Edit tour

Windows Analysis Report
https://cividalepaolo.com/

Overview

General Information

Sample URL:	https://cividalepaolo.com/
Analysis ID:	1430217

Detection

HtmlDropper, HTMLPhisher

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Html Dropper

Yara detected HtmlPhish10

Phishing site detected (based on image similarity)

HTML body contains low number of good links

HTML page contains hidden URLs or javascript code

HTML title does not match URL

Invalid 'forgot password' link found

Invalid 'sign-in options' or 'sign-up' link found

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 4360 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://cividalepaolo.com/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2940 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1960,i,16208424059208573599,12733978456342960569,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
2.5.pages.csv	JoeSecurity_HtmlDropper_3	Yara detected Html Dropper	Joe Security
2.5.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
3.7.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
3.8.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
2.5.pages.csv	JoeSecurity_HtmlDropper_3	Yara detected Html Dropper	Joe Security
2.5.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
3.7.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
2.5.pages.csv	JoeSecurity_HtmlDropper_3	Yara detected Html Dropper	Joe Security
2.5.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
3.9.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
3.8.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
Click to see the 6 entries

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 2.5.pages.csv, type: HTML
Source: Yara match	File source: 3.7.pages.csv, type: HTML
Source: Yara match	File source: 3.8.pages.csv, type: HTML
Source: Yara match	File source: 2.5.pages.csv, type: HTML
Source: Yara match	File source: 3.7.pages.csv, type: HTML
Source: Yara match	File source: 2.5.pages.csv, type: HTML
Source: Yara match	File source: 3.9.pages.csv, type: HTML
Source: Yara match	File source: 3.8.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://cividalepaolo.com/271af8f3d119ef179555782afdad5106662770812a32bLOG271af8f3d119ef179555782afdad5106662770812a32c	Matcher: Found strong image similarity, brand: MICROSOFT
Source: https://cividalepaolo.com/271af8f3d119ef179555782afdad51066627709059886PAS271af8f3d119ef179555782afdad5106662770905988a	Matcher: Found strong image similarity, brand: MICROSOFT

Source: https://cividalepaolo.com/271af8f3d119ef179555782afdad5106662770812a32bLOG271af8f3d119ef179555782afdad5106662770812a32c	HTTP Parser: Number of links: 0
Source: https://cividalepaolo.com/271af8f3d119ef179555782afdad51066627709059886PAS271af8f3d119ef179555782afdad5106662770905988a	HTTP Parser: Number of links: 0

Source: https://cividalepaolo.com/

HTTP Parser: Base64 decoded: https://cividalepaolo.com/

Source: https://cividalepaolo.com/271af8f3d119ef179555782afdad5106662770812a32bLOG271af8f3d119ef179555782afdad5106662770812a32c	HTTP Parser: Title: 8329c6aeb7ba550d829825cd13ac8d12662770812a305 does not match URL
Source: https://cividalepaolo.com/271af8f3d119ef179555782afdad51066627709059886PAS271af8f3d119ef179555782afdad5106662770905988a	HTTP Parser: Title: 8329c6aeb7ba550d829825cd13ac8d12662770812a305 does not match URL

Source: https://cividalepaolo.com/271af8f3d119ef179555782afdad51066627709059886PAS271af8f3d119ef179555782afdad5106662770905988a

HTTP Parser: Invalid link: FCoCrCgCoCtC CmCyC CpCaCsCsCwCoCrCd

Source: https://cividalepaolo.com/271af8f3d119ef179555782afdad5106662770812a32bLOG271af8f3d119ef179555782afdad5106662770812a32c

HTTP Parser: Invalid link: get a new Microsoft account

Source: https://cividalepaolo.com/271af8f3d119ef179555782afdad51066627709059886PAS271af8f3d119ef179555782afdad5106662770905988a

HTTP Parser: <input type="password" .../> found

Source: https://cividalepaolo.com/	HTTP Parser: No favicon
Source: https://cividalepaolo.com/	HTTP Parser: No favicon
Source: https://cividalepaolo.com/	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/kl4rm/0x4AAAAAAADnPIDROrmt1Wwj/light/normal	HTTP Parser: No favicon
Source: https://cividalepaolo.com/271af8f3d119ef179555782afdad5106662770812a32bLOG271af8f3d119ef179555782afdad5106662770812a32c	HTTP Parser: No favicon
Source: https://cividalepaolo.com/271af8f3d119ef179555782afdad51066627709059886PAS271af8f3d119ef179555782afdad5106662770905988a	HTTP Parser: No favicon
Source: https://cividalepaolo.com/271af8f3d119ef179555782afdad51066627709059886PAS271af8f3d119ef179555782afdad5106662770905988a	HTTP Parser: No favicon
Source: https://cividalepaolo.com/271af8f3d119ef179555782afdad51066627709059886PAS271af8f3d119ef179555782afdad5106662770905988a	HTTP Parser: No favicon
Source: https://cividalepaolo.com/271af8f3d119ef179555782afdad51066627709059886PAS271af8f3d119ef179555782afdad5106662770905988a	HTTP Parser: No favicon

Source: https://cividalepaolo.com/271af8f3d119ef179555782afdad5106662770812a32bLOG271af8f3d119ef179555782afdad5106662770812a32c	HTTP Parser: No <meta name="author".. found
Source: https://cividalepaolo.com/271af8f3d119ef179555782afdad51066627709059886PAS271af8f3d119ef179555782afdad5106662770905988a	HTTP Parser: No <meta name="author".. found
Source: https://cividalepaolo.com/271af8f3d119ef179555782afdad51066627709059886PAS271af8f3d119ef179555782afdad5106662770905988a	HTTP Parser: No <meta name="author".. found
Source: https://cividalepaolo.com/271af8f3d119ef179555782afdad51066627709059886PAS271af8f3d119ef179555782afdad5106662770905988a	HTTP Parser: No <meta name="author".. found

Source: https://cividalepaolo.com/271af8f3d119ef179555782afdad5106662770812a32bLOG271af8f3d119ef179555782afdad5106662770812a32c	HTTP Parser: No <meta name="copyright".. found
Source: https://cividalepaolo.com/271af8f3d119ef179555782afdad51066627709059886PAS271af8f3d119ef179555782afdad5106662770905988a	HTTP Parser: No <meta name="copyright".. found
Source: https://cividalepaolo.com/271af8f3d119ef179555782afdad51066627709059886PAS271af8f3d119ef179555782afdad5106662770905988a	HTTP Parser: No <meta name="copyright".. found
Source: https://cividalepaolo.com/271af8f3d119ef179555782afdad51066627709059886PAS271af8f3d119ef179555782afdad5106662770905988a	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.46.214.6:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.46.214.6:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49788 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.214.6
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50

Source: unknown

DNS traffic detected: queries for: cividalepaolo.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.46.214.6:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.46.214.6:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49788 version: TLS 1.2

Source: classification engine

Classification label: mal60.phis.troj.win@21/24@20/132

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://cividalepaolo.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1960,i,16208424059208573599,12733978456342960569,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1960,i,16208424059208573599,12733978456342960569,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Data Obfuscation

Yara detected Html Dropper

Source: Yara match	File source: 2.5.pages.csv, type: HTML
Source: Yara match	File source: 2.5.pages.csv, type: HTML
Source: Yara match	File source: 2.5.pages.csv, type: HTML

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://cividalepaolo.com/	0%	Virustotal		Browse
https://cividalepaolo.com/	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
cividalepaolo.com	104.21.47.156	true	false	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	high
challenges.cloudflare.com	104.17.3.184	true	false	high
www.google.com	108.177.122.105	true	false	high
unpkg.com	104.17.246.203	true	false	high

Contacted URLs

Name	Malicious	Reputation
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/kl4rm/0x4AAAAAAADnPIDROrmt1Wwj/light/normal	false	high
https://cividalepaolo.com/271af8f3d119ef179555782afdad51066627709059886PAS271af8f3d119ef179555782afdad5106662770905988a	true	unknown
https://cividalepaolo.com/271af8f3d119ef179555782afdad5106662770812a32bLOG271af8f3d119ef179555782afdad5106662770812a32c	true	unknown
https://cividalepaolo.com/	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.246.203	unpkg.com	United States	13335	CLOUDFLARENETUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
104.21.47.156	cividalepaolo.com	United States	13335	CLOUDFLARENETUS	false
142.250.105.102	unknown	United States	15169	GOOGLEUS	false
142.250.105.101	unknown	United States	15169	GOOGLEUS	false
104.17.3.184	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.251.15.94	unknown	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
108.177.122.95	unknown	United States	15169	GOOGLEUS	false
108.177.122.105	www.google.com	United States	15169	GOOGLEUS	false
74.125.138.94	unknown	United States	15169	GOOGLEUS	false
172.217.215.84	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16
127.0.0.1

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1430217
Start date and time:	2024-04-23 10:24:58 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://cividalepaolo.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.phis.troj.win@21/24@20/132

Warnings

Exclude process from analysis (whitelisted): SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 74.125.138.94, 142.250.105.102, 142.250.105.138, 142.250.105.100, 142.250.105.139, 142.250.105.101, 142.250.105.113, 172.217.215.84, 34.104.35.123
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 07:25:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9844243152655703
Encrypted:	false
SSDEEP:
MD5:	454B2D2172ABF3B87507CAA5F9E1DECA
SHA1:	72A2832127D7AEFDBA3D8861335D84FAA2934B39
SHA-256:	5A82190CA60DBE461F07CD084D581ECADDEE4ECBED66355CE8EC8C9B74788985
SHA-512:	A014E656AA41F2F0553C44E7C1F123CF63DE1A202837EEE4696AAB9DCEB129BA6718EA5C16E10BA8D8C55F5E1142142936C47738DEEB3B0470C621ED4C270DB5
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,........W...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X&C....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X-C....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X-C....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X-C..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X/C...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............7......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 07:25:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.0008907672750285
Encrypted:	false
SSDEEP:
MD5:	F7C78A54FEBC0378FE074936B5A32158
SHA1:	4852581746024F99589385710BE1F281AD1A6708
SHA-256:	E5FBF6F6FE4CF7A61F034CF422593B304A8A570DDD995391065809D10CC6560D
SHA-512:	2DFBDE2425978CEED27751778D2F07254EF77DF911D90ED0FBCAB62867FADF3E617D3A6A47A20BBC176B6DADF6C71E30609F97FBA363EA74FE24CAA302874702
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......W...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X&C....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X-C....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X-C....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X-C..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X/C...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............7......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.006661565162226
Encrypted:	false
SSDEEP:
MD5:	6C5F46484BDA0424F64B74AEA1F67ABA
SHA1:	316CBDF7F6BDED5A7AC41B42695CC2BC11BBD391
SHA-256:	8AC22D64FECE3200CE5135FEA9D2AE343FC9E1665931CFD2A7E29E86B9B8F201
SHA-512:	C9B1620595D5A7A52741EF88387EC1E0CB80F9D6042211CE699E3562EC9D4BD54278A78B070683101107F057BA6B158D9110D62BCDAACBE5AC6B69E85124F84B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X&C....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X-C....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X-C....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X-C..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............7......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 07:25:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9965843113022013
Encrypted:	false
SSDEEP:
MD5:	838EAC9B7E537FE27837756ECC223772
SHA1:	68A64F47272773466C18A80475C66F00D4DB7043
SHA-256:	6D0328BF4036B180207A13E868AEED6720AB6DA43177776C6D2294E3C67FD9CF
SHA-512:	2F2E2540E2B0A8B0F98F4A3B13DBFE24D5821B5E3183EF67386DFC51BA284B8F9EEFADA561D9881E77D4D1EF8B03F38ACCD559991AD5BD9AF5503157EA427187
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....a..W...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X&C....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X-C....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X-C....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X-C..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X/C...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............7......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 07:25:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.985948255123305
Encrypted:	false
SSDEEP:
MD5:	5B887ED4893D29F8C00E933E68AE4EB3
SHA1:	7FC7BBCADC2CAD2C5D3852A481972036D8CAA308
SHA-256:	84AE7B1A7A6FCF19E7AD29318F1AC3F0BC2CD2EEF0980108892CEDCDCB20B59A
SHA-512:	51F616CFB4E2CD6A93992954641604B7268C3C66890D943AB8AF37FE5A5A5A2935D12A715CA6A9C2C3B844B8048838F3304C3D7D97A3FF5A63239525D34EA79B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,........W...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X&C....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X-C....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X-C....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X-C..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X/C...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............7......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 07:25:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9971530653297354
Encrypted:	false
SSDEEP:
MD5:	E823DF8EE25ADB0621038C45A8D740EE
SHA1:	D28F993BA1127F80156C68EDCCED58A6B1E755AD
SHA-256:	3B3C909A86FD473DB17BEA6DA34EFA624883CE32070EEE55D1A35A4D43438C90
SHA-512:	F4113E02793B3C3B71516465B490C3FBCB95DA949B12FC6A4FC12C6FE65E3509C838589614B7A3D37E445786B89A7C900FF8276A1252405482F517404FE58409
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....(...W...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X&C....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X-C....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X-C....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X-C..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X/C...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............7......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	unknown
URL:	https://cividalepaolo.com/jq/c49a38906f1489800dba7751fcca5399662770916d3b2
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	61
Entropy (8bit):	3.990210155325004
Encrypted:	false
SSDEEP:
MD5:	9246CCA8FC3C00F50035F28E9F6B7F7D
SHA1:	3AA538440F70873B574F40CD793060F53EC17A5D
SHA-256:	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
SHA-512:	A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 31 x 66, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	4.002585360278503
Encrypted:	false
SSDEEP:
MD5:	6FB005C14F3BC012374422753E621179
SHA1:	E4713D94749E591E87F3314C1CA68A2C64849025
SHA-256:	CA851E26FF733D38EC57A66B39F0EC3BC41885A36ABACA0FD32E97E983D51319
SHA-512:	17210BEEFA43775D6E47E7C2F23190476140F65C206EB4EF79E07D385F57A47FC2E6816DC5D18BBB167B986B62EBF7E919CE244DD6A932A4E702BA861EA78C9E
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/878c769858f4b0d0/1713860731089/N_7PFW5ajJm2TXr
Preview:	.PNG........IHDR.......B..... .G....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	105369
Entropy (8bit):	5.240719144154261
Encrypted:	false
SSDEEP:
MD5:	8E6B0F88563F9C33F78BCE65CF287DF7
SHA1:	EF7765CD2A7D64ED27DD7344702597AFF6F8C397
SHA-256:	A7057BEBFFF43E7281CA31DA00D40BD88C8D02D1576B9C45891DD56A3853269A
SHA-512:	7DCE31D45ACA40340490B9F437A22ADF212B049DE0D4DDEB908A50C1F5C6C7B5561323B3A93B6ED3E5A7C44D7170460BFF8D8722749191C0F5A8DBD83E093E7F
Malicious:	false
Reputation:	unknown
URL:	https://cividalepaolo.com/APP-c49a38906f1489800dba7751fcca53996627708372409/c49a38906f1489800dba7751fcca5399662770837240a
Preview:	html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	306493
Entropy (8bit):	7.715068170696433
Encrypted:	false
SSDEEP:
MD5:	7D07C247E8DFD5BFAF9A7169B5C402BD
SHA1:	392CC7836CA5418F3E65CC67F5680B2A359399DC
SHA-256:	345F500582FB5CFC20DF5426C6B54BB0BCAA62EB0249A4A661DC9716A9EDC006
SHA-512:	7004443DE5B756F63B9CC5498AE8B33540F82297250DF5996E9510F653D2ACFFC1B6AB0FB5B955131EC9AF60BA33F34C52D277563FE9C78214B0C53DF2DFE541
Malicious:	false
Reputation:	unknown
URL:	https://cividalepaolo.com/ASSETS/img/BIMG-6627709587af6.css
Preview:	.PNG........IHDR.......8........C....bKGD..............IDATx...[o].'z~.s.m9O._..'.a.#Y.Ul. .Z.m]bI.t.C..$@.hAF3.C.2/.I.......IP...N.\.....{.=.\.2.c^.x.C.^s.M.....3?..o.{h~....?...?./).......,(2.4....XI..}..l~..s7F~x.....7..9..w.t.....U.s.i..?...{..K....?.....?...$..g.HgL..7....5.....(.Z..`.X.....).3.....y.,....../.q..z....3h..........2........yny...8....G....y.<.c:.:o.s~........R..~3x.k~}.w~......)0...<W.)6owrm......7.,X~....@.m1...Z.9.....?..2o.yc... .M..$...?M.O.....c.v~..9.y\_.n..w...{z...s....?:.....g........o..........`.v...\|e...}.`..7.H;...2.f..Ky#._Q.e.....g...F...g2...K..Z.....s...q... .~..81.....3.Z{..1..I..]..18_...c.;.. ......^.^.....\..?..t..E]..\|..7N.Z......_w..<6........vB`.y...?[0&....`..O......h...2.f.f(f.f.f.......D....w.......w=.........2w..{ma.M..K....\|...".)#.........t..!. ...'..j.3..!p....Z8.+0..:...x9[....>@".....;..K......p/.8o....aV........!p............&F`.9...7.qY G`..p.0.s............6.Li#.a..........S.0.f.......n

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	513
Entropy (8bit):	4.720499940334011
Encrypted:	false
SSDEEP:
MD5:	A9CC2824EF3517B6C4160DCF8FF7D410
SHA1:	8DB9AEBAD84CA6E4225BFDD2458FF3821CC4F064
SHA-256:	34F9DB946E89F031A80DFCA7B16B2B686469C9886441261AE70A44DA1DFA2D58
SHA-512:	AA3DDAB0A1CFF9533F9A668ABA4FB5E3D75ED9F8AFF8A1CAA4C29F9126D85FF4529E82712C0119D2E81035D1CE1CC491FF9473384D211317D4D00E0E234AD97F
Malicious:	false
Reputation:	unknown
URL:	https://cividalepaolo.com/e/c49a38906f1489800dba7751fcca53996627709337b99
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>assets</title><path d="M18,11.578v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944.594.594L7.617,11.578Z" fill="#404040"/><path d="M10.944,7.056l.594.594L7.617,11.578H18v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944m0-.141-.071.07L5.929,11.929,5.858,12l.071.071,4.944,4.944.071.07.071-.07.594-.595.071-.07-.071-.071L7.858,12.522H18.1V11.478H7.858l3.751-3.757.071-.071-.071-.07-.594-.595-.071-.07Z" fill="#404040"/></svg>

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (6357), with no line terminators
Category:	downloaded
Size (bytes):	6357
Entropy (8bit):	5.243003524346767
Encrypted:	false
SSDEEP:
MD5:	82FF6E77E3B8F004B23294185E108264
SHA1:	03C685B50FD4587427495348CD1231882A8C48D0
SHA-256:	0E230A53A5D5ABD125C2A8E1CDD97B32DDD84A9F7FD07C23BFF95413886B05FA
SHA-512:	4A2CE7166010BDAEBFA09A7D7F8F858AB28FFF7128F4EF650D8BD0214E3AECADE963D29A4BC5B27E820FF45B3827B6BE69F519DC890118FD423D5375B3893758
Malicious:	false
Reputation:	unknown
URL:	https://cividalepaolo.com/jm/c49a38906f1489800dba7751fcca5399662770916d3b9
Preview:	var _0x93a3bf=_0x2d52;(function(_0x547797,_0x18550f){var _0x59203=_0x2d52,_0x4480cd=_0x547797();while(!![]){try{var _0xcc5b57=-parseInt(_0x59203(0xeb))/0x1+parseInt(_0x59203(0x10b))/0x2(-parseInt(_0x59203(0xfa))/0x3)+-parseInt(_0x59203(0xd9))/0x4+-parseInt(_0x59203(0xe4))/0x5(parseInt(_0x59203(0xe0))/0x6)+parseInt(_0x59203(0xfb))/0x7+parseInt(_0x59203(0xe3))/0x8(-parseInt(_0x59203(0xec))/0x9)+-parseInt(_0x59203(0xd7))/0xa(-parseInt(_0x59203(0xcb))/0xb);if(_0xcc5b57===_0x18550f)break;else _0x4480cd['push'](_0x4480cd['shift']());}catch(_0x1f86db){_0x4480cd['push'](_0x4480cd['shift']());}}}(_0x5821,0xf115f));var _0x743837=(function(){var _0x2211cb=!![];return function(_0x41026e,_0x2b42dd){var _0x50a8cc=_0x2211cb?function(){var _0x2a2063=_0x2d52;if(_0x2b42dd){var _0x1cceff=_0x2b42dd[_0x2a2063(0xdb)](_0x41026e,arguments);return _0x2b42dd=null,_0x1cceff;}}:function(){};return _0x2211cb=![],_0x50a8cc;};}()),_0x4a9cd1=_0x743837(this,function(){var _0x3e2c84=_0x2d52;return _0x4a9cd1[_0x3e2c

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:
MD5:	D6B82198AF25D0139723AF9E44D3D23A
SHA1:	D60DEEF1847EEEF1889803E9D3ADC7EDA220F544
SHA-256:	A5C8CC49FA6649BE393EF22C2B31F1C46B671F8D763F783ED6D7B4E33669BDA3
SHA-512:	B21BEE2EEC588308A9DC3C3C2405377704B39B08AA20CBA40BA6E6834E67CF6F2C086E0701F5B05AEE27E2677E9C5C24FF137318275ACA00DD063DF3DCC07D4D
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAnGbgYclUvsWBIFDVd69_0=?alt=proto
Preview:	CgkKBw1Xevf9GgA=

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	unknown
URL:	https://cividalepaolo.com/ASSETS/img/m_.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (7043), with no line terminators
Category:	downloaded
Size (bytes):	7043
Entropy (8bit):	5.2804407743048944
Encrypted:	false
SSDEEP:
MD5:	B6C202188699B897BB727A68EDD24665
SHA1:	FF3B891E06C983DCA277C1D7D874C8EB8084EB96
SHA-256:	184A034CB9202937BF012AFF8C81E0747B7CA8F8F9E6115556FDB09D5BAEC419
SHA-512:	AD8D243B156841EC27CA057CF1E0F64B8802E0DF64F79000739605CDE2C9A9FA1E3E24D153AB34A7AA66F726FC701816CA116052F4129AF3FB78D8F4057EE9F8
Malicious:	false
Reputation:	unknown
URL:	https://cividalepaolo.com/js/c49a38906f1489800dba7751fcca539966277081c8b2a
Preview:	var _0x22d5b4=_0xe936;function _0xe936(_0x110d0f,_0x2b91a9){var _0x5afc29=_0x2e89();return _0xe936=function(_0x5e8034,_0x1649af){_0x5e8034=_0x5e8034-0x12d;var _0x41bfe8=_0x5afc29[_0x5e8034];return _0x41bfe8;},_0xe936(_0x110d0f,_0x2b91a9);}(function(_0x18f255,_0x432ca9){var _0xb8cc2=_0xe936,_0x553352=_0x18f255();while(!![]){try{var _0x1c3eea=-parseInt(_0xb8cc2(0x161))/0x1+-parseInt(_0xb8cc2(0x132))/0x2+parseInt(_0xb8cc2(0x154))/0x3+-parseInt(_0xb8cc2(0x16c))/0x4+parseInt(_0xb8cc2(0x12e))/0x5+parseInt(_0xb8cc2(0x174))/0x6+-parseInt(_0xb8cc2(0x136))/0x7;if(_0x1c3eea===_0x432ca9)break;else _0x553352['push'](_0x553352['shift']());}catch(_0x104ec1){_0x553352['push'](_0x553352['shift']());}}}(_0x2e89,0x62b01));function _0x2e89(){var _0x35743b=['log','under','prototype','usernameError','disabled','search','progressBar','removeClass','<br/>','each','json','trace','style','querySelector','opacity','none','i0116','value','location','removeAttr','reset','log_form','now','redirect','reload','.light

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (41442)
Category:	downloaded
Size (bytes):	41481
Entropy (8bit):	5.31009549751899
Encrypted:	false
SSDEEP:
MD5:	3B5B3D36FDE8FFE8ED76B1EFBFC65410
SHA1:	D63107D0912FDB387530D5CE2D512C928D73D122
SHA-256:	29D600462A30694EFD15B9848B4CA42D178CD067009275C35A30580121114304
SHA-512:	3C96B7A1048B59107BC0767B190FE0FAACAFEABE266EE8668836FC06348567C359D9AE36A13B40AB99F4B9C580C1C403962900B64B9BFAD3D50B0E27A76ED60A
Malicious:	false
Reputation:	unknown
URL:	https://unpkg.com/axios@1.6.8/dist/axios.min.js
Preview:	!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e\|\|self).axios=t()}(this,(function(){"use strict";function e(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function t(t){for(var r=1;r<arguments.length;r++){var n=null!=arguments[r]?arguments[r]:{};r%2?e(Object(n),!0).forEach((function(e){c(t,e,n[e])})):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(n)):e(Object(n)).forEach((function(e){Object.defineProperty(t,e,Object.getOwnPropertyDescriptor(n,e))}))}return t}function r(){r=function(){return t};var e,t={},n=Object.prototype,o=n.hasOwnProperty,i=Object.defineProperty\|\|function(e,t,r){e[t]=r.value},a="function"==typeof Symbol?Symbol:{},s=a.iterator\|\|"@@

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (4020)
Category:	downloaded
Size (bytes):	4464
Entropy (8bit):	5.576091122733652
Encrypted:	false
SSDEEP:
MD5:	87151A083ABC2EEFA62DDFFC1113E91D
SHA1:	45152BCE209B71B43DC1B3306F85CFF45E1CE68B
SHA-256:	14681A2C87D182EAAB525926006531A4105DADCE618403CD318AF8BC09B640CE
SHA-512:	0121E6B54EA0C777CE0F8132CF91B7609A3EC94EF0F232B8F1DB003AC7DFD80C5C0BA729A3983D6C88940A2CD444F1DC6F748EB7E819609046A16EA5BBFEFCC4
Malicious:	false
Reputation:	unknown
URL:	https://cividalepaolo.com/271af8f3d119ef179555782afdad5106662770812a32bLOG271af8f3d119ef179555782afdad5106662770812a32c
Preview:	<!DOCTYPE html>.<html>.<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">. <title></title>. <script src="jq/c49a38906f1489800dba7751fcca539966277081c8b25"></script>. <script src="boot/c49a38906f1489800dba7751fcca539966277081c8b29"></script>. <script src="js/c49a38906f1489800dba7751fcca539966277081c8b2a"></script>.</head>..<script type="text/javascript">.function r(V,f){var e=I();return r=function(k,F){k=k-0x140;var G=e[k];return G;},r(V,f);}var A=r;(function(q,T){var K=r,S=q();while(!![]){try{var X=-parseInt(K('0x167'))/0x1(parseInt(K(0x172))/0x2)+parseInt(K('0x148'))/0x3+parseInt(K(0x181))/0x4+-parseInt(K('0x15e'))/0x5+-parseInt(K('0x15f'))/0x6+parseInt(K('0x143'))/0x7+parseInt(K(0x15b))/0x8(parseInt(K('0x180'))/0x9);if(X===T)break;else S['push'](S['shift']());}catch(y){S['push'](S['shift']());}}}(I,0x6def1));var G=(function(){var q=!![];return function(T,S){var X=q?function(){var t=r;if(S){var y=S[t('0x

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1592
Entropy (8bit):	4.205005284721148
Encrypted:	false
SSDEEP:
MD5:	4E48046CE74F4B89D45037C90576BFAC
SHA1:	4A41B3B51ED787F7B33294202DA72220C7CD2C32
SHA-256:	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
SHA-512:	B2BBA2A68EDAA1A08CFA31ED058AFB5E6A3150AABB9A78DB9F5CCC2364186D44A015986A57707B57E2CC855FA7DA57861AD19FC4E7006C2C239C98063FE903CF
Malicious:	false
Reputation:	unknown
URL:	https://cividalepaolo.com/ASSETS/img/sig-op.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><defs><style>.a{fill:none;}.b{fill:#404040;}</style></defs><rect class="a" width="48" height="48"/><path class="b" d="M40,32.578V40H32V36H28V32H24V28.766A10.689,10.689,0,0,1,19,30a10.9,10.9,0,0,1-5.547-1.5,11.106,11.106,0,0,1-2.219-1.719A11.373,11.373,0,0,1,9.5,24.547a10.4,10.4,0,0,1-1.109-2.625A11.616,11.616,0,0,1,8,19a10.9,10.9,0,0,1,1.5-5.547,11.106,11.106,0,0,1,1.719-2.219A11.373,11.373,0,0,1,13.453,9.5a10.4,10.4,0,0,1,2.625-1.109A11.616,11.616,0,0,1,19,8a10.9,10.9,0,0,1,5.547,1.5,11.106,11.106,0,0,1,2.219,1.719A11.373,11.373,0,0,1,28.5,13.453a10.4,10.4,0,0,1,1.109,2.625A11.616,11.616,0,0,1,30,19a10.015,10.015,0,0,1-.125,1.578,10.879,10.879,0,0,1-.359,1.531Zm-2,.844L27.219,22.641a14.716,14.716,0,0,0,.562-1.782A7.751,7.751,0,0,0,28,19a8.786,8.786,0,0,0-.7-3.5,8.9,8.9,0,0,0-1.938-2.859A9.269,9.269,0,0,0,22.5,10.719,8.9,8.9,0,0,0,19,10a8.786,8.786,0,0,0-3.5.7,8.9,8.9,0,0,0-2.859,1.938A9.269,9.269,0,0,0,

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.0572271090563765
Encrypted:	false
SSDEEP:
MD5:	A34AC19F4AFAE63ADC5D2F7BC970C07F
SHA1:	A82190FC530C265AA40A045C21770D967F4767B8
SHA-256:	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
SHA-512:	42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
Malicious:	false
Reputation:	unknown
URL:	https://cividalepaolo.com/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (42414)
Category:	downloaded
Size (bytes):	42415
Entropy (8bit):	5.374174676958316
Encrypted:	false
SSDEEP:
MD5:	F94A2211CE789A95A7C67E8C660D63E8
SHA1:	F1FC19B6BCB96D0A905BF3192AAFF0885FF9F36F
SHA-256:	926DC3302F99EC05E4206E965DDEB7250F5910A8C38E82C7BEAFB724BBAAF37B
SHA-512:	EAC0FC89C2D6CCEB9F4C18DFC610DFF8BC194D3994F0C74B3D991F8423C6DADE11D805E76124596521C58AFA9939B45D2D3157F0A48626E12548020FC38364D3
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?onload=ZbqNq8&render=explicit
Preview:	"use strict";(function(){function bt(e,r,t,o,u,s,m){try{var b=e[s](m),h=b.value}catch(d){t(d);return}b.done?r(h):Promise.resolve(h).then(o,u)}function Et(e){return function(){var r=this,t=arguments;return new Promise(function(o,u){var s=e.apply(r,t);function m(h){bt(s,o,u,m,b,"next",h)}function b(h){bt(s,o,u,m,b,"throw",h)}m(void 0)})}}function M(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):M(e,r)}function Ie(e,r,t){return r in e?Object.defineProperty(e,r,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[r]=t,e}function Ve(e){for(var r=1;r<arguments.length;r++){var t=arguments[r]!=null?arguments[r]:{},o=Object.keys(t);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(t).filter(function(u){return Object.getOwnPropertyDescriptor(t,u).enumerable}))),o.forEach(function(u){Ie(e,u,t[u])})}return e}function fr(e,r){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 108 x 24, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	1637
Entropy (8bit):	6.669128973210611
Encrypted:	false
SSDEEP:
MD5:	EE236805D05E24861CE1B6B0E7D94B8D
SHA1:	D46828CF9DF268DDAF62FACF15590A447116AEB8
SHA-256:	175986272200FB72DA9A598D30016BBDA9DDCAA9E6E3F07EB94BC74196D4B805
SHA-512:	7AB26F51D3F8F1CAAF208D86A62558593FF6DD99617A5D3D42648F0F4AEA1FCE766BCA8D0D6E2A8AABF82A6F4024CA2C3DCA588EDE6C5973D631B0E575271315
Malicious:	false
Reputation:	unknown
URL:	https://cividalepaolo.com/ASSETS/img/LIMG-662770947bf90.css
Preview:	.PNG........IHDR...l.........(..(...mPLTE.........UUU...fff...mmm...qqq...jjjmmmxxxqqqyyysssmmmooouuupppvvvqqqvvvrrrwwwpppqqqqqquuurrrvvvpppsssqqqtttqqqrrruuusssqqqtttrrrtttuuusssuuusssqqqttttttrrrtttsssuuussssssrrrtttrrrtttsssssssssrrrtttrrrtttsssrrrrrrrrrtttrrrtttssssssrrrsssrrrrrrtttssstttsssssstttssstttssstttsssrrrrrrtttssstttssstttsssrrrrrrsssssstttsssrrrsssssssssttttttsssrrrssssssssstttssstttsssrrrsssssssssttttttsssrrrsssrrrsssssssssssstttssstttrrrsssssssssssstttsssssssssssstttssssssssssssssssssssstttssssssssssssssssss...sss....P!...sssssssssrrrsssssssssssssssssstttssssss...sss....P"...ssssssssssssssssssrrrssssssssssssssssssssssss...sss....P"........%'....tRNS.......................... "$%&')*+,-1236789;<=>?@BCDEFGIJMNOPRTUVWX[\^`abcdfghiklmnosuvwxyz{}...........................................................................................................N>......bKGD.........IDATH....W.e...k.2....(.+c.,....h....1.A......B4Z.L1.l1.r..M-Q36A........}...C.x}}.}~.~n~.;._..O:......

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1864
Entropy (8bit):	5.222032823730197
Encrypted:	false
SSDEEP:
MD5:	BC3D32A696895F78C19DF6C717586A5D
SHA1:	9191CB156A30A3ED79C44C0A16C95159E8FF689D
SHA-256:	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
SHA-512:	8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
Malicious:	false
Reputation:	unknown
URL:	https://cividalepaolo.com/x/c49a38906f1489800dba7751fcca5399662770837240f
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:
MD5:	011B17B116126E6E0C4A9B0DE9145805
SHA1:	DF63A6EB731FFCE96F79802EFF6D53D00CDA42BC
SHA-256:	3418E6E704387A99F1611EB7BB883328A438BA600971E6D692E8BEA60F10B179
SHA-512:	BB432E96AF588E0B19CBD8BC228C87989FE578167FD1F3831C7E50D2D86DE11016FB93679FEF189B39085E9151EB9A6EB2986155C65DD0FE95EC85454D32AE7D
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAnfnriJJ1_wWhIFDdFbUVI=?alt=proto
Preview:	CgkKBw3RW1FSGgA=

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://cividalepaolo.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 115

Chrome Cache Entry: 84

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 90

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 95

Chrome Cache Entry: 96

Chrome Cache Entry: 98

Static File Info

Windows Analysis Report
https://cividalepaolo.com/