ed.tmp	ASCII text, with very long lines, with no line terminators	85532D87604E7FFD74F76B888FCF35CD	912D9A09CCB746FE44AB4E4DEED493BBA4A86694	56FDAD52DEB4F11AD82FBE49D8505DAA925E661A95F5E285ABDE6154EA3C26C4
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\530b95db-01aa-4bf9-8717-dc92f8cdbc21.tmp	ASCII text, with very long lines, with no line terminators	A38124142048B310823921E6072907B6	B1B108004DF6A6F483579FB01DB97ED1FF933425	0823BAE94060DED0E622769B8A7EC1C415C0F8D9D0F08CF4C9368305A034E892
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat	data	FA7200D6F80CD1757911C45559E59C0E	89C6E99BAEC4EBB3E9A97B928FB473D1498EBA88	D9779EA4D6DD544A23C2A1C53146B6A4E596927F47DFA0680B0A7EE751D43BB2
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\0ca448c9-78d2-460b-9c92-ce1cc512665a.tmp	ASCII text, with very long lines, with no line terminators	5AD290258A8015BB03E9BFEAE5228FD5	83070FC58E2C3E23BEC5B744EBF056641B0C84BC	57A0D2D8EF4AD065A53F7DA9E5F9F2979DFC35D698A981714F0F5C6785877F1B
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\32a9dd66-c894-44c4-8624-a3edad10457a.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	D0F5B1BB535D668B66C22F812F9053F5	C69FB20CA5114D24C93D7CF62636CAF85F0801D6	2AD56F0D2A75B3AE503ECA4318F56C70AE4772E8A5F732FA7258D192D09A67FC
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\6e77c6dd-2af4-4f57-a3d0-7721bcc1bc78.tmp	MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel	1B40AC9ABB964672109D49ABFCFE2717	966E224F2887075825D42D2E7E0063BFAA81A99C	503149B1B47F8296DEDB800251DBD9AF614856F0D7E6AB1C03DBC90EBCE53674
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\75ec2c7c-8ea3-4d99-a90d-20e797765180.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\7892608a-3318-4060-8b5f-327240587eb5.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	CF0CA8828E330DA1BE47E15BE82EB0BE	C21CD5B9D29AF64ABB61FAF035595BE09433A847	50E49CC4DE51599FE63CEFCD760AF95E68834C9D5D2C3E542F41D24AC68B4BF4
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\81525b54-71fd-427a-9ba9-bf7057bb00ae.tmp	ASCII text, with very long lines, with no line terminators	CAB8BEABE7E66A4015C98A3C77B3698B	C960AAAEA7014E105290C7D0F09BFCA837C8E8CC	75431010BFE77818B8BEF4B0C4B328C00668DC6B13C09AAB769EBF58BDA4EDF7
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\81fbe44b-d8ee-4aae-9bdd-6ae85132d5bb.tmp	ASCII text, with very long lines, with no line terminators	97220FDFBA04044D6A15DB4DAC8698E8	065BDBD3BA2F61AC2E4376DC8A37FF033C8863BC	D5E528FE6CAD50AF7A8452EC7FCC86618E7AEDBFDD97DDCFB3E307E5882DA132
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\85412a21-56a5-45f0-bad0-80e2c58194b2.tmp	ASCII text, with very long lines, with no line terminators	0F962A195AD8EE0F118BBD1E5AEB7F3E	0C863C1943DC1A19DC7FF48B37FE93F2B8A20FB2	45C6B6284612483C61F5CE9CC3C15AA8E55B158E2FA201760592AB54F2570D90
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico (copy)	MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel	1B40AC9ABB964672109D49ABFCFE2717	966E224F2887075825D42D2E7E0063BFAA81A99C	503149B1B47F8296DEDB800251DBD9AF614856F0D7E6AB1C03DBC90EBCE53674
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache	data	1A9F23698EC98918476AAC655308C41A	A64588529AF9B2BCDD78A556C72A408790CEF23A	11AA07A5D1491E081B31019A2B99655053FA2F8351854DF1C0BB7CB956782348
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)	ASCII text, with very long lines, with no line terminators	5AD290258A8015BB03E9BFEAE5228FD5	83070FC58E2C3E23BEC5B744EBF056641B0C84BC	57A0D2D8EF4AD065A53F7DA9E5F9F2979DFC35D698A981714F0F5C6785877F1B
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)	UTF-8 Unicode text, with very long lines, with no line terminators	CF0CA8828E330DA1BE47E15BE82EB0BE	C21CD5B9D29AF64ABB61FAF035595BE09433A847	50E49CC4DE51599FE63CEFCD760AF95E68834C9D5D2C3E542F41D24AC68B4BF4
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\c580ce7c-653a-4d64-99a8-1fc899809a61.tmp	ASCII text, with no line terminators	038931FF72A0C6AA0695A404960B1B22	90802F36B75C3CA70FC8CD1CF8BDFBAE0E8723A4	BEF93811AE263E2E9145A44205340015843B1D4485D084BB642EAEB500FE564C
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\aa124b56-4f78-4ba5-94fa-b0cfa0122b79.tmp	ASCII text, with very long lines, with no line terminators	B9C9FA52F410F961C9E2C5C9A60FE430	FE9AF36F2C916070D5F26E575EC0119567DE87A0	90BC3A5A6719CE2FAEEDAD2CF52A87E5939FFB0AEFC21909BA013878CFBDE0ED
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\b9c35b92-094a-442c-af34-b108b9a8340b.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	2DC7AF0DD852726CDF7BA0AAAEB59694	C80579155CBBC4B8F6849A26D4341BEC82FC97AF	8EA2B6AF36C9BE136DF149781AD1E5DE7B28D47AC0FAF7AAA4130714583FA943
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000006.dbtmp	ASCII text	AEFD77F47FB84FAE5EA194496B44C67A	DCFBB6A5B8D05662C4858664F81693BB7F803B82	4166BF17B2DA789B0D0CC5C74203041D98005F5D4EF88C27E8281E00148CD611
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)	ASCII text	AEFD77F47FB84FAE5EA194496B44C67A	DCFBB6A5B8D05662C4858664F81693BB7F803B82	4166BF17B2DA789B0D0CC5C74203041D98005F5D4EF88C27E8281E00148CD611
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\e9e2db75-66d5-4f7e-a7bd-c324c0c86402.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	503A210E9D5185E0D6C9D81D037B6033	AF2DEF9BFB8E5EACB2EDD5EF3E6A612D44D236F1	E27B929B3FDAA219A7A489E11F7A5C258E073137F8CCF7AC3F88A352860D8743
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Last Browser	data	DE9EF0C5BCC012A3A1131988DEE272D8	FA9CCBDC969AC9E1474FCE773234B28D50951CD8	3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Last Version	ASCII text, with no line terminators	3A0E5D4F452CF99191634D0FFAB744A0	F115BBB898EEFF640D8D19AD44A86C3FCDFFC0AD	B9D528D3AE283039F4700C7E4E790744C58A26353A91B536DD91CBA4F648A35F
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Local State (copy)	ASCII text, with very long lines, with no line terminators	A38124142048B310823921E6072907B6	B1B108004DF6A6F483579FB01DB97ED1FF933425	0823BAE94060DED0E622769B8A7EC1C415C0F8D9D0F08CF4C9368305A034E892
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\e05789a2-3daf-4062-8dac-1827dbc15ed4.tmp	ASCII text, with very long lines, with no line terminators	465BD48390724C2AA3A188D8A6F2B3FC	C581267ACFB7E2A277EA5711CF710A6F260BF0BD	8DD1ABD02E6CD4A10CEC5AC71099B2315A4E27BF0800399E3D09475552BA7581
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\e67b92c7-a15c-44d6-bb1e-e59cd8228137.tmp	ASCII text, with very long lines, with no line terminators	6BB7B13B34F6D66910087AF9B6656C73	985EDE9D77CFD4F58F8ACF6D8BD2D288AEEF37D1	E0A32C3EA4746CC6426AF92B4CCAD0E5A65633BA8BEF0FADA563B78E5354BC37
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\fcc5d586-ccf0-4bc2-a2a6-ae982dfcd8a7.tmp	ASCII text, with very long lines, with no line terminators	0810A8AB0145A8547EEFD26801979C93	713BB02CC2B8C07A4027E837026C1C96DD35A524	D0C126D37B3FB40B28468BED61107EE86849E69BE5D1FA19D046BEC73B67EBEB
C:\Users\alfredo\AppData\Local\Temp\1576_1134994523\manifest.json	ASCII text	4AAA0ED8099ECC1DA778A9BC39393808	0E4A733A5AF337F101CFA6BEA5EBC153380F7B05	20B91160E2611D3159AD82857323FEBC906457756678AB73F305C3A1E399D18D
C:\Users\alfredo\AppData\Local\Temp\1576_1134994523\ssl_error_assistant.pb	data	E2F792C9E2DD86F39E8286B2EAD2FC70	8A32867614D2A23E473ED642056DED8E566687F9	AC354A4723AAA4F06BEC385DDDE4A4D0983AD51456F52B31A8068EC97D5B5EA7
C:\Users\alfredo\AppData\Local\Temp\25eb09e9-2886-4de2-8bde-0f87c16edbb5.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)	7F0FCE2F184F63FED8E9929FB106C282	0582EB5BFC7FCCCC1C77A860F00E351E61F5DC67	7C33F333216849E50AFC9550DA7DA4450D221B837340716ACCEE3766FFD4A62B
C:\Users\alfredo\AppData\Local\Temp\3ecff3c8-ba34-4dea-b8a0-895d33f6caea.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)	9265F02CE35EA625F3F668EC99FD4C85	55EADB7E1B4757FFE05DA3C308EC043A9AB36EB2	AFF12D4224C21AF5F3E8F3003FCA97A9E45E522E5B6CDCCB05E7CA99702F2D15
C:\Users\alfredo\AppData\Local\Temp\72e92281-8389-40f8-970f-816258898005.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)	173CA02E5B06065771DEB2F28E4E5A9E	20F1774FB280C94C13082A255C27D7A786EFD5C7	634557AE2916F2FAA0CBF2557F8F96E26845ABE94D2784FD73B169EC5618B186
C:\Users\alfredo\AppData\Local\Temp\b8a22276-17a0-4de0-b7ae-e846d4c03999.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\alfredo\AppData\Local\Temp\scoped_dir1576_1677723441\CRX_INSTALL\_locales\bg\messages.json	UTF-8 Unicode text, with CRLF line terminators	6F8E288A9AD5B1ED8633B430E2B4D4CA	F671D3D4BEFA431D1946D706F4192D44E29B6F08	A114E2783D0E9B12155017323BA70838F0F82A71C7EE8DC1F115AE36991241F8
C:\Users\alfredo\AppData\Local\Temp\scoped_dir1576_1677723441\CRX_INSTALL\_locales\ca\messages.json	UTF-8 Unicode text, with CRLF line terminators	1FDAFC926391BD580B655FBAF46ED260	C95743C3F43B2B099FEBEBC5BD850F0C20E820AC	C67898B67F9C9209EAFDA6532B62D5789863CFB855998DD6A70E7775316CEC20
C:\Users\alfredo\AppData\Local\Temp\scoped_dir1576_1677723441\CRX_INSTALL\_locales\cs\messages.json	UTF-8 Unicode text, with CRLF line terminators	76DEC64ED1556180B452A13C83171883	CFB1E56FD587BCDC459C1D9A683B71F9849058F9	32290D69A90E6BAAC428B10382C99221B12773BB9A184F3B93DFB48A4F6D7A40
C:\Users\alfredo\AppData\Local\Temp\scoped_dir1576_1677723441\CRX_INSTALL\_locales\da\messages.json	UTF-8 Unicode text, with CRLF line terminators	238B97A36E411E42FF37CEFAF2927ED1	4E47AC90BA24C8F4724D9293FA40CFD4ADA66FE0	4977D4A053542FF66967FAED6B06585DD70E68E20BFEB533B66FE3287F9655D9
C:\Users\alfredo\AppData\Local\Temp\scoped_dir1576_1677723441\CRX_INSTALL\_locales\de\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B3E916E8C1991AA0453CBA00FEDCAAA	D6366D15912E40CA107FD42BFE9579C3336A51F9	A62FFAB910E31531758EEE48B2CC71A8857BEC3021DEAD50B668CBA3C8667053
C:\Users\alfredo\AppData\Local\Temp\scoped_dir1576_1677723441\CRX_INSTALL\_locales\el\messages.json	UTF-8 Unicode text, with CRLF line terminators	05C437A322C1148B5F78B2F341339147	AB53003A678E44A170E73711FBD9949833BBF3AA	A052C32B4FCAC61152EB0ADB2C260FB6A8256AD104AA0013DB93E9798D41A070
C:\Users\alfredo\AppData\Local\Temp\scoped_dir1576_1677723441\CRX_INSTALL\_locales\en\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\alfredo\AppData\Local\Temp\scoped_dir1576_1677723441\CRX_INSTALL\_locales\es\messages.json	UTF-8 Unicode text, with CRLF line terminators	82719BD3999AD66193A9B0BB525F97CD	41194D511F1ACC16C1CA828AC81C18C8C6B47287	4DB9B2721E625C18B9E05C04B31AF5D9694712F1CAAF6219ABE34BB08E5DB1C7
C:\Users\alfredo\AppData\Local\Temp\scoped_dir1576_1677723441\CRX_INSTALL\_locales\es_419\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B2583D8D1C147E36A69A88009CBEBC7	4D4DEEB4BE6AA0181825F3371A761ABC5B4D5937	6659BC3705311D7641A73995DCFEA80C7734F2F4EBBC3787B3892A240348324F
C:\Users\alfredo\AppData\Local\Temp\scoped_dir1576_1677723441\CRX_INSTALL\_locales\et\messages.json	UTF-8 Unicode text, with CRLF line terminators	CFF6CB76EC724B17C1BC920726CB35A7	14ED068251D65A840F00C05409D705259D329FFC	C85800BF45942FCC7FD6B1DF929C25F9CC2A977A6678966BD03D4B6B69889AFD
C:\Users\alfredo\AppData\Local\Temp\scoped_dir1576_1677723441\CRX_INSTALL\_locales\fi\messages.json	UTF-8 Unicode text, with CRLF line terminators	3A01FEE829445C482D1721FF63153D16	F3EAAADDC03F943FC88B30B67F534AA13E3336DD	0BDE54B20845124113383B6EB81E43A0F05E4EB0C44BEE3C1DFAC4CC5FEC2836
C:\Users\alfredo\AppData\Local\Temp\scoped_dir1576_1677723441\CRX_INSTALL\_locales\fil\messages.json	ASCII text, with CRLF line terminators	57AF5B654270A945BDA8053A83353A06	EEEF7A4F869F97CF471A05D345E74F982D15E167	EC002ED92359F67818B49455DFC579E140368E6A004080AF022FD4F57F6B03F2
C:\Users\alfredo\AppData\Local\Temp\scoped_dir1576_1677723441\CRX_INSTALL\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	0834821960CB5C6E9D477AEF649CB2E4	7D25F027D7CEE9E94E9CBDEE1F9220C8D20A1588	52A24FA2FB3BCB18D9D8571AE385C4A830FF98CE4C18384D40A84EA7F6BA7F69
C:\Users\alfredo\AppData\Local\Temp\scoped_dir1576_1677723441\CRX_INSTALL\craw_background.js	ASCII text, with very long lines	6EEBED29E6A6301E92A9B8B347807F5F	65DFB69B650560551110B33DCBA50B25E5B876DE	04CD9494B0ED83924DAD12202630B20D053D9E2819C8E826A386C814CC0A1697
C:\Users\alfredo\AppData\Local\Temp\scoped_dir1576_1677723441\CRX_INSTALL\craw_window.js	ASCII text, with very long lines	1709B6F00A136241185161AA3DF46A06	33DA7D262FFED1A5C2D85B7390E9DBC830CBE494	5721A4B3F8E09C869A629EFFD350B51C9D46F0AC136717D4DB6265C0EE6F9AC8
C:\Users\alfredo\AppData\Local\Temp\scoped_dir1576_1677723441\CRX_INSTALL\css\craw_window.css	ASCII text	67BF9AABE17541852F9DDFF8245096CD	A4AC74DD258E8E0689034FAA1B15A5C7C56DC3BB	10DFBD2D98950B79EE12F6B8E3885AABE31543048DE56AD4FC0A5E34D0D9D4EC
C:\Users\alfredo\AppData\Local\Temp\scoped_dir1576_1677723441\CRX_INSTALL\html\craw_window.html	HTML document, ASCII text	34A839BC40DEBC746BBD181D9EF9310C	8B4EAA74D31EED5B0BABA3CA5460201F6B10DA46	BB8742615E4CD996AE5D0200E443AE6A6F0B473255F03AFFDB8FB4660DE4554D
C:\Users\alfredo\AppData\Local\Temp\scoped_dir1576_1677723441\CRX_INSTALL\images\flapper.gif	GIF image data, version 89a, 30 x 30	398ABB308EEBC355DA70BCE907B22E29	CFFB77B8A1724B8F81D98C6D6AD0071D10162252	2B73533F47A99FFEA9CC405FFAFA9C4C53623F62487AEBFBA415945120B22040
C:\Users\alfredo\AppData\Local\Temp\scoped_dir1576_1677723441\CRX_INSTALL\images\icon_128.png	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	4DBC9F9E6F5A08D299BAC9E54DF07694	BB38F5DE34B1E0BE1109220BA55271087A4D9EA5	91C2718DD23B4356D71F88F6146868369033291086DF327534546DFA459BEB0E
C:\Users\alfredo\AppData\Local\Temp\scoped_dir1576_1677723441\CRX_INSTALL\images\icon_16.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	FB9C46EA81AD3E456D90D58697C12C06	5FC450F7D73CCFAC8F0D818CB3392BA4D91B69DE	016CA659BA080E194FBFC0929602B16506ED60AA6019FAA51410C4FD93B583E8
C:\Users\alfredo\AppData\Local\Temp\scoped_dir1576_1677723441\CRX_INSTALL\images\topbar_floating_button.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	8803665A6328D23CC1014A7B0E9BE295	9DA6EE729D5A6E9F30658B8EC954710F107A641F	D5F9234DC36E7FFA85F35B2359A4F82276F8395EFA76E4553507EA990B27FC6C
C:\Users\alfredo\AppData\Local\Temp\scoped_dir1576_1677723441\CRX_INSTALL\images\topbar_floating_button_close.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	0599DFD9107C7647F27E69331B0A7D75	3198C0A5F34DB67F91A0035DBC297354CBC95525	131817CD9311C03DF22D769DD2AD7FA2E6E9558863A89F7E5E1657424031A937
C:\Users\alfredo\AppData\Local\Temp\scoped_dir1576_1677723441\CRX_INSTALL\images\topbar_floating_button_hover.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	7CB6B9DC1A30F63B8BD976924B75AD96	0C40B0C496D2F2B5F2021C117EC8610AC03AB469	721B7AAA9A42A54A349881615A12E3A26983ACA48E173FD2F66E66AA0D725735
C:\Users\alfredo\AppData\Local\Temp\scoped_dir1576_1677723441\CRX_INSTALL\images\topbar_floating_button_maximize.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	232CE72808B60CBE0F4FA788A76523DF	721A9C98C835D2CD734153BBE07833C6637ECD68	AFA4EA944CBDEC8543242E627EF46D5BFD3766DCAC664E7E50CDEEF2B352740C
C:\Users\alfredo\AppData\Local\Temp\scoped_dir1576_1677723441\CRX_INSTALL\images\topbar_floating_button_pressed.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	E0862317407F2D54C85E12945799413B	FA557F8F761A04C41C9A4BA81994E43C6C275DBB	5C10CE0589EB115600F77381130B70AE0B7B3752614D86D4C89E857658AA222B
C:\Users\alfredo\AppData\Local\Temp\scoped_dir1576_1677723441\CRX_INSTALL\manifest.json	ASCII text, with CRLF line terminators	01334FB9D092AF2AA46C4185E405C627	47AD3C0E82362FFE5B881DF8D71D6F79AB7F5796	F52714812D68C577A445169D11E84DF6751C2D6886BC429643072BB5D61C6C27
C:\Users\alfredo\AppData\Roaming\Microsoft\Spelling\en-US\default.dic	Little-endian UTF-16 Unicode text, with no line terminators	F3B25701FE362EC84616A93A45CE9998	D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB	B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209

Windows Analysis Report
https://w2globaldata.cabildodeagayu.com/1/?e=bGVzLmZyZWVsYW5kQHcyZ2xvYmFsZGF0YS5jb20=

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://w2globaldata.cabildodeagayu.com/1/?e=bGVzLmZyZWVsYW5kQHcyZ2xvYmFsZGF0YS5jb20=

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://w2globaldata.cabildodeagayu.com/1/?e=bGVzLmZyZWVsYW5kQHcyZ2xvYmFsZGF0YS5jb20=