Edit tour

Windows Analysis Report
https://grupposandonato-it.weebly.com/

Overview

General Information

Sample URL:	https://grupposandonato-it.weebly.com/
Analysis ID:	1371160
Infos:

Detection

HTMLPhisher

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish20

Creates files inside the system directory

Found iframes

HTML body contains low number of good links

HTML title does not match URL

Stores files to the Windows start menu directory

Suspicious form URL found

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 2648 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://grupposandonato-it.weebly.com/ MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 5880 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1972,i,14395380639396899442,17740904874196804692,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_125	JoeSecurity_HtmlPhish_20	Yara detected HtmlPhish_20	Joe Security

HTML

Source	Rule	Description	Author
0.1.pages.csv	JoeSecurity_HtmlPhish_20	Yara detected HtmlPhish_20	Joe Security
0.4.pages.csv	JoeSecurity_HtmlPhish_20	Yara detected HtmlPhish_20	Joe Security
0.6.pages.csv	JoeSecurity_HtmlPhish_20	Yara detected HtmlPhish_20	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary
• Boot Survival

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected HtmlPhish20

Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: 0.4.pages.csv, type: HTML
Source: Yara match	File source: 0.6.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_125, type: DROPPED

Source: https://grupposandonato-it.weebly.com/	HTTP Parser: Iframe src: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fgrupposandonato-it.weebly.com
Source: https://grupposandonato-it.weebly.com/	HTTP Parser: Iframe src: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fgrupposandonato-it.weebly.com
Source: https://grupposandonato-it.weebly.com/	HTTP Parser: Iframe src: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fgrupposandonato-it.weebly.com

Source: https://grupposandonato-it.weebly.com/

HTTP Parser: Number of links: 1

Source: https://grupposandonato-it.weebly.com/

HTTP Parser: Title: GSD Webmail::Benvenuto in GSD Webmail webmail.grupposandonato.it - Home does not match URL

Source: https://grupposandonato-it.weebly.com/	HTTP Parser: Form action: https://grupposandonato-it.weebly.com/ajax/apps/formSubmitAjax.php
Source: https://grupposandonato-it.weebly.com/	HTTP Parser: Form action: https://grupposandonato-it.weebly.com/ajax/apps/formSubmitAjax.php
Source: https://grupposandonato-it.weebly.com/	HTTP Parser: Form action: https://grupposandonato-it.weebly.com/ajax/apps/formSubmitAjax.php

Source: https://grupposandonato-it.weebly.com/	HTTP Parser: No favicon
Source: https://grupposandonato-it.weebly.com/	HTTP Parser: No favicon
Source: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fgrupposandonato-it.weebly.com	HTTP Parser: No favicon
Source: https://grupposandonato-it.weebly.com/ajax/apps/formSubmitAjax.php	HTTP Parser: No favicon
Source: https://grupposandonato-it.weebly.com/	HTTP Parser: No favicon

Source: https://grupposandonato-it.weebly.com/	HTTP Parser: No <meta name="author".. found
Source: https://grupposandonato-it.weebly.com/	HTTP Parser: No <meta name="author".. found
Source: https://grupposandonato-it.weebly.com/	HTTP Parser: No <meta name="author".. found

Source: https://grupposandonato-it.weebly.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://grupposandonato-it.weebly.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://grupposandonato-it.weebly.com/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.58:443 -> 192.168.2.17:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49770 version: TLS 1.2

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 13.67.144.177
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.84
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58

Source: unknown

DNS traffic detected: queries for: grupposandonato-it.weebly.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49684 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.58:443 -> 192.168.2.17:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49770 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_2648_1017762929

Source: classification engine

Classification label: mal48.phis.win@15/125@42/240

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://grupposandonato-it.weebly.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1972,i,14395380639396899442,17740904874196804692,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1972,i,14395380639396899442,17740904874196804692,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
1 Drive-by Compromise	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	13 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://grupposandonato-it.weebly.com/	0%	Avira URL Cloud	safe
https://grupposandonato-it.weebly.com/	1%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
weebly.map.fastly.net	0%	Virustotal		Browse
platform.twitter.map.fastly.net	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
about:blank	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
pages-wildcard.weebly.com	199.34.228.54	true	false		high
scontent.xx.fbcdn.net	157.240.249.8	true	false		high
accounts.google.com	142.250.123.84	true	false		high
sp-2020021412301152490000000a-1069308460.us-west-2.elb.amazonaws.com	54.187.168.252	true	false		high
weebly.map.fastly.net	151.101.1.46	true	false	0%, Virustotal, Browse	unknown
www.google.com	142.250.191.228	true	false		high
clients.l.google.com	172.217.1.110	true	false		high
platform.twitter.map.fastly.net	146.75.80.157	true	false	0%, Virustotal, Browse	unknown
syndication.twitter.com	104.244.42.136	true	false		high
clients1.google.com	unknown	unknown	false		high
ec.editmysite.com	unknown	unknown	false		high
clients2.google.com	unknown	unknown	false		high
cdn2.editmysite.com	unknown	unknown	false		high
grupposandonato-it.weebly.com	unknown	unknown	false		high
platform.twitter.com	unknown	unknown	false		high
connect.facebook.net	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://grupposandonato-it.weebly.com/	false		high
https://grupposandonato-it.weebly.com/ajax/apps/formSubmitAjax.php	false		high
about:blank	false	Avira URL Cloud: safe	low
https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fgrupposandonato-it.weebly.com	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.190.131	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
142.250.191.228	www.google.com	United States	15169	GOOGLEUS	false
142.250.190.35	unknown	United States	15169	GOOGLEUS	false
146.75.80.157	platform.twitter.map.fastly.net	Sweden	30051	SCCGOVUS	false
104.244.42.136	syndication.twitter.com	United States	13414	TWITTERUS	false
157.240.249.8	scontent.xx.fbcdn.net	United States	32934	FACEBOOKUS	false
151.101.1.46	weebly.map.fastly.net	United States	54113	FASTLYUS	false
104.244.42.8	unknown	United States	13414	TWITTERUS	false
172.217.1.110	clients.l.google.com	United States	15169	GOOGLEUS	false
142.251.32.14	unknown	United States	15169	GOOGLEUS	false
104.244.42.72	unknown	United States	13414	TWITTERUS	false
199.34.228.54	pages-wildcard.weebly.com	United States	27647	WEEBLYUS	false
199.34.228.53	unknown	United States	27647	WEEBLYUS	false
54.187.168.252	sp-2020021412301152490000000a-1069308460.us-west-2.elb.amazonaws.com	United States	16509	AMAZON-02US	false
142.250.123.84	accounts.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.251.32.10	unknown	United States	15169	GOOGLEUS	false
54.71.32.193	unknown	United States	16509	AMAZON-02US	false
142.250.191.200	unknown	United States	15169	GOOGLEUS	false
172.217.2.35	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.17
192.168.2.30

General Information

Joe Sandbox version:	38.0.0 Ammolite
Analysis ID:	1371160
Start date and time:	2024-01-08 11:32:03 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://grupposandonato-it.weebly.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.win@15/125@42/240

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Excluded IPs from analysis (whitelisted): 142.250.190.131, 34.104.35.123, 142.250.191.200, 142.251.32.10, 172.217.0.170, 142.250.191.106, 142.250.191.138, 142.250.191.234, 142.250.191.202, 172.217.2.35, 172.217.0.174, 172.217.2.46
Excluded domains from analysis (whitelisted): clientservices.googleapis.com
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.014114080036451
Encrypted:	false
SSDEEP:
MD5:	991A61A821D4A0C01E418A99D30DE379
SHA1:	5332CCD68EE6E96564BC6CC554EBBE2F2638CDEE
SHA-256:	3433B7590D17434C188E6017911C071300E2283E1A63021778C7A4BC1FA9B6C8
SHA-512:	125479640632FC2739FFD3083B253EB86E139426A7B03036C833D0D55046550B910431F54DE1ECBA87B6541D8C12A208966A50AF03F086C0B48385AFF1D677BE
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I(X.T....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V(X.T....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V(X.T....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V(X.T...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............z.g.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jan 8 09:32:36 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.005285218718227
Encrypted:	false
SSDEEP:
MD5:	8E83B4DA46F0DF050C47FB8889521B0D
SHA1:	4A23B6B86228E38BF3D1A08AAEC29F80F0094D70
SHA-256:	B8FED9E4B13B6B3E1210561B5411E239968F9556977BC539D535C73DF7ABEBF3
SHA-512:	0B0F05AD8BA4A6246A3F6868C5CF32B04204E62279B243B6085530ABB6C6C260A54D5557A9135C8461CC2DD6A39D0C43698EA6ECA8DF62F2CC2FA46BC0830B58
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......8..B......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I(X.T....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V(X.T....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V(X.T....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V(X.T...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V(X.T...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............z.g.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	40
Entropy (8bit):	4.168453957701921
Encrypted:	false
SSDEEP:
MD5:	F160C3129805A1DC53AEF9896CE3C5E6
SHA1:	6FB21563B86168412BBB1812701F4B32CF00FDB6
SHA-256:	B486AC39E3ACF9327B58BC9F366E609E6F3B01ED8CC0457D99B6958B402E5769
SHA-512:	CDB19074205DBD952E3EDE59BA4E934FDAFB2D9266AE66EE2147E54954D6EBB015C569D99832C59F739B16A931C07A1287F23F76527E1EE80CCE29A1E0B09985
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSHgnPL2YDUSXbWRIFDffQXSsSBQ002-SCEgUNNg6TCQ==?alt=proto
Preview:	ChsKBw330F0rGgAKBw002+SCGgAKBw02DpMJGgA=

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 10468
Category:	downloaded
Size (bytes):	3057
Entropy (8bit):	7.9386843119957655
Encrypted:	false
SSDEEP:
MD5:	E40FF88AD90D55D689BAB21F4F9A3FCC
SHA1:	192D3DCD1F0B21E463119AF538AB865A3AEF4E31
SHA-256:	F18F7FFCE8A69A63C008A209CD796A013F42A6785D91F92789058297ED87C55F
SHA-512:	3329AD7F4F8532283DB21A8C4917934952BEDEC21FCC876C89BE252C41B957D68D22F4C86CA90EF71028A09D5D89D6DA2F496C3E6FDCBAFA2C977D83627DE6B7
Malicious:	false
Reputation:	low
URL:	https://grupposandonato-it.weebly.com/files/theme/mobile.js
Preview:	...........Z.s...N....T./O./r.k..M;.4..7i.......$T...&.....@R......H.......R..lFJ....~PD..U5..L.-..d..?~...#W.}..\|..\|..O....._S.E...2.........QI.z.e.xE...p...z#v.Zw.z..R.[Qg..C.....L....TS ...B...T.%.VL.\.JOK..M:K.;....6.b.!.....D...]o....k...g.r.......J...W...OIR^\.[...i:...C<....b...h..>...%.n...+.X..n.......g...y..L).....1O..?n..%....;r..X~`.&Z.Zq.....l..k+...z..`.....%.Dm...0Rw!Vn.F...q$.-I.>...G...4.k9I&.m.4SN.d.......x.rs{..#...Vk...b.n`l5......V$...........\|~.n.?n.ML.J.'..G....ki..pb~.^...A.wN.... .-/..~t.[...cP.4J...5.,@o8.....C.p.fWb.J.....{..2..9n.$..q{\|..g.$ ......2\|.\|?..-S=.0N.e...h^p.0....WBv.N}{<..+)J#...g.0....0........)..\|...4._..3......8..s..-.}..N.......pt&j.q..Q.3[O..I..(..fx..v...?AwL.z.uO.x)g8-......`m.F]z.=Qi^..2...].u~m....i./.....a..y?&s...A1....l<M...J4........N.0.I6&9W...e*.P..........G."...-..#....:......pt..r?.d^...(..H..l....o..Q{kYk.....G..6l..0...U^0yJ...[.=Pe..?3..h J....E..{...cw.9..2..c.>ZWFOl0g.uV.^.nA.

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	93
Entropy (8bit):	4.557646177371536
Encrypted:	false
SSDEEP:
MD5:	6860C2AC649E0EB1DFCE1DFFE035BD8F
SHA1:	D6A1D081934A4EB841902F02337AB3BD4ABA691F
SHA-256:	9D65C695106B65784ABE7D80566D05B18663096EA17581AF0C8619EE5D76379B
SHA-512:	D751A9F009461C024772B9C107C17BEB35EB5BDDF3B9FB05210BF7A0721603F24A3E4E6EAE2ABAE58271C003E23002790DD8D1622A17BCE6ECD96136E04B2282
Malicious:	false
Reputation:	low
Preview:	{"jsonrpc":"2.0","method":null,"error":{"code":-32600,"message":"Invalid Request"},"id":null}

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 12848, version 1.0
Category:	downloaded
Size (bytes):	12848
Entropy (8bit):	7.986262228528304
Encrypted:	false
SSDEEP:
MD5:	F0B3206D02A2F684530117CE1D7E8CE0
SHA1:	F3708B707B65E241B0F1C819D5F7BF7DA8412653
SHA-256:	F31B80562610135EDD91A86EC7F243C5EEAEC2EC08337E6A20C2D135D8E217DA
SHA-512:	319019C97A520D9D0FAC5487D614C41B7C766BDE2A60724966054B232427490817FF46E9F6AC82165343D50732C02E7F4821F4074908FE58775E3CEFE6812026
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/fonts/Montserrat/bold.woff2
Preview:	wOF2......20......{...1..........................v..H..4.`?STATD........D.u..@..6.$..\|. ..d. ...%kEGk.80@...E.b}...8.'....!..E.._X.....^...Ydj.e".7.-...........1]1."....o....p..).+...`0.H?s.&.h.D.."3........@V.._E@......s.{.....$.&.[k..Zv..r..a..[..2....-...T....`c.5E{s...J..........m...]m<>\.....(.@.K.S....../..R...9].&$ad0..`.Jf..;...[.,1.5zv70z...R.0..eY.-....;s.8..c.r.lJ....#0..$..;......M.YI...{....V....@......3.7.I%...);G..... ................9@.0.......)................C.<.6.p.K.$...`....J..s......q..r..B.Q.0.c.:..W....Fe.!........jU..\...p.?b........v....7..=..C..$.,s.D$...>.5..[..'......:..2.p...A..R2.. D..D..D.DD.TD.lD."D.Z.N..MoD_..... (h.Z# @K..1..dk!..5. {.....G.7....9O8..q..q0.}.Q....G......8.,.v...l'v.................I.-.aL.K....M?....P....%x..1..O...X..$..LU.. ...D%. .@6,/.@.t...4...n.$.....D.UA.\|..o.z;I....Tjk=Ym..p..H.4.{QX..F...<.b)&.#..Ho.<.W...?..C...V.eU.#.....z.PU.O....6..+..Eb..[...Zf...R.:..>.~.;...%...!..b_.X.`.Bt..

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	4286
Entropy (8bit):	4.191445610755576
Encrypted:	false
SSDEEP:
MD5:	4D27526198AC873CCEC96935198E0FB9
SHA1:	B98D8B73AD6A0F7477C3397561B4AAB37BF262AA
SHA-256:	40A2146151863BCF46C786D596E81A308D1B0D26D74635BE441E92656F29B1B4
SHA-512:	1EE4B73F4DA9C2B237CD0B820FFAD8E192D9125CE7D75D8A45A8B9642CE5FE85736646CAF12D246A77364C576751C47919997D066587F17575442A9B9F7CC97F
Malicious:	false
Reputation:	low
URL:	https://grupposandonato-it.weebly.com/favicon.ico
Preview:	...... .... .........(... ...@..... .....................................................................................................................................................................................................................................................................................................................D;3.C;4.D;3.D<3.D<3.D<6.A2".Pc..........M>5.....E;4.D;3.D;3.D<3.F<5.E<4.................................................F?4.ID5.D<37C;3.C;2.C;2.C;2.C;3.D<3LE=3.E=2.D<3.D=3.C<2QC;2.C;2.C;2.C;2.D;3.D;46JB;.G>6.....................................E;4.H<5.D;3]C;2.C;2.C;2.C;2.C;2.C;2.C;2.D<2.G<3.G<4.D<3.C;2.C;2.C;2.C;2.C;2.C;2.C;2.D<3[C=7.C<4.............................H<7.B;1.D<3CC;2.C;2.C;2.C;2.C;2.C;2.C;2.C;2.C;2.D<2nD<3sC;2.C;2.C;2.C;2.C;2.C;2.C;2.C;2.C;2.D<3@B:3.HA2.........................D<3.E<4.C;2.C;2.C;2.C;2.D<2.C;2bD<3pC<2.C;2.C;2.C;2.C;2.C;2.C;2.C;2.D<3lD<3^D;2.C;2.C;2.C;2.C;2.E<3.D<3.........................C;2.D<3FC;2.C;2.C;2.D;2.F=3.E=

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 18308, version 1.0
Category:	downloaded
Size (bytes):	18308
Entropy (8bit):	7.986827908201202
Encrypted:	false
SSDEEP:
MD5:	5394BCFE7A186BE1C99DC8688E5A9C6D
SHA1:	9F39F63AF40A24E01442E32857704F64BA3BE606
SHA-256:	78F5413A0D04F3331122D49F10507A6C290AFE4D441FC49A968C7779331AEDB4
SHA-512:	058249DB5D6ABB42195702541F717EE8F6B4ABA1CB315109C901A395006F273A25C23D430888C1CE8001065DE0946F01A126C9AACEA64CC0D504F5B95C37E7D5
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/fonts/Yellowtail/regular.woff2
Preview:	wOF2......G........8..G............................V..`........C..4..6.$..d. .....w..p3...A.axK...Q..QU....."...X.n.Uf.........l....>[<..Sa.=..1F....0..DT.D..,.BD%.,D.#jV,.Qk7..ts..W..((...nrQ{.....j.[.jI..{{_..L ...p1(.)......H..v....A...^..2....\|s..m!...B>..k..........~V...T..x@.~.f......`w..`..`.......{..UR.......@.@...=....D..t!"8g......M.)`.$I...........o.'L.....n....yErHp<....?.hw"'+g.%p`.....s....T.S..D.....#.&....s.m..i.T.i..S..cje....S.Ji....{.5....s....2.g...2.u...W.".!ah....... p......ns]....5..........\|^......d.;...T...;.V.j.....O.:"...-.(e.:.F`.X.E.....].<.[...C.1.Q..h......s3....l.x..).....l,$.\..9..:...]..ol....\|2....g......cf6t....s.........}.@.9.~.S.y.....L2..8.W.`...k..)A..&5f.&.Z..*.@...xA\|..T.X 42P.....0..Dl....G..Q.H!.xs.}.........r...`(..n..qR_.}.yn..+. U.mUb.,.z.qJ=8.......g..d.N...'...f...\|v~1..E.9uLj..0..}u.$..3...9..E...c..^..)...9.....##.v.d.!.}................i,.1/.C....p.k........#...@/.j.J.F......9d.#....\...

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 23040, version 1.0
Category:	downloaded
Size (bytes):	23040
Entropy (8bit):	7.990788476764561
Encrypted:	true
SSDEEP:
MD5:	DE69CF9E514DF447D1B0BB16F49D2457
SHA1:	2AC78601179C3A63BA3F3F3081556B12DDCAF655
SHA-256:	C447DD7677B419DB7B21DBDFC6277C7816A913FFDA76FD2E52702DF538DE0E49
SHA-512:	4AEBB7E54D88827D4A02808F04901C0D09B756C518202B056A6C0F664948F5585221D16967F546E064187C6545ACEF15D59B68D0A7A59897BD899D3E9DDA37B1
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/fonts/Lato/bold.woff2
Preview:	wOF2......Z........8..Y...........................B.p.`..D....e.....d.....B..6.$..v. .....E.K...5l\e.v.~S$}.".8.....5.E....s...ai`W.u..8a2C..JuBj....x.....%.u.C.......p..c...7...+.1.GS.3...F_....-..`#........]...T.....x....&..{.....V..,..&~$D.#.P..\|gzz...B.7..m.3....HH.l.....Dj.F.X.....U..+.Q...T.`...ST...1...0....io`zu@.J2....3]}0.X...,..+"...............(k.CGl......`.y.._....3.t!O.,X:t.3....lw..U../:..b.]....V.$.y....G.....H..IN....bQ.+ \@....;...C3...c.l..i/....#..I.).Y...]...s..$K!..Tr...g%\|r.D.#.Y{..R..We...X.?...r.@...G.{..>..4^..b..,.z........T..[.ru#.7..{..G....J.3......Lz.C].of$Y2..^...>@L..P.........7..bB.....6f...ec.i..{._\...A.I.Lcy.Qm".....k.^.d.K(x7U...c.o.......}.T......iL..!.Z.......[O...%...*'?........^I./..;t.4%.....S...4....wY.b9.%.b...,.....tC..9.Z...V..CHnA.S.-.u$m.\....7{,..K{(.."....._...\|{.VowE@E@@..Zg.....`8..b..Z...^....l+...R..%.L.b...._..E.j9\+.L.#J.........?&...&..scE..b..Jc.8...V....L 1./k.3..7w....x..-.....

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	2572
Entropy (8bit):	4.945146156053133
Encrypted:	false
SSDEEP:
MD5:	8748EEC74F3E1353FF5D59C4FC793928
SHA1:	5C585058EBE43354156E0C7F1C40937128804FA7
SHA-256:	CB2642E037C6E74EACE100541B7E6776ECAF14371B49E4DECF7831BFB0A7147B
SHA-512:	360BB4E82191143E02A51FEE5D7E0853C088F52F2DE251F8C532DD7C75AB9DEF60B669D11D06E222715CAD122E5B8B1A80B4449CA4A0E803B088B0550FFB848B
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/fonts/Lato/font.css?2
Preview:	.@font-face {. font-family: 'Lato';. font-style: normal;. font-weight: 300;. src: url('./light.eot'); /* IE9 Compat Modes /. src: url('./light.eot?#iefix') format('embedded-opentype'), / IE6-IE8 /. url('./light.woff2') format('woff2'), / Super Modern Browsers /. url('./light.woff') format('woff'), / Modern Browsers /. url('./light.ttf') format('truetype'); / Safari, Android, iOS /.}..@font-face {. font-family: 'Lato';. font-style: italic;. font-weight: 300;. src: url('./lightitalic.eot'); / IE9 Compat Modes /. src: url('./lightitalic.eot?#iefix') format('embedded-opentype'), / IE6-IE8 /. url('./lightitalic.woff2') format('woff2'), / Super Modern Browsers /. url('./lightitalic.woff') format('woff'), / Modern Browsers /. url('./lightitalic.ttf') format('truetype'); / Safari, Android, iOS /.}..@font-face {. font-family: 'Lato';. font-style: normal;. font-weight: 400;. src: url('./regular.eot'); / IE9 Compat Modes */. s

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	869
Entropy (8bit):	4.555358776272458
Encrypted:	false
SSDEEP:
MD5:	0CFD90FA5A29DBCF70B736FF209D4C77
SHA1:	11F7050E23340FF0AFFCE5E1CBC5595E2852D96D
SHA-256:	302DA628A6AFC3E93F1B86BF7C65E4D6536D8283D78266964822A76D1C645AA4
SHA-512:	0DABBAF3830E5F63B8B26F23858C092357BC42F6D07F0B64870073D6D7C044F78ABF1CAED6B1B47376B377B85824126AC85F4E19F3E39183D7FF43183DDC0843
Malicious:	false
Reputation:	low
URL:	https://syndication.twitter.com/settings?session_id=b79b391a84ad63aac753393ef9e085e9c997017e
Preview:	{"should_obtain_cookie_consent":true,"features":{"tfw_timeline_list":{"bucket":[],"version":null},"tfw_follower_count_sunset":{"bucket":true,"version":null},"tfw_tweet_edit_backend":{"bucket":"on","version":null},"tfw_refsrc_session":{"bucket":"on","version":null},"tfw_fosnr_soft_interventions_enabled":{"bucket":"on","version":null},"tfw_mixed_media_15897":{"bucket":"treatment","version":null},"tfw_experiments_cookie_expiration":{"bucket":1209600,"version":null},"tfw_show_birdwatch_pivots_enabled":{"bucket":"on","version":null},"tfw_duplicate_scribes_to_settings":{"bucket":"on","version":null},"tfw_use_profile_image_shape_enabled":{"bucket":"on","version":null},"tfw_video_hls_dynamic_manifests_15082":{"bucket":"true_bitrate","version":null},"tfw_legacy_timeline_sunset":{"bucket":true,"version":null},"tfw_tweet_edit_frontend":{"bucket":"on","version":null}}}

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	852
Entropy (8bit):	4.904698699119914
Encrypted:	false
SSDEEP:
MD5:	91B360AE11A20A31E6A9CA60C6F6C691
SHA1:	EC3C5C553A20655C54B0A5577A15ABE576EFA9B1
SHA-256:	CF91769AE11889AD46B8090D0D4D58A4621F2BCEA35D1D8D96EA5E38BA34EE73
SHA-512:	DD4EF54C19FA63B71EA71137D66665BF07C031983CBB4D1D108D99DA9EE82255B8E72A0828AED446818A80D3B284504F77626F8E789506C459CB316FE008CAF4
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/fonts/Montserrat/font.css?2
Preview:	.@font-face {. font-family: 'Montserrat';. font-style: normal;. font-weight: 400;. src: url('./regular.eot'); /* IE9 Compat Modes /. src: url('./regular.eot?#iefix') format('embedded-opentype'), / IE6-IE8 /. url('./regular.woff2') format('woff2'), / Super Modern Browsers /. url('./regular.woff') format('woff'), / Modern Browsers /. url('./regular.ttf') format('truetype'); / Safari, Android, iOS /.}..@font-face {. font-family: 'Montserrat';. font-style: normal;. font-weight: 700;. src: url('./bold.eot'); / IE9 Compat Modes /. src: url('./bold.eot?#iefix') format('embedded-opentype'), / IE6-IE8 /. url('./bold.woff2') format('woff2'), / Super Modern Browsers /. url('./bold.woff') format('woff'), / Modern Browsers /. url('./bold.ttf') format('truetype'); / Safari, Android, iOS */.}

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 33375
Category:	downloaded
Size (bytes):	5812
Entropy (8bit):	7.964244934875784
Encrypted:	false
SSDEEP:
MD5:	ED6F6A1715D9E9AB02A3221C773D1701
SHA1:	F41746DB9112F7F9C74A5B1CFFFE10FEAFED2829
SHA-256:	F2BB273707FD220ED23386FB768E4A59CC72206924500E92F06D974B3FFA0909
SHA-512:	F2F1D162691B8726F7C4A366C4D06634C0CFB70D25D6F1B7F2611C0B8A7295CBCFD9FF7EF34AE595DED21823886B7678BB2387ECCF817DA64C2D47C45693DC33
Malicious:	false
Reputation:	low
URL:	https://grupposandonato-it.weebly.com/files/main_style.css?1704662929
Preview:	...........=k..q..+.O].#..i...V.\|.......sU..q.(....H...qS..A.E<. 4...nggw....F....h..I...$...=....}K...{5I.-.$.=L.MS....v)...1k.]....U....vjzh\...H?I..x...mv./...yM.Y.+.d.!9fEQ.;....+."...l...:Z[......No.....K2..\|.X.UY.tO......1x.,'....PV/..u..eV.e......k...V..=9...lG.....I..'R.....V........W%....F..wM..R..H.#...#.~?....l....B..@}?..oO$...q'a]./p..5....X...U.)..........e}.~/.E-?.m..@.....JW.9\|.,x{\|.`...Y.\O.o[:.I.eu.v.-...3.6Gn...mNuA.....C.Dy9}...!.$........X..:....l.duOG...@.C..H.&......?.......v...4.@56..)}d.....)S..q(...7.N}c...Q.;..e.S...h..Uw..n...F{...0..9.8S..-l.a...NE..k...OiY...!..8R@f..&.+....x.e1..7GF.l.1Z.i<Qh$...\|$.E6eERR.}...O.......S...V..m..:...6...)....-e3A1.<..... ..RA,Y7l.k..TP_b..[75.Z.U..l._.._.-......s..$o..2.ia7....Q.s..R..#.S...K.$d.tA.6.%7.......-..GZN(...u_...W......R.../...g...j..."...oT..).......A......e..?[X!TY..NW..=^..`.(.#...fy\|N.f(..,.+...pl..X}m6..oj...7..........(..G.m.........\T..*.S.I.c......W..

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1722
Entropy (8bit):	4.940994955517386
Encrypted:	false
SSDEEP:
MD5:	D87B73EF85C643C2E0F0B08C555A36F9
SHA1:	4FD3EA3805F2AC8637FFADDC650BCC64855E5A94
SHA-256:	F4DCAF50F775C3BAE13F4D0EEB11BD382AE20830245D0B50CAD6457792955014
SHA-512:	077B1309C7BE001147B9BBB3294F6AB2EC2FF7DD4372B001296DD05B66274F7072CEED0A463A728D28CBDE4F4FFC01285B61EF5CD9F3FF858E77913067CB08FC
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/fonts/Vollkorn/font.css?2
Preview:	.@font-face {. font-family: 'Vollkorn';. font-style: normal;. font-weight: 400;. src: url('./regular.eot'); /* IE9 Compat Modes /. src: url('./regular.eot?#iefix') format('embedded-opentype'), / IE6-IE8 /. url('./regular.woff2') format('woff2'), / Super Modern Browsers /. url('./regular.woff') format('woff'), / Modern Browsers /. url('./regular.ttf') format('truetype'); / Safari, Android, iOS /.}..@font-face {. font-family: 'Vollkorn';. font-style: normal;. font-weight: 700;. src: url('./bold.eot'); / IE9 Compat Modes /. src: url('./bold.eot?#iefix') format('embedded-opentype'), / IE6-IE8 /. url('./bold.woff2') format('woff2'), / Super Modern Browsers /. url('./bold.woff') format('woff'), / Modern Browsers /. url('./bold.ttf') format('truetype'); / Safari, Android, iOS /.}..@font-face {. font-family: 'Vollkorn';. font-style: italic;. font-weight: 400;. src: url('./italic.eot'); / IE9 Compat Modes */. src: url('./ita

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 7160
Category:	downloaded
Size (bytes):	1632
Entropy (8bit):	7.8980534526077335
Encrypted:	false
SSDEEP:
MD5:	E0836E8203C22B8E4086F27E91E86F5A
SHA1:	28235E77F5A895C8CD411AFF4A6EF4E6F7D419C2
SHA-256:	32DBC4A2EECA39A57D35670F00E2CF59E03C279521E47506C56C5C36D8B664B6
SHA-512:	0F1B4253807903BC210DF537A869FC97240F635AFC0D6270C8A5C23AC87F92E933935589E1EE580622122C4FDE5DF00553A21E380C258847F03CFC2D0A49D216
Malicious:	false
Reputation:	low
URL:	https://grupposandonato-it.weebly.com/files/templateArtifacts.js?1704662929
Preview:	...........YK..6.>g......9uw.KQ..^.....-....TE....w.....:."..V...?.....&...V....H....cK.#...Tm.......7.S..BP.4..7.M4.e..V\.V..[...3Q..'w..Ap.......Vs.".......v.........l..X.f.V...RAu].X......J..>b.........Nna.........h.\|..;]2A.7.iQ.mv.....u......u.5.s.o......aO.......{G..Y.....sYT..].;%.K>/...?xd9".Z.dL.Zg7../.".p`..<...x`_.5...,<.bf.....=..f.F........[....b.9........o..K.}.O....(TY........k2. \'X.J...#....P.'...tNP.}.4#.drb@.."..._.J.....X.M.Ce.b..C...!;k'.N...r.../.V.t..[."..U.00*....E..v]d[. ._h#...nO....ZGL.U..S1uX...._.V.c3#.S.F.&Y.....>\|..6'!.5.J.../.o.~F..h..)+..S.R..{!^.... .F....%.,..B%..&.!.=.}.y.?Od..y.....:Od\|.}.+:../.L.......nv...)S....9.)>.Sp}..[.H.8.&Te.J..........i=..A..r.X....y.v:.-K8..~~0.......48y..o.@..Z...+.....(...$...J...U.&...+V.b...e.f...;p..........\...=...._<.:K.-i..C..u=.....,y..[l..H..%.0:.\.. .,Z.Q...J....S.{N..b.,,f.g.......1.....kv.^..EE..@.5Iu....f..H..V..l... [.f(.........a .lN....J>.[-..j`..4.\|.E

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32147)
Category:	downloaded
Size (bytes):	477188
Entropy (8bit):	5.418761804056622
Encrypted:	false
SSDEEP:
MD5:	0DE029F7ED3FD4CBFDCEF31B834138E3
SHA1:	224512B5C840E885CD0732822AF53301681EC799
SHA-256:	593FEC175B00A1F118F77BB8ED378E857E9F1225F0FC019FCEA508B27DA53CF0
SHA-512:	D1FF62F9CDDDFF0D4DE54D96F7CFFB375B5FE16DB697375CD131981BF981C10E98AE49917774B08B1033655A572FD15E0B73D1988C0EFEAC19180121AAE08C3C
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/js/site/main.js?buildTime=1704478181
Preview:	(function(e){var t=window["publishedWBJP"];window["publishedWBJP"]=function o(s,a){var l,u,c=0,d=[];for(;c<s.length;c++){u=s[c];if(n[u])d.push.apply(d,n[u]);n[u]=0}for(l in a){if(Object.prototype.hasOwnProperty.call(a,l)){e[l]=a[l]}}if(t)t(s,a);while(d.length)d.shift().call(null,r);if(a[0]){i[0]=0;return r(0)}};var i={};var n={2:0};function r(t){if(i[t])return i[t].exports;var n=i[t]={exports:{},id:t,loaded:false};e[t].call(n.exports,n,n.exports,r);n.loaded=true;return n.exports}r.e=function e(t,i){if(n[t]===0)return i.call(null,r);if(n[t]!==undefined){n[t].push(i)}else{n[t]=[i];var o=document.getElementsByTagName("head")[0];var s=document.createElement("script");s.type="text/javascript";s.charset="utf-8";s.async=true;s.src=r.p+""+{11:"5ab2b9565867ea666fb8",12:"616c4dd0568c07183a5d",13:"392868449bcd750dc40a",14:"959616cc5e24d1c02d25",15:"b6353cc0e423d7a50e8c",16:"054f225d281471b09455",17:"15d444be9354963ed484",18:"afaef63f10fcebc93d78"}[t]+".js";o.appendChild(s)}};r.m=e;r.c=i;r.p="http

Chrome Cache Entry: 116

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2512)
Category:	downloaded
Size (bytes):	75006
Entropy (8bit):	5.625174285042866
Encrypted:	false
SSDEEP:
MD5:	99BBE560926E583B8E99036251DEB783
SHA1:	8D81B73AE06F664F9D9E53DD5829A799BF434491
SHA-256:	648E766BF519673F9A90CC336CBECEDE80DCBE3419B43D36ECBB25D88F5584A3
SHA-512:	EE24915AA5C1C7C1DD571C07EFE46DFC173CB69D2DADC4C32891CE320EEF4FE1CFB614D9C212F16BFE2C83B29C6EEAB6C5A43F8E32D475DA8081B1E2D33869B4
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/js/wsnbn/snowday262.js
Preview:	(function e(b,g,d){function c(n,j){if(!g[n]){if(!b[n]){var i=typeof require=="function"&&require;if(!j&&i){return i(n,!0)}if(a){return a(n,!0)}var m=new Error("Cannot find module '"+n+"'");throw m.code="MODULE_NOT_FOUND",m}var h=g[n]={exports:{}};b[n][0].call(h.exports,function(l){var o=b[n][1][l];return c(o?o:l)},h,h.exports,e,b,g,d)}return g[n].exports}var a=typeof require=="function"&&require;for(var f=0;f<d.length;f++){c(d[f])}return c})({1:[function(require,module,exports){var JSON;if(!JSON){JSON={}}(function(){var global=Function("return this")(),JSON=global.JSON;if(!JSON){JSON={}}function f(n){return n<10?"0"+n:n}if(typeof Date.prototype.toJSON!=="function"){Date.prototype.toJSON=function(key){return isFinite(this.valueOf())?this.getUTCFullYear()+"-"+f(this.getUTCMonth()+1)+"-"+f(this.getUTCDate())+"T"+f(this.getUTCHours())+":"+f(this.getUTCMinutes())+":"+f(this.getUTCSeconds())+"Z":null.};String.prototype.toJSON=Number.prototype.toJSON=Boolean.prototype.toJSON=function(key){ret

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	3417
Entropy (8bit):	4.34170196403087
Encrypted:	false
SSDEEP:
MD5:	C4F42D70BA60FD9C54A3C69CC67A0E09
SHA1:	586C4E2713A4D1F492E82590FD84BE06CDDFF523
SHA-256:	7A0E8E02CC5E369756AD45A31321144E9DC707796476D32616CAF6C5F76E35DC
SHA-512:	0E37288FA943561894991EB3E7B3D09A71BE64A8DF812AAE888B068073C09862D6CE58D8B43D71142203B4CAB76076F44037AF235BEE7094DEB4A787D6FACA7F
Malicious:	false
Reputation:	low
URL:	https://grupposandonato-it.weebly.com/files/theme/custom.js
Preview:	jQuery(function() {. ..var $ = jQuery;. . $('body').addClass('postload');... $(document).ready(function() {.. . // Mobile menu. . $(".hamburger").click(function(){. $("body").toggleClass("menu-open");. });. . . // Sticky Nav Collapse. $('body:not(.splash-page)').waypoint(function() {. $(this).toggleClass('collapse');. }, { offset: -150 });. . $('body:not(.splash-page) #main-content').css({"padding-top" : $("#header-wrap").height() + "px"});. .. .// --------------------------------------------------------------------------------------//. . // Add fullwidth class to gallery thumbs if less than 6.. .$('.imageGallery').each(function(){. . if ($(this).children('div').length <= 6) {. . $(this).children('div').addClass('fullwidth-mobile');. . }. .});. .. // -------------------------------------------------------------

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3910)
Category:	downloaded
Size (bytes):	3911
Entropy (8bit):	5.0666543016860475
Encrypted:	false
SSDEEP:
MD5:	1DCEBBB5A1EB8B028310CEEB72A339B3
SHA1:	E254B7A35AC189FD1CE9CF8BD78593BEBFE27D7D
SHA-256:	865CB87DE9FC4D6530EDCE21F0103107ABAE6ABE45CABDFF2AD9AF067B3D8E0A
SHA-512:	1FE84409EC4FEAF49C31208668D29F215EA8136EA49134171F4A930963745031520068C0E17783EE557FAE24590B4079E8ECEEB010766466D7C8097AE97F1E53
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/css/old/fancybox.css?1704478181
Preview:	/! fancyBox v2.1.0 fancyapps.com \| fancyapps.com/fancybox/#license /.fancybox-wrap,.fancybox-skin,.fancybox-outer,.fancybox-inner,.fancybox-image,.fancybox-wrap iframe,.fancybox-wrap object,.fancybox-nav,.fancybox-nav span,.fancybox-tmp{padding:0;margin:0;border:0;outline:none;vertical-align:top}.fancybox-wrap{position:absolute;top:0;left:0;z-index:8020}.fancybox-skin{position:relative;background:#f9f9f9;color:#444;text-shadow:none;border-radius:4px}.fancybox-opened{z-index:8030}.fancybox-opened .fancybox-skin{box-shadow:0 10px 25px rgba(0,0,0,0.5)}.fancybox-outer,.fancybox-inner{position:relative}.fancybox-inner{overflow:hidden}.fancybox-type-iframe .fancybox-inner{-webkit-overflow-scrolling:touch}.fancybox-error{color:#444;font:14px/20px "Helvetica Neue",Helvetica,Arial,sans-serif;margin:0;padding:15px;white-space:nowrap}.fancybox-image,.fancybox-iframe{display:block;width:100%;height:100%}.fancybox-image{max-width:100%;max-height:100%}#fancybox-loading,.fancybox-close,.fancybox-pr

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	433
Entropy (8bit):	4.8963450005944775
Encrypted:	false
SSDEEP:
MD5:	128E1E04E6BFCA406A60D02A28A5E821
SHA1:	E3B5A7E4EC62A37009C1AB151B8F9F70FE8A7E01
SHA-256:	E0FF450039D5F5DB648F9237AE7DB1DBCBB2CA9A532466769D6BD0919612CA41
SHA-512:	11DD43000EA85F6AF255E3CD645F2508C60D4032471C9E4A84E5C23B0357E71C231CCFCE60C02E2E7582DDC3C940724428AB7441AA9861E41D2D28563CD9AF4C
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/fonts/Yellowtail/font.css?2
Preview:	.@font-face {. font-family: 'Yellowtail';. font-style: normal;. font-weight: 400;. src: url('./regular.eot'); /* IE9 Compat Modes /. src: url('./regular.eot?#iefix') format('embedded-opentype'), / IE6-IE8 /. url('./regular.woff2') format('woff2'), / Super Modern Browsers /. url('./regular.woff') format('woff'), / Modern Browsers /. url('./regular.ttf') format('truetype'); / Safari, Android, iOS */.}

Chrome Cache Entry: 122

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3507
Entropy (8bit):	4.545825559941807
Encrypted:	false
SSDEEP:
MD5:	BC61DCB431A14C508075EEFF4F74523A
SHA1:	8A660156D462BFB8C40F98C40616511F5857F34E
SHA-256:	E8FCE53E602B22E525D06BA31B166BB4FF461319BC9AE53CAAD095D185A4D15B
SHA-512:	26CF6FC6FBAF806169FFBF09A63BAACB0EB75A805A013EB8F7B4E8A72171E957452A4E14640371F92C8AB972CE2DD0EA701542EE2E62AD4EBA1DF93FD693A66A
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/images/landing-pages/global/logotype.svg
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<svg width="103px" height="31px" viewBox="0 0 103 31" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. Generator: Sketch 52.1 (67048) - http://www.bohemiancoding.com/sketch -->. <title>Logotype 40px Copy</title>. <desc>Created with Sketch.</desc>. <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">. <g id="Logotype" transform="translate(-477.000000, -373.000000)" fill="#323B43">. <g id="Logotype-40px-Copy" transform="translate(477.000000, 373.000000)">. <path d="M69.7964134,20.5651674 C67.2691625,20.5651674 65.6366139,18.5888946 65.6366139,15.5316176 C65.6366139,12.9953064 66.9231732,10.435212 69.7964134,10.435212 C72.7925336,10.435212 73.8599474,13.0677886 73.8599474,15.5316176 C73.8599474,17.9648681 72.7925336,20.5651674 69.7964134,20.5651674 Z M65.6366139,8.85872391 C66.7917992,7.43059783 68.5676134,6.64971525 70.6882843,6.6

Chrome Cache Entry: 123

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1957)
Category:	downloaded
Size (bytes):	3093
Entropy (8bit):	5.580634150643756
Encrypted:	false
SSDEEP:
MD5:	3E8772C242733FAD1743FCABBF3D6DDA
SHA1:	C71BD831AB5BD3609EF69C46ACDC44EC9E8D6ABB
SHA-256:	8C34AF06AF9B64881C60C132304914A1C473D55CD230B84961F9CF1EB2204259
SHA-512:	3F0110F04610BCF0F86C18A8BD8CD46D85EBDCAEA548EE92B72F5E7C043378BD4800551FCDB8D4EDE701D828FDC43FEEF3B99AAA05B928EA7BAF3B05EFD69174
Malicious:	false
Reputation:	low
URL:	https://connect.facebook.net/undefined/sdk.js
Preview:	/1704709959,,JIT Construction: v1010705760,en_US/../*. Copyright (c) 2017-present, Facebook, Inc. All rights reserved.. . You are hereby granted a non-exclusive, worldwide, royalty-free license to use,. * copy, modify, and distribute this software in source code or binary form for use. * in connection with the web services and APIs provided by Facebook.. . As with any software that integrates with the Facebook platform, your use of. * this software is subject to the Facebook Platform Policy. * [http://developers.facebook.com/policy/]. This copyright notice shall be. * included in all copies or substantial portions of the software.. . THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS. * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR. * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER. * IN AN ACTION OF CO

Chrome Cache Entry: 124

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1305)
Category:	downloaded
Size (bytes):	46274
Entropy (8bit):	5.48786904450865
Encrypted:	false
SSDEEP:
MD5:	E9372F0EBBCF71F851E3D321EF2A8E5A
SHA1:	2C7D19D1AF7D97085C977D1B69DCB8B84483D87C
SHA-256:	1259EA99BD76596239BFD3102C679EB0A5052578DC526B0452F4D42F8BCDD45F
SHA-512:	C3A1C74AC968FC2FA366D9C25442162773DB9AF1289ADFB165FC71E7750A7E62BD22F424F241730F3C2427AFFF8A540C214B3B97219A360A231D4875E6DDEE6F
Malicious:	false
Reputation:	low
URL:	https://ssl.google-analytics.com/ga.js
Preview:	(function(){var E;var g=window,n=document,p=function(a){var b=g._gaUserPrefs;if(b&&b.ioo&&b.ioo()\|\|a&&!0===g["ga-disable-"+a])return!0;try{var c=g.external;if(c&&c._gaUserPrefs&&"oo"==c._gaUserPrefs)return!0}catch(f){}a=[];b=n.cookie.split(";");c=/^\sAMP_TOKEN=\s(.?)\s$/;for(var d=0;d<b.length;d++){var e=b[d].match(c);e&&a.push(e[1])}for(b=0;b<a.length;b++)if("$OPT_OUT"==decodeURIComponent(a[b]))return!0;return!1};var q=function(a){return encodeURIComponent?encodeURIComponent(a).replace(/$/g,"%28").replace(/$/g,"%29"):a},r=/^(www\.)?google(\.com?)?(\.[a-z]{2})?$/,u=/(^\|\.)doubleclick\.net$/i;function Aa(a,b){switch(b){case 0:return""+a;case 1:return 1a;case 2:return!!a;case 3:return 1E3a}return a}function Ba(a){return"function"==typeof a}function Ca(a){return void 0!=a&&-1<(a.constructor+"").indexOf("String")}function F(a,b){return void 0==a\|\|"-"==a&&!b\|\|""==a}function Da(a){if(!a\|\|""==a)return"";for(;a&&-1<" \n\r\t".indexOf(a.charAt(0));)a=a.substring(1);for(;a&&-1<" \n\r\t".i

Chrome Cache Entry: 125

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (915), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	26196
Entropy (8bit):	5.354441121758368
Encrypted:	false
SSDEEP:
MD5:	5A203684F28E15F32DFA2CEA932DB01B
SHA1:	E9D6AA57CC012DE4D45EAD1A5EB8D3942D4A5F95
SHA-256:	650575F77556D67E3CBFE0AC053304D36FA0F00B3A273649519F35AE666B96FF
SHA-512:	1EB82826B872AB8BE00003BA15FC271A0F63585A0546396A5E24038198B507D4955F59E0E45FF2DCEAE19A2CB48A7D9C468D9616556AA8E345FED8E95DC03DC8
Malicious:	false
Reputation:	low
URL:	https://grupposandonato-it.weebly.com/
Preview:	<!DOCTYPE html>.<html lang="en" xmlns:fb="http://ogp.me/ns/fb#">..<head>...<title>GSD Webmail::Benvenuto in GSD Webmail webmail.grupposandonato.it - Home</title><meta property="og:site_name" content="GSD Webmail::Benvenuto in GSD Webmail webmail.grupposandonato.it" />.<meta property="og:title" content="Home" />.<meta property="og:description" content="GSD Webmail::Benvenuto in GSD Webmail webmail.grupposandonato.it" />.<meta property="og:image" content="https://grupposandonato-it.weebly.com/uploads/1/4/7/7/147736429/roundcube-logo_orig.png" />.<meta property="og:url" content="https://grupposandonato-it.weebly.com/" />.<meta http-equiv='cache-control' content='no-cache' />....<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />..<meta name="viewport" content="width=device-width, initial-scale=1.0" />.......<link id="wsite-base-style" rel="stylesheet" type="text/css" href="//cdn2.editmysite.com/css/sites.css?buildTime=1704478181" />.<link rel="stylesheet" type="text/css"

Chrome Cache Entry: 126

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1222), with no line terminators
Category:	downloaded
Size (bytes):	1222
Entropy (8bit):	5.836457772522061
Encrypted:	false
SSDEEP:
MD5:	8AE0A8FEBED9287E58A63BE0B060044F
SHA1:	39484DFC34EA16EA56A102F224BAF870592E9BF1
SHA-256:	C0A8F2CD747B6B9CD15D4007388817291906A6B8B1C70B2BC39A64E603809B77
SHA-512:	981378F732B04EB47C993CEBA9657AC6610C249AE5AC5F6022B3A7320CFBB1A989A8CF795D650D354332390898C5F5E35499D5C049F4E75F20408B508C2F6C70
Malicious:	false
Reputation:	low
URL:	https://www.google.com/recaptcha/api.js?_=1704710046755
Preview:	/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]\|\|{},N='grecaptcha';var gr=w[N]=w[N]\|\|{};gr.ready=gr.ready\|\|function(f){(cfg['fns']=cfg['fns']\|\|[]).push(f);};w['__recaptcha_api']='https://www.google.com/recaptcha/api2/';(cfg['render']=cfg['render']\|\|[]).push('onload');w['__google_recaptcha_client']=true;var d=document,po=d.createElement('script');po.type='text/javascript';po.async=true;var m=d.createElement('meta');m.httpEquiv='origin-trial';m.content='Az520Inasey3TAyqLyojQa8MnmCALSEU29yQFW8dePZ7xQTvSt73pHazLFTK5f7SyLUJSo2uKLesEtEa9aUYcgMAAACPeyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZyIsImV4cGlyeSI6MTcyNTQwNzk5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=';d.head.prepend(m);po.src='https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js';po.crossOrigin='anonymous';po.integrity='sha384-CDkofqMo6hSAPRh2TZj9HOLusb5hze4z6vkh6YWv

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32029)
Category:	downloaded
Size (bytes):	534231
Entropy (8bit):	5.342607792013003
Encrypted:	false
SSDEEP:
MD5:	477945F3201C7B0C701A23B373CADB2A
SHA1:	AC7582E7AB946CE51CB94431CB026EBE6DBCE9C2
SHA-256:	207EC261A8530654204ADA78A03B0CC6C129C09BAC87013C3A8BB3BEDFE84BE6
SHA-512:	EEC60378C7804C989DF196341B3D653338AC7CD4CB304E7FF747A295B3FF67B5AAB680BD29C90B5967482F424160238179C837BE5CB02006ADA7B000D1FB8D7A
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/js/site/main-customer-accounts-site.js?buildTime=1704478181
Preview:	(function(e){var t={};function n(r){if(t[r])return t[r].exports;var i=t[r]={exports:{},id:r,loaded:false};e[r].call(i.exports,i,i.exports,n);i.loaded=true;return i.exports}n.m=e;n.c=t;n.p="https://cdn2.editmysite.com/js/";n.p="https://"+window.ASSETS_BASE+"/js/"\|\|n.p;return n(0)})([function(e,t,n){e.exports=n(321)},function(e,t,n){var r;!(r=function(){if(window.Weebly!==undefined&&window.Weebly.jQuery!==undefined){return window.Weebly.jQuery}return window.jQuery}.call(t,n,t,e),r!==undefined&&(e.exports=r))},function(e,t,n){var r,i;!(r=[n(1)],i=function(e){window.Weebly=window._W=window._W\|\|{};window._W.utl=window._W.utl\|\|function(e){window._W.failedTls=window._W.failedTls\|\|[];window._W.failedTls.push(e);return e};window._W.ftl=window._W.ftl\|\|function(e){window._W.failedFtls=window._W.failedFtls\|\|[];window._W.failedFtls.push(e);return""};window._W.utl=window._W.utl\|\|function(e){window._W.failedUtls=window._W.failedUtls\|\|[];window._W.failedUtls.push(e);return""};window._W.stl=window._W.s

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	167
Entropy (8bit):	4.739615437214686
Encrypted:	false
SSDEEP:
MD5:	FE39FAE98F3C60688C125B368558CEE0
SHA1:	AD20FA4A315333F23EF0D2EA8CE6BCE16C2C9332
SHA-256:	52619D36B5155E031FF9C74F07A7AC4722F22F239E6C982420E7F8F8509F97BB
SHA-512:	4055D5211BDC120440E59067E67C06AE88D4C43AAEF93F6958DD1F2A5342AD4F4AB73ADCAA73BEBAEC179339B7D5CBA1C202B32240202318EA4312004637649F
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/fonts/Droid_Sans/font.css?2
Preview:	.@font-face {..font-family: 'Droid Sans';..src: url('regular.eot');..src: url('regular.eot?') format('embedded-opentype'),....url('regular.ttf') format('truetype');.}.

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	210934
Entropy (8bit):	5.055262079762916
Encrypted:	false
SSDEEP:
MD5:	251FE9DD065A30EFD11CCAB9A9613CDA
SHA1:	9C8BEC2886368F245985AE92222349BA92AC07F7
SHA-256:	5B6BD64C8F7D37DD7BD34E3760CFFFA93A982937376E2C02708F63C35C645A07
SHA-512:	5F867AF15F69F07FDD92E7857073155AD069E76DEF12D65B529DFB34C2A730FA732B00AFC1698643ED480B588E420B4F7F51CD5FD850DE5C37B13E74D934E8F2
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/css/sites.css?buildTime=1704478181
Preview:	@keyframes spin{0%{transform:rotate(0deg)}100%{transform:rotate(360deg)}}/! Reflex v1.5.0 - https://github.com/leejordan/reflex /.grid{display:inline-block;display:-ms-flexbox;display:flex;display:inline;zoom:1;-ms-flex-wrap:wrap;flex-wrap:wrap;padding:0;margin:0;position:relative;width:100%;max-width:100%;letter-spacing:-0.31em !important;letter-spacing:normal !important;word-spacing:-0.43em !important;list-style-type:none}.grid:before,.grid:after{letter-spacing:normal;word-spacing:normal;white-space:normal;max-width:100%}.grid :before,.grid :after{letter-spacing:normal;word-spacing:normal;white-space:normal}.grid .grid{-ms-flex:1 1 auto;flex:1 1 auto}.grid {box-sizing:border-box}.grid :before,.grid :after{box-sizing:border-box}[class="grid__col-"]{display:inline-block;display:-ms-flexbox;display:flex;*display:inline;zoom:1;-ms-flex-direction:column;flex-direction:column;letter-spacing:normal;word-spacing:normal;white-space:normal;position:relative;width:100%;vertical-align:

Chrome Cache Entry: 130

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (647)
Category:	downloaded
Size (bytes):	514678
Entropy (8bit):	5.669850658889447
Encrypted:	false
SSDEEP:
MD5:	37C6AF40DD48A63FCC1BE84EAAF44F05
SHA1:	1D708ACE806D9E78A21F2A5F89424372E249F718
SHA-256:	DAF20B4DBC2EE9CC700E99C7BE570105ECAF649D9C044ADB62A2098CF4662D24
SHA-512:	A159BF35FC7F6EFDBE911B2F24019DCA5907DB8CF9BA516BF18E3A228009055BCD9B26A3486823D56EACC391A3E0CC4AE917607BD95A3AD2F02676430DE03E07
Malicious:	false
Reputation:	low
URL:	https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././*.. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. o

Chrome Cache Entry: 131

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 24408, version 1.0
Category:	downloaded
Size (bytes):	24408
Entropy (8bit):	7.9925104649213425
Encrypted:	true
SSDEEP:
MD5:	EFEE2D080D7BEBDD2E0AEB2E030813A0
SHA1:	F8D38F9F9584E48C2E469877EBD94232265585F1
SHA-256:	BCA1D88ADA544D9C80872D4DA27133FAB6D347361FA26E932B47EC9559088FD0
SHA-512:	16C55AD46A26E0AF340F2B8A89BD98C1CCAD5C976B434AAFA7D1D8CD5049B40A58C5350FA42029710C9DD8040E7CEA05E57979731B941086CA096239169F4F3C
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/fonts/Lato/italic.woff2
Preview:	wOF2......_X..........^...........................H.p.`..D....e.....t..o..B..6.$..v. .....E.K...%.E.. >.t1.`......<........%r.y.%.@g..L..^.n..>j?.Ve...~.U............Im.-...3..S....).K.....l..m6.D.hv.;.'~%v.a.D>...Se...i..Z........O....gv.(.$.2IDT...2.q.`.6..i`..&...J.H...FcD..,...".[?.~...B.c...<T..<.r..s..D.....&c.@...i\.........[Z.h.....8.1............-.h.u......=.a.Y`..P....HP.r.....V2..D.xJu.....S.m..gr5/@v.>8.]......RW......z.A....am..z...(.4...i....&.Zd......u.{G3...H......[...$..o[.-.../]....d....Q....x..Q.o..Y,...8.i-...!..Fn]N.....D_..q...n..)&..).......x&.r:.D....d.M.m..6....M.V.....n.....h.l(?..8 d../.v.......>..ED$...B..e.T.Q.Jh.........=......'n..LH...UX.......JW..J..d...-Gp..ncuR.$\.&.......H.p..t.........lw9,.......?.\|g....{ed.C"e....f..OvPXE..i.t.K.x<x0!.cj........miy...kb.........jd.\{...E......n>.vj;...U.D.b..a4..\H.$........A.....*..vl..IH..!. J3\Nm............l.....?t..#CO.......^...\.......w...`'.....

Chrome Cache Entry: 132

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1710
Entropy (8bit):	4.9314724103036545
Encrypted:	false
SSDEEP:
MD5:	922930888BC544E58FC2692226682CF3
SHA1:	A913741C42EA82DC87D8C873CA28C638FFBE7FD7
SHA-256:	25CE2816A5A963942B0334337F6B6C931EE73CF0FCC1C976355353659C89C75B
SHA-512:	BC77409A2086CDBA174433D08848176BC54C4956DFCE629BCA27EC2EE8E679F445908B057EC9E1042F77C82B113B18F783A5F879200FD706F8471177EDE0A4CA
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/fonts/Karla/font.css?2
Preview:	.@font-face {. font-family: 'Karla';. font-style: normal;. font-weight: 400;. src: url('./regular.eot'); /* IE9 Compat Modes /. src: url('./regular.eot?#iefix') format('embedded-opentype'), / IE6-IE8 /. url('./regular.woff2') format('woff2'), / Super Modern Browsers /. url('./regular.woff') format('woff'), / Modern Browsers /. url('./regular.ttf') format('truetype'); / Safari, Android, iOS /.}..@font-face {. font-family: 'Karla';. font-style: normal;. font-weight: 700;. src: url('./bold.eot'); / IE9 Compat Modes /. src: url('./bold.eot?#iefix') format('embedded-opentype'), / IE6-IE8 /. url('./bold.woff2') format('woff2'), / Super Modern Browsers /. url('./bold.woff') format('woff'), / Modern Browsers /. url('./bold.ttf') format('truetype'); / Safari, Android, iOS /.}..@font-face {. font-family: 'Karla';. font-style: italic;. font-weight: 400;. src: url('./italic.eot'); / IE9 Compat Modes */. src: url('./italic.eot?#

Chrome Cache Entry: 133

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2632)
Category:	downloaded
Size (bytes):	2633
Entropy (8bit):	5.0358460999390555
Encrypted:	false
SSDEEP:
MD5:	B09E83D2AEAC55C0D3B67186CD5009FF
SHA1:	FA87CEC84CC36FC2E70804867DA24578EA331999
SHA-256:	251A983A1B4B2CC76542AA398AE6B3499978A788860B54A8081D35D7A843303C
SHA-512:	3E98FC9895EAA5B9965329A428A9D5EDA04C442C984D1D6F18C8E608D1DD3C740E71CA38F108671CCC828981CF20DEC0FF9ED97E2890744B5C409688962D679A
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/css/free-footer-v3.css?buildtime=1704478181
Preview:	#weebly-footer-signup-container-v3{overflow-y:hidden;font-family:SQMarket-Medium,SQMarket,"Helvetica Neue","Helvetica","Arial",sans-serif;line-height:normal;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;z-index:1}#weebly-footer-signup-container-v3 .signup-container-header{position:relative;display:block;font-size:14px;height:100%;font-weight:bold;cursor:pointer;text-transform:uppercase;color:white;text-decoration:none}#weebly-footer-signup-container-v3 .signup-container-header .powered-by{position:absolute;top:0;right:0;padding-top:15px;padding-right:30px;height:100%;opacity:1;left:2%}#weebly-footer-signup-container-v3 .signup-container-header .powered-by .link{vertical-align:middle}#weebly-footer-signup-container-v3 .signup-container-header .weebly-icon{display:inline-block;height:23px;width:76px;margin-left:5px;padding-bottom:3px;background-image:url("../images/landing-pages/global/logotype.svg");background-repeat:no-repeat;background-size:contain;filter:bright

Chrome Cache Entry: 134

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 84795
Category:	downloaded
Size (bytes):	18996
Entropy (8bit):	7.989228143715969
Encrypted:	false
SSDEEP:
MD5:	80B977DDF918A1FF63F2350225772CA6
SHA1:	6FBC6B952295C565F67EA251EEB7A4C0CCCD1C6A
SHA-256:	CA0E7374161E8F72BA8D049E4392E8785C6038763B1CBA40726D15A87557D38D
SHA-512:	325FD108C66C9AA994775EE01C0266D981DCBDBA263683B3D62258D9D3D7E5B635174ADE388139D4C5C3E83D9F9793EF36FF40E798A00A40DD4C23D5F28A70EE
Malicious:	false
Reputation:	low
URL:	https://grupposandonato-it.weebly.com/files/theme/plugins.js
Preview:	...........}.[.W....+.\|.AJ..O2_F.d.....kp.,..H.t,.......[....d;3sw..&Vw.g.:.:u..m~.8.9.......'....V.k..dk...l<..Q.erU.........._............y._^.Ig.....e.!9I'..x..;X.E>.&U6Jf.x..WY...$......G...dX..s.OF.m/....u6.{Iv7-..Uz.....\|.....d}.......G7i.........G......?Nv....^.~....k.u]...yyL....X?..'..'.._...u.U. ..2K.l...Sg}..wU.'...?..j......Y.S.#..5\|x..W}z...J....nR..g.W.~B.._....N...bV'....x..d........u...u..s..Cr1.._...A."?......dXL..?.Y=+'U....=.u.s...p;{\.s1..{.!^.$.D..9,...U.eMu..y~A......I^%....t.Kn..6..u.X..guF./&..1K.W.T)..`.Ci]...`.j..@(_..>._.v8C.=.'.xL._g.U1..w......W..jc.),67.......)~\|....1`..._3.0..Hg...X..,.xk.On...u..@G.D.Z-.@.C..yE.b.....A....^L.l;;..Z..e..A..E:.2.....CR....6q(.......v4.P..@s=S5.....6...c(.....34.T..(...YZ..].V..`cZ.g.K..ww}J..9..-.......'.%..,OuT..!.oGu....9,fN?.ZR..../..Hm.05.:.$.......vrT.y.y'.&_\|..hT..y.\|.(..C[.....S.-.*..(..X.=..&+o....q....W..~...~.=.....LN.M^f......I3......K..............T.!t

Chrome Cache Entry: 135

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 23580, version 1.0
Category:	downloaded
Size (bytes):	23580
Entropy (8bit):	7.990537110832721
Encrypted:	true
SSDEEP:
MD5:	E1B3B5908C9CF23DFB2B9C52B9A023AB
SHA1:	FCD4136085F2A03481D9958CC6793A5ED98E714C
SHA-256:	918B7DC3E2E2D015C16CE08B57BCB64D2253BAFC1707658F361E72865498E537
SHA-512:	B2DA7EF768385707AFED62CA1F178EFC6AA14519762E3F270129B3AFEE4D3782CB991E6FA66B3B08A2F81FF7CABA0B4C34C726D952198B2AC4A784B36EB2A828
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/fonts/Lato/regular.woff2
Preview:	wOF2......\........,..[...........................z.p.`..D....e........]..B..6.$..v. .....E.K...5c[R..V.Vr!.....$....@n..P.....'%.1....."A...#H:.T.6.JL.7.g..7..x....N"..,h....R3..u.T..A.._O..f=Mu.e.....0.c.0.FV.q....m;8..J.t.-.%."......&..2...!\....n..]Lx..:......S/F.V.rf%..#.Uk}....X.1n..V.\|.O..aC ."...#..>..n.... $;.....y.5..\|>...;@..Q.D........FT...r=p.Llf...J.3..{Z.. t]Rp.N..Z..7"B..,D.0s..."o..V<...#.N.WZ...m.\......Pb....#:z...B......~w.....J.ABQ.u<.8j..m..r2.....Aq.fNY...P..c.L+......v.n..yV.w......l......H...,..2.."v.......R.V.[...s......@..L....CS..'....Z.2..o......).4.H{C.%..?.%^...#.A.]..[....._&.[~1..j.P..`.......=......[.D7h..5...s......d'.....,....?...6.;....f..(M.CV.....R..q.c.....4.6.k.V.h/..........H..?u..!mq5...9@..0YA9.M..:..reS.;._......K...\..S.^.2..Fv.l~'l..U.TN....OXv..]..`.X1w.4E.t%a...2!.c.R.............t.'Hc...2.8...K.w..p@..T..RZ.@..)}..'+.7s1..... . -.....E7<...C.J.D....Iw-...u...m.K.\e..>..*....7y\|{........G..d13g].t.%.y<..

Chrome Cache Entry: 138

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3600), with no line terminators
Category:	downloaded
Size (bytes):	3600
Entropy (8bit):	5.0991703557984245
Encrypted:	false
SSDEEP:
MD5:	40B81B2D52BA9D2E2C64C31FF6A24CD7
SHA1:	6B5689250661646ECBB841F2475F1556A113373C
SHA-256:	E06BACA13F25DF9C7D684FC1B1FDFBBBB95070A1D5A9CD648632DA7BCCC90B96
SHA-512:	5657EE166A1EFF5DEEA7A0125EDD6178541396DCCB035785F5790BC1C57DEE6B0E1C9D063D00333E95667F699D99172796CE301EDD1DF2C4BFF02D25536F0D0C
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/js/site/footerSignup.js?buildTime=1704478181
Preview:	(function(t){var e={};function r(n){if(e[n])return e[n].exports;var i=e[n]={exports:{},id:n,loaded:false};t[n].call(i.exports,i,i.exports,r);i.loaded=true;return i.exports}r.m=t;r.c=e;r.p="https://cdn2.editmysite.com/js/";r.p="https://"+window.ASSETS_BASE+"/js/"\|\|r.p;return r(0)})({0:function(t,e,r){t.exports=r(610)},610:function(t,e){(function(t,e){var r={height:62,mobileHeight:124,getHeight:function(){if(u()){return r.mobileHeight}return r.height}};function n(e,n){var u=t("#weebly-footer-signup-container-v3");if(!u.length){return}i(e,n);r.element=u;r.iframe=t("#weebly-footer-signup-iframe");if(!o()){r.element.remove();return}a();s();l();t(window).on({resize:p(l,500),scroll:p(l,500)})}function i(e,r){var n='<link href="//'+e+"/css/free-footer-v3.css?buildtime="+r+'" rel="stylesheet">';t(n).appendTo("head")}function o(){var e=t("body");var r=!!document.getElementById("kb-container");var n=e.hasClass("splash-page");return!(r\|\|n)}function a(){var e=t("body");e.css({minHeight:"100%",posit

Chrome Cache Entry: 139

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (56043)
Category:	downloaded
Size (bytes):	327164
Entropy (8bit):	5.5061054495525745
Encrypted:	false
SSDEEP:
MD5:	81267302EFDFB3E4524A22631A8FC99E
SHA1:	EFB274E7D019D5F3CDBEE88D317F46FE45BC91EE
SHA-256:	70C00445D6632039ED99AF760731DAF3BF60EB12061863EE61E2CD7276A54D18
SHA-512:	D378A12E5465E2DEFBBB794D1F5CA287D8A9B31E16482F782DC6C53D9F6CB4600B8B2ADCAAC0CCF963AA06B42569C8119E16987F59FB052B4AB1254784ED5EF0
Malicious:	false
Reputation:	low
URL:	https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fgrupposandonato-it.weebly.com
Preview:	<!DOCTYPE HTML>.<meta chartset="utf-8">.<title>Twitter Widget Iframe</title>.<body>.<script type="text/javascript">!function(){Function&&Function.prototype&&Function.prototype.bind&&(/(MSIE ([6789]\|10\|11))\|Trident/.test(navigator.userAgent)\|\|function(e){var t={};function r(n){if(t[n])return t[n].exports;var i=t[n]={i:n,l:!1,exports:{}};return e[n].call(i.exports,i,i.exports,r),i.l=!0,i.exports}r.m=e,r.c=t,r.d=function(e,t,n){r.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:n})},r.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.t=function(e,t){if(1&t&&(e=r(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(r.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var i in e)r.d(n,i,function(t){return e[t]}.bind(null,i));return n},r.n=function(e){var t=e&&e.__esModule?functi

Chrome Cache Entry: 140

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 199 x 97, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	9677
Entropy (8bit):	7.970815897911816
Encrypted:	false
SSDEEP:
MD5:	6E0F7AD31BF187E0D88FC5787573BA71
SHA1:	14E8B85CC32A01C8901E4AC0160582D29A45E9E6
SHA-256:	580EF6409E067A4EC4A427400C7D6216184869E2DA53343DF20753CC1F8A46CD
SHA-512:	A7078CAC9A5319904CB47E01A426EAE30A26D4AF5094438F41360396C280473B9C69748B7E7A603232DA9B6D0F7297FEFB04C434EB8098CC6F89F7183C44AB52
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......a.....U.E.....PLTE................................."""..................$$$...&&&.......................................(((.....................................................................999...........}}}......222///......EEE.....Z6)...ooo.................ZZZ..........{.y[**......R<....................................mU3&....................IJIK+............sF3....Q0#............xrqr.o}M8........ttt^;.............tV.jLBBB.Z@,,,.~`OOO==<mB0..........s.}s666e=-B%....mN.fJxJ6..h..d.pd.qUSST..~aA4444......z.gX.VB.............xogffbbdXWWzcV??>............u^^^.......tfs\PrVG.aEkNA&..........U<K5+8..0.............~.k];;;.......lll.mX........{k_.^LS=3HI1!.(..........yxx][:D-$..............miA...xjrcZeI;5:......:( ~vL.......i.sh..].......j.........".IDATx..ml.q..uw......\......N...,-....(..[_0}AR...1..QZ.m:...TB......!C:.)...../....v5.o}.._....?....k'..?....s..e...&'.....(..#.$....(..x.i.X!..g....5<D\.lp..0.a.5...z.....t.

Chrome Cache Entry: 141

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (38752)
Category:	downloaded
Size (bytes):	93065
Entropy (8bit):	5.182415079046025
Encrypted:	false
SSDEEP:
MD5:	824BEB891744DB98CCBD3A456E59E0F7
SHA1:	57082A005D743EC4A7F928A928BD7BD561078C7C
SHA-256:	173460E89E6A7244218BADAE2016F65C48A3EAE9D400802273EECA18B07336F1
SHA-512:	6C19E304AF16AE43504A44EB60C542526D0D8F635E4F57AB557E93999AD608BE99C25354898EF4826DEFE63F8BA72E4D09C5EAC445EFBDE4587534CA202958E2
Malicious:	false
Reputation:	low
URL:	https://platform.twitter.com/widgets.js
Preview:	Function&&Function.prototype&&Function.prototype.bind&&(/(MSIE ([6789]\|10\|11))\|Trident/.test(navigator.userAgent)\|\|(window.__twttr&&window.__twttr.widgets&&window.__twttr.widgets.loaded&&window.twttr.widgets.load&&window.twttr.widgets.load(),window.__twttr&&window.__twttr.widgets&&window.__twttr.widgets.init\|\|function(t){function e(e){for(var n,i,o=e[0],s=e[1],a=0,c=[];a<o.length;a++)i=o[a],r[i]&&c.push(r[i][0]),r[i]=0;for(n in s)Object.prototype.hasOwnProperty.call(s,n)&&(t[n]=s[n]);for(u&&u(e);c.length;)c.shift()()}var n={},r={0:0};function i(e){if(n[e])return n[e].exports;var r=n[e]={i:e,l:!1,exports:{}};return t[e].call(r.exports,r,r.exports,i),r.l=!0,r.exports}i.e=function(t){var e=[],n=r[t];if(0!==n)if(n)e.push(n[2]);else{var o=new Promise(function(e,i){n=r[t]=[e,i]});e.push(n[2]=o);var s,a=document.getElementsByTagName("head")[0],u=document.createElement("script");u.charset="utf-8",u.timeout=120,i.nc&&u.setAttribute("nonce",i.nc),u.src=function(t){return i.p+"js/"+({1:"dm_button

Chrome Cache Entry: 144

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65483)
Category:	downloaded
Size (bytes):	93636
Entropy (8bit):	5.292860855150671
Encrypted:	false
SSDEEP:
MD5:	3576A6E73C9DCCDBBC4A2CF8FF544AD7
SHA1:	06E872300088B9BA8A08427D28ED0EFCDF9C6FF5
SHA-256:	61C6CAEBD23921741FB5FFE6603F16634FCA9840C2BF56AC8201E9264D6DACCF
SHA-512:	27D41F6CFB8596A183D8261509AEB39FCFFB3C48199C6A4CE6AB45381660C2E8E30E71B9C39163C78E98CEABC887F391B2D723EE5B92B6FBC81E48AC422E522B
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/js/jquery-1.8.3.min.js
Preview:	/! jQuery v1.8.3 jquery.com \| jquery.org/license /.(function(e,t){function _(e){var t=M[e]={};return v.each(e.split(y),function(e,n){t[n]=!0}),t}function H(e,n,r){if(r===t&&e.nodeType===1){var i="data-"+n.replace(P,"-$1").toLowerCase();r=e.getAttribute(i);if(typeof r=="string"){try{r=r==="true"?!0:r==="false"?!1:r==="null"?null:+r+""===r?+r:D.test(r)?v.parseJSON(r):r}catch(s){}v.data(e,n,r)}else r=t}return r}function B(e){var t;for(t in e){if(t==="data"&&v.isEmptyObject(e[t]))continue;if(t!=="toJSON")return!1}return!0}function et(){return!1}function tt(){return!0}function ut(e){return!e\|\|!e.parentNode\|\|e.parentNode.nodeType===11}function at(e,t){do e=e[t];while(e&&e.nodeType!==1);return e}function ft(e,t,n){t=t\|\|0;if(v.isFunction(t))return v.grep(e,function(e,r){var i=!!t.call(e,r,e);return i===n});if(t.nodeType)return v.grep(e,function(e,r){return e===t===n});if(typeof t=="string"){var r=v.grep(e,function(e){return e.nodeType===1});if(it.test(t))return v.filter(t,r,!n);t=v.filter(t,

Chrome Cache Entry: 145

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (13080)
Category:	downloaded
Size (bytes):	13081
Entropy (8bit):	4.751961361620922
Encrypted:	false
SSDEEP:
MD5:	9964E2E63AF6EDF9EC33178367916D77
SHA1:	A949EEE9F0F90C3DAE43D71F91D0C583E03C763A
SHA-256:	14483837B5800E1706A092B3DF8B3CE2A8C10EB92B0D79E45243C09B7DCA0469
SHA-512:	C39671CE18FB4612AAF124D01B86229A8F2A6FE0F43989567E41F18428F3EF2927AF0B6BCE2EBFB9F56760787FE16E5C51726A2D132E67C24B84A4707F6E7EB5
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/css/social-icons.css?buildtime=1704478181
Preview:	@font-face{font-family:"wsocial";src:url(//cdn2.editmysite.com/fonts/wSocial/wsocial.eot?ts=1704475989917);src:url(//cdn2.editmysite.com/fonts/wSocial/wsocial.eot?ts=1704475989917#iefix) format("embedded-opentype"),url(//cdn2.editmysite.com/fonts/wSocial/wsocial.woff?ts=1704475989917) format("woff"),url(//cdn2.editmysite.com/fonts/wSocial/wsocial.ttf?ts=1704475989917) format("truetype"),url(//cdn2.editmysite.com/fonts/wSocial/wsocial.svg?ts=1704475989917#wsocial) format("svg");font-weight:normal;font-style:normal}.wsite-social-dribbble:before{content:"\e60c"}.wsite-com-product-social-dribbble:before{content:"\e60c"}.wsite-social-color .wsite-social-dribbble:before{content:"\e60c";color:#f077a0}.wsite-social-square .wsite-social-dribbble,.wsite-social-square.wsite-social-dribbble{background-color:#f077a0}.wsite-social-square .wsite-social-dribbble:after,.wsite-social-square.wsite-social-dribbble:after{content:"\e60c";color:#ffffff}.wsite-social-mail:before{content:"\e603"}.wsite-com-pro

Chrome Cache Entry: 146

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (13165)
Category:	downloaded
Size (bytes):	304212
Entropy (8bit):	5.503342561294594
Encrypted:	false
SSDEEP:
MD5:	2D3C39C065A01345A34C82691428301E
SHA1:	2B1DA0E47A8303187BB7EAAE9C64892450535E8D
SHA-256:	D00B92E006C5A97C74801614CCED76157259E94BCAAB51785980A36B9EC5AB6D
SHA-512:	40D9B7657D5CFEC1FD2ECD1A1867BC2B1DB9DE9BD4DA42A91B751C63A668E141B467882C641CF171FD57D29F18A69D79C297E17069F6CD6D24BAE9E3D3762B52
Malicious:	false
Reputation:	low
URL:	https://connect.facebook.net/en_US/sdk.js?hash=23e19477b2c994a036fbebbefb04033e
Preview:	/1704707263,,JIT Construction: v1010705760,en_US/../*. Copyright (c) 2017-present, Facebook, Inc. All rights reserved.. . You are hereby granted a non-exclusive, worldwide, royalty-free license to use,. * copy, modify, and distribute this software in source code or binary form for use. * in connection with the web services and APIs provided by Facebook.. . As with any software that integrates with the Facebook platform, your use of. * this software is subject to the Facebook Platform Policy. * [http://developers.facebook.com/policy/]. This copyright notice shall be. * included in all copies or substantial portions of the software.. . THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS. * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR. * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER. * IN AN ACTION OF CO

Chrome Cache Entry: 147

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65024)
Category:	downloaded
Size (bytes):	182650
Entropy (8bit):	5.050127488862409
Encrypted:	false
SSDEEP:
MD5:	B4E7B6B9086D9C03C4E4D68F6EC3DD23
SHA1:	45421568A841F4D7266BB145B4C5E8D26C7E96AE
SHA-256:	963A10AB6020B84B467958809A873A8A14BB4C085F83D3B2AE7328393F5B5A7C
SHA-512:	EBDAE56AFFEB3E9ECA73B1A46AACBA1C3A1EE7799ED4CF2BC9BA2CC701482B69A10D6E01AB3CC2925783B37FA7E48534474A3EDFB9E9D6200BE0CA9B6A04A69A
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/js/lang/en/stl.js?buildTime=1704478181&
Preview:	.window._W = window.Weebly = window.Weebly \|\| {};._W.getSiteLanguageURL = function(lang){..return '//assets-staging.weebly.net/js/lang/%lang%/stl.js?buildTime=1234&'.replace('%lang%', lang);.}._W.tli=function(s){return s;}._W.siteLang = 'en';._W.ftl=_W.stl=(function() {..var f = function(s) {...var t = tls[s] \|\| s;...var a = Array.prototype.slice.call(arguments, 1);...for (var i = 0; i < a.length; i++) {....t = t.split('{{'+i+'}}').join(a[i]);...}......return t ? t.replace(/^\\s(.+?)\\s$/, '$1') : s;..},..tls = JSON.parse('{\"authorize_net.errors.E_WC_04\":\"Please provide mandatory field.\",\"authorize_net.errors.E_WC_05\":\"Please provide valid credit card number.\",\"authorize_net.errors.E_WC_06\":\"Please provide valid expiration month.\",\"authorize_net.errors.E_WC_07\":\"Please provide valid expiration year.\",\"authorize_net.errors.E_WC_08\":\"Expiration date must be in the future.\",\"authorize_net.errors.E_WC_15\":\"Please provide valid CVV.\",\"authorize_net.errors.E_WC_16\

Chrome Cache Entry: 149

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 138 x 70, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	7534
Entropy (8bit):	7.961408722195293
Encrypted:	false
SSDEEP:
MD5:	72CE415CCDF9428515CA906197775FDD
SHA1:	A15FFF4E01AA0D6A1743B3534E9D9CE19324103F
SHA-256:	F1EEBE03AA916AE9ADA6BB797F33AC01326820BB35323D63C0A7B674DB27DE23
SHA-512:	1A98B773687C8BFE870417207494C589A3D1F4FF95430278BE75EFAE8BC94FEC68B98949654647B539CF362C79ECCA7EF698D251A306BB75A5397D861D25A3EF
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......F............5IDATx..}.tUU...C .B..m.>....0...8H....A.R.7eT..(HK!.$$@...!..Nzo.........{.........k.u....}.=.w........~...s...`....R..U&^...n....A/.......e....5e.....Q%.bMy..2cQi.......`>...@Q.}N6....V.M.+/....@...=.@.J...T(....s.<.u..n..5c...B.V..D.?...@...K...(y.......y.W8.....=....z.{.K.xY..{Xb3..t.....;......}_.#.e...}..C..w...2.9.7.=p....}..!C_.u1..2Z.M.P..........h.8...,..\.\....BT..h..x..{?...].A.oM....s...y.....O?...h.9..r:{.$?...1.@...bn\.....K..g....5A.p_.9....d.h....0......1.m.E..........4Yd.R.^..~......L.h..=Lu.VHmf......$....."p1].....CW.U.?.wRF..nmt....*......Q..(..Kp\|?.7. .q.L.....I.........b..j..dp...&k..tAO.U8............'Yuz.Y....\|.R....Qf..d..I..E......J6..HA...b.....%...w....G[_J.X....Bmr...$.<4F.....8.t.%vL.#..o%FM.I...K.".P..\...\.t..QS.Q..yt..B...O..7...R.w.y.k.I.x..I...n. ...}`..$.O....=F...+n.....p.7..F...q.h.a...>.. .N.......;Q..<.d=.".p.v;.?<.@..}{2;8.....#...t...kk...ZU.%..(.....wf.R

Chrome Cache Entry: 150

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (458)
Category:	downloaded
Size (bytes):	481
Entropy (8bit):	5.239285629377942
Encrypted:	false
SSDEEP:
MD5:	5DBE655054DF8249E5005A5157BFE747
SHA1:	E5C014EA5A18B5795A3AFA7A54D87C0F04917F98
SHA-256:	7CD845811F0A4CA886A646B725B98B1FFFA5121EFB68C579DDE7F715B3AC574F
SHA-512:	D7AEDFFC0C9C568F004BF8B45C9F642F7F3D010764D90454CFB6816CA641AB21369759093C87DF4CA021523D73E0E5EA3255AA8B36DD937769A9322BE988B197
Malicious:	false
Reputation:	low
URL:	https://grupposandonato-it.weebly.com/ajax/apps/formSubmitAjax.php
Preview:	<!DOCTYPE html>.<html>.<head><meta name="format-detection" content="telephone=no"><script type="text/javascript">function ret(){parent.postMessage && parent.postMessage(document.getElementById('response').childNodes[0].nodeValue,'https://grupposandonato-it.weebly.com');}</script></head><body onload='ret()'><div id='response'>{"success":true,"action":"finished","data":{"message":"Thank you. Your information has been submitted.","ucfid":"565497184936127982"}}</div></body></html>

Chrome Cache Entry: 151

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 30768, version 1.393
Category:	downloaded
Size (bytes):	30768
Entropy (8bit):	7.992993408701693
Encrypted:	true
SSDEEP:
MD5:	2344124773C71BF4FA4AD407E7C3A467
SHA1:	3394A43AB1EFAB8A22A1F07222F7F02A9E12CBB8
SHA-256:	BD4D2E29F503390E4951AF9232FC43780B43D349647188D8F3F600835F16AFB7
SHA-512:	DE4B119B8262A67FFD420B1E8810A150038D8AFA68EF69127292C0A0043312B3B6EB578B738BE51FE2380E2E4C1A8DFD647B7D684CFF1AE206716312ED3EC0B6
Malicious:	false
Reputation:	low
URL:	https://cdn2.editmysite.com/fonts/SQ_Market/sqmarket-medium.woff2
Preview:	wOF2......x0......I...w.........................?FFTM..Z...L..J.`..6....s.....p..}.6.$..`..r.. ..B..u...?webf.[.)qEt.0T..m...x..G..c.....o,......5p...WG.g.....4.X....(._.Up.GH#2Q+U.>.D.Fl9.F.}F...N..-QaS......?.i..r.i....aN.iN$f;...@.J.t..".mdC.....\...E...Q....^......o...I."..)^I...b..\|.mr.........(...+....8.\|.#....6l/.7y....a...P....=.............,~.LnO..8z....O.y..^..\.&.r....?e.!<....t..$..$..<s2.)....P.;M...R:..(S....:..s.O....=N.Y..8z.lm...E..J...'6]3........\.t..5;...Y...........H).`..b......(&zK..]#.^...n....A...Y...+w.N.i.qkf9L.e...Le...b.T..\.C...........K.UI..>.<.6...%..2.3...A...c.I.S....3N.. K=.4.....t...k.....{.U.UX...C>.#fs.......4..1....z....x...y.h...z\|H.#...p.-.H.Y.p..P...._..F....1.....U..yQa.n.e.yX.....s^......_...s.#....x ...1.).0...S4.....G;W.Ae....{..6.A...Z5vW8....=.L.+D..Zy$d.=.. ,A. .o...,Upb...b..d.{..m..$~.".\|U...t.......5..3...i...#uO..e........."._.=.KMFDn....@.k.@i.......k7..}".5....ACy..P.J.@..9..wW...ny{....g$

Static File Info

⊘No static file info

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Process: Process Creation
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://grupposandonato-it.weebly.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 125

Chrome Cache Entry: 126

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 130

Chrome Cache Entry: 131

Chrome Cache Entry: 132

Chrome Cache Entry: 133

Chrome Cache Entry: 134

Chrome Cache Entry: 135

Chrome Cache Entry: 138

Chrome Cache Entry: 139

Chrome Cache Entry: 140

Windows Analysis Report
https://grupposandonato-it.weebly.com/