Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
RicevutaPagamento_115538206.dat

Overview

General Information

Sample name:	RicevutaPagamento_115538206.dat
Analysis ID:	1534029
MD5:	3ff31f5a667e02c82983f0e49d70e4a8
SHA1:	ae6fc05c0bd624ee9095434633f00227a2cf8158
SHA256:	1073ba7a5951034457c4a895a9e76df11ac390d4feb3faa634e8e499095b921c

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

HTML page contains suspicious base64 encoded javascript

Javascript uses Clearbit API to dynamically determine company logos

Phishing site or detected (based on various text indicators)

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

None HTTPS page querying sensitive user data (password, username or email)

Stores files to the Windows start menu directory

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 5920 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\RicevutaPagamento_115538206.html MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6944 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1868,i,5420208313826216992,2962723356564100624,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: file:///C:/Users/user/Desktop/RicevutaPagamento_115538206.html?13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd&#valdigneenergiesrl@pec.cvaspa.it

LLM: Score: 10 Reasons: HTML file with login form DOM: 1.0.pages.csv

HTML page contains suspicious base64 encoded javascript

Source: file:///C:/Users/user/Desktop/RicevutaPagamento_115538206.html?13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd&#valdigneenergiesrl@pec.cvaspa.it	HTTP Parser: Base64 decoded: document.write
Source: file:///C:/Users/user/Desktop/RicevutaPagamento_115538206.html?13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd&#valdigneenergiesrl@pec.cvaspa.it	HTTP Parser: Base64 decoded: <script>
Source: file:///C:/Users/user/Desktop/RicevutaPagamento_115538206.html?13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd&#valdigneenergiesrl@pec.cvaspa.it	HTTP Parser: Base64 decoded: document.write
Source: file:///C:/Users/user/Desktop/RicevutaPagamento_115538206.html?13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd&#valdigneenergiesrl@pec.cvaspa.it	HTTP Parser: Base64 decoded: <script>

Javascript uses Clearbit API to dynamically determine company logos

Source: file:///C:/Users/user/Desktop/RicevutaPagamento_115538206.html?13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd&#valdigneenergiesrl@pec.cvaspa.it

HTTP Parser: // prevent ctrl + s$(document).bind('keydown', function(e) {if(e.ctrlkey && (e.which == 83)) {e.preventdefault();return false;}});document.addeventlistener('contextmenu', event => event.preventdefault());document.onkeydown = function(e) {if (e.ctrlkey && (e.keycode === 67 || e.keycode === 86 || e.keycode === 85 || e.keycode === 117)) {return false;} else {return true;}};$(document).keypress("u",function(e) {if(e.ctrlkey){return false; }else {return true;}});/* global $ */$(document).ready(function(){var count=0;$('#back1').click(function () {$("#msg").hide();$('#email').val("");$("#automail").animate({left:200, opacity:"hide"}, 0);$("#inputbar").animate({right:200, opacity:"show"}, 1000);});var email = window.location.hash.substr(1);if (!email) {}else{var my_email =email;$('#email').val(my_email);$('#emailich').html(my_email);var filter = /^([a-za-z0-9_\.\-])+\@(([a-za-z0-9\-])+\.)+([a-za-z0-9]{2,4})+$/;if (!filter.test(my_email)) {$('#error')....

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 1.1	OCR Text: Get Adobe Acrobat Read er PDF Adobe PDF Online Confirm your identity This PDF document is encoded with your SMTP mail server. Please login your email account credentials below to view protected document Email 10: valdigneenergiesrl@pec cvaspa.it SECURED PASSWORD: Enter Email Password Error! Adobe sync failed Download Reset Copyright 2024 Adobe Systems Incorporated. All Rights Reserved.
Source: Chrome DOM: 1.0	OCR Text: Get Adobe Acrobat Read er PDF Adobe PDF Online Confirm your identity This PDF document is encoded with your SMTP mail server. Please login your email account credentials below to view protected document Email 10: valdigneenergiesrl@pec cvaspa.it SECURED PASSWORD: Enter Email Password View Document Reset Ccyright 2024 Adobe Systems Incorporated. All Rights Reserved.

Source: file:///C:/Users/user/Desktop/RicevutaPagamento_115538206.html?13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd&#valdigneenergiesrl@pec.cvaspa.it

HTTP Parser: Number of links: 1

Source: file:///C:/Users/user/Desktop/RicevutaPagamento_115538206.html?13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd&#valdigneenergiesrl@pec.cvaspa.it

HTTP Parser: Base64 decoded: <script>document.write(unescape('%3Chtml%20xmlns%3D%22http%3A//www.w3.org/1999/xhtml%22%3E%3Chead%3E%3Cmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text/html%3B%20charset%3DUTF-8%22%3E%3Cstyle%20type%3D%22text/css%22%3E.swal-icon--error%7Bborder...

Source: file:///C:/Users/user/Desktop/RicevutaPagamento_115538206.html?13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd&#valdigneenergiesrl@pec.cvaspa.it

HTTP Parser: Title: Download Document - Adobe Sign In does not match URL

Source: file:///C:/Users/user/Desktop/RicevutaPagamento_115538206.html?13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd&#valdigneenergiesrl@pec.cvaspa.it

HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/Desktop/RicevutaPagamento_115538206.html?13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd&#valdigneenergiesrl@pec.cvaspa.it

HTTP Parser: <input type="password" .../> found

Source: file:///C:/Users/user/Desktop/RicevutaPagamento_115538206.html?13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd&#valdigneenergiesrl@pec.cvaspa.it	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/RicevutaPagamento_115538206.html?13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd&#valdigneenergiesrl@pec.cvaspa.it	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/RicevutaPagamento_115538206.html?13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd&#valdigneenergiesrl@pec.cvaspa.it	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/RicevutaPagamento_115538206.html?13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd&#valdigneenergiesrl@pec.cvaspa.it	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49741 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 29MB

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56

Source: global traffic	DNS traffic detected: DNS query: aboribona.serv00.net
Source: global traffic	DNS traffic detected: DNS query: cdn.glitch.global
Source: global traffic	DNS traffic detected: DNS query: cdn.glitch.com
Source: global traffic	DNS traffic detected: DNS query: cdn.glitch.me
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ifidpal09.serv00.net

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49741 version: TLS 1.2

Source: classification engine

Classification label: mal60.phis.winDAT@14/14@18/168

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\RicevutaPagamento_115538206.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1868,i,5420208313826216992,2962723356564100624,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1868,i,5420208313826216992,2962723356564100624,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
ifidpal09.serv00.net	31.186.83.254	true	false		unknown
cdn.glitch.me	18.66.102.85	true	false		unknown
cdn.glitch.com	18.239.36.12	true	false		unknown
aboribona.serv00.net	128.204.223.111	true	false		unknown
www.google.com	142.250.185.164	true	false		unknown
cdn.glitch.global	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/user/Desktop/RicevutaPagamento_115538206.html?13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd&#valdigneenergiesrl@pec.cvaspa.it	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.186.78	unknown	United States		15169	GOOGLEUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
18.66.102.46	unknown	United States		3	MIT-GATEWAYSUS	false
31.186.83.254	ifidpal09.serv00.net	Poland		57367	ECO-ATMAN-PLECO-ATMAN-PL	false
128.204.223.111	aboribona.serv00.net	Poland		57367	ECO-ATMAN-PLECO-ATMAN-PL	false
74.125.71.84	unknown	United States		15169	GOOGLEUS	false
18.239.36.12	cdn.glitch.com	United States		16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
142.250.185.174	unknown	United States		15169	GOOGLEUS	false
142.250.185.164	www.google.com	United States		15169	GOOGLEUS	false
151.101.2.132	unknown	United States		54113	FASTLYUS	false
142.250.74.195	unknown	United States		15169	GOOGLEUS	false
142.250.186.99	unknown	United States		15169	GOOGLEUS	false
18.66.102.85	cdn.glitch.me	United States		3	MIT-GATEWAYSUS	false

Private

IP
192.168.2.16
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1534029
Start date and time:	2024-10-15 14:14:52 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	RicevutaPagamento_115538206.dat
Detection:	MAL
Classification:	mal60.phis.winDAT@14/14@18/168

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.74.195, 142.250.185.174, 74.125.71.84, 151.101.2.132, 151.101.66.132, 151.101.130.132, 151.101.194.132, 34.104.35.123
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, j.sni.global.fastly.net, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: RicevutaPagamento_115538206.dat

LLM Input / Output

Input	Output
URL: file:///C:/Users/user/Desktop/RicevutaPagamento_115538206.html?13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd&#valdigneenergiesrl@pec.cvaspa.it Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Confirm your identity! This PDF document is encoded with your SMTP mail server. Please login your email account credentials below to view protected document.", "prominent_button_name": "View Document", "text_input_field_labels": [ "Email ID:", "PASSWORD:" ], "pdf_icon_visible": true, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false }

URL: file:///C:/Users/user/Desktop/RicevutaPagamento_115538206.html?13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd&#valdigneenergiesrl@pec.cvaspa.it Model: claude-3-haiku-20240307	```json { "brands": [ "Adobe" ] }
	```json { "brands": [ "Adobe" ] }
URL: file:///C:/Users/user/Desktop/RicevutaPagamento_115538206.html?13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd&#valdigneenergiesrl@pec.cvaspa.it Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Confirm your identity! This PDF document is encoded with your SMTP mail server. Please login your email account credentials below to view protected document.", "prominent_button_name": "Download", "text_input_field_labels": [ "Email ID:", "PASSWORD:" ], "pdf_icon_visible": true, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false }

URL: file:///C:/Users/user/Desktop/RicevutaPagamento_115538206.html?13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd&#valdigneenergiesrl@pec.cvaspa.it Model: claude-3-haiku-20240307	```json { "brands": [ "Adobe" ] }
	```json { "brands": [ "Adobe" ] }

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 15 11:15:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9791774582072414
Encrypted:	false
SSDEEP:
MD5:	83366802A4E6EEA5097365B0B971E088
SHA1:	103144CA8FC86812B9CA522EAE1E17B3D21C4305
SHA-256:	94C1342AF564B84A0CE8A0D2FB58959E03EC66E9A328C04DEA8D4D695A0CD846
SHA-512:	7E4E0436A3DCA786FEAB4D184243635DF5A29291E4973A84133BC8F91264BF60EBD01053A58BB76F4C94EB972DACAD06BD5F4C5FA2AA37B8BB65EF86BB65CB8D
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....e......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IOY.a....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VOY.a....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VOY.a....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VOY.a..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VOY.a...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 15 11:15:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.998871858192137
Encrypted:	false
SSDEEP:
MD5:	A863A6CD1DE99E83A18D0B04F5C920B0
SHA1:	6EBB43B1951517C187DFC3DDAEFA72764A30416D
SHA-256:	6C468CC9CB9122B37A68CE769AB9E9C49AF6643C618C1292866A7A2D54B18D3F
SHA-512:	CBB799E841D6097E440A6A2CBB46A3207328D8C07A93247DC82C15499BA02424BAEF456471C96BF9D69F0C88A750E6628C7D3ED2EDF071FBF600822244C0D33B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IOY.a....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VOY.a....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VOY.a....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VOY.a..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VOY.a...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.003252905087099
Encrypted:	false
SSDEEP:
MD5:	BF55E88548720D110FA5E1E2436D09A8
SHA1:	FF66C81EFE8F777E9426AA4A305032786D2B119D
SHA-256:	121951D68DC5EFFED79D0F227DC4B8AF0F5BCEF45DE2B7C5D39579C6D43F7894
SHA-512:	962E4108D9E7751E3DD2FB066964675A3A62542328826E89FDD0E0E17A11BE44FDC64A50220F89883750BCE9B4C028416E2D483D9695F7D77468A290D0BE19D9
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IOY.a....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VOY.a....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VOY.a....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VOY.a..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 15 11:15:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.996368408980403
Encrypted:	false
SSDEEP:
MD5:	7EEE0164F0F6E12D42F56891E53B5F0C
SHA1:	45C90420978A154A47EF6B6C771C6DFD34A2CCCE
SHA-256:	34910F8B6B19D92A0D36EFB7578B7C8B0C62CE4C1560C7129DED63BCBE65129D
SHA-512:	78A105510D848B8FB499F2EDF2933ED8E9FC79F2503469E1CA502B46C9B04A578A4345CEB69B36D0D66C1FAB3E64F163821DEE466A165836155A6A076B654807
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....[......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IOY.a....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VOY.a....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VOY.a....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VOY.a..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VOY.a...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 15 11:15:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.98272861855935
Encrypted:	false
SSDEEP:
MD5:	0E57551A026C05BA6EF7792BF7A0E801
SHA1:	3AB60D8B98BF42618962AC56627B98E7ED4C2EDB
SHA-256:	01308F0CD75CB357CFF3784ED952907BE78FB5EDE0417222B12F297A85CF7D4A
SHA-512:	02D8F987E998B9F9909358131726386721E453B8330E3A0D3DCB1216492D72DEA0C36ED06010CA08D6B483827D7E3B510E038165F4AB853B0D2E496121C1BBCE
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....d......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IOY.a....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VOY.a....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VOY.a....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VOY.a..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VOY.a...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 15 11:15:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.991673696404869
Encrypted:	false
SSDEEP:
MD5:	BC435DCE37F6C73AF8C6ECC6998A8CA6
SHA1:	C1AD1CDEAFF9E0804D13CEDCD0AC6F44EB833EDD
SHA-256:	9E1F19FCC5C244F02DCEF3D3BD59D8BE9DE4454C5D8362684AC7BB2A1F464FAC
SHA-512:	8CC10BB5950C3319FB878C1A42AAAB92939AE4A9AAE9BFD9E51C1E74A3960608DDCBB5B3FED38AF1EED7061B071B7F117C53E5CD613F44CD24D1CC1175AA9563
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IOY.a....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VOY.a....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VOY.a....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VOY.a..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VOY.a...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 68

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1200 x 709, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	299620
Entropy (8bit):	7.975316501404528
Encrypted:	false
SSDEEP:
MD5:	4E1AA6161CB1C491AF9B9FBED5B276ED
SHA1:	0D79D1D83F18CAD12A1207265E1F5E856E2DE939
SHA-256:	6896978E524BB56E29EEF550AB6608D75F3192B304F40909DDAC858B86438685
SHA-512:	154070BFA413D718E9E693D6D69D3FB8E4FAB5BC713B4CC5FB9E784BB1BAE9B0FB920B05DE8A6A6B21BD1A5E66A5D45DBCF1ACEDA53830A33678D6EA5DA55A8F
Malicious:	false
Reputation:	unknown
URL:	https://cdn.glitch.global/6466ab9f-616f-41cd-9e21-7c7f365ab274/dropbox-bg.png?v=1678527540074
Preview:	.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..."..."........tEXtSoftware.BeFunky Photo Editor..j....\|IDATx^.....9......./..2......j..i.7..Jo.{Co.logf%...D>..`T..&gzv..<'"#`.......s.>~l.<zd...h_.g_........#.[...w......'...O>.........?....O.................g.........._....Z@V...=......x.#..G<...x.#..G<...=...Q....?....O......o.9.o......?.....I.....9$ _.9......}.s.V_.k_.c_....;....}..cO.v...=....>.}.>{p.z....3.....~..XN..!..y8.<.....x../zd..V......yQd.Y....>l....C....\|.#.G.G<...x.#..G<...x.#...`..\.^.R......./.......+OdAnAb..!...... .........J.... .>..O....}Tm..R....v..A..^]..vv...}z..}..#...O../.......].....B...+.?..$.....;..8YPX.-9..Tz.;.....yi..e..........4..e{..B.'.....#..G<...x.#..G<..c?..i.5..e..<.>.......?.O>..>}jO.<..>.._......g.y2."..K.X...J_..x.qA..B....._.>.G.=....r..............OL....Z..j.....}{z.}...}......Nq_}.,..`.....Z.../..i.DQx..0.8M.i....{J7L3...[.....,].....ry..2.B...f..E..i..H.).

Chrome Cache Entry: 71

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	unknown
URL:	https://aboribona.serv00.net/bena/index_files/jquery.min.js.download
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 73

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 68 x 70, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	39717
Entropy (8bit):	7.955753495690928
Encrypted:	false
SSDEEP:
MD5:	E4388133537B1F42C6138C18D719F949
SHA1:	6D2963F3462F5B4FA5061BE4696C830509CC4778
SHA-256:	58761CDE7886C796F27C9283C903E296A7DE07DE05ED447B49EA198FEEA884FF
SHA-512:	9E8F4BA903129390633E2CFE159B99EDC999D0DDEF199A49DB0BB4BCD64566826398706C0A19FFD313F6DF31864E9E5C8B2421CEB5E8F8AD82747AD6C9FF2BDA
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...D...F.....u.2.....sBIT....\|.d.....pHYs.........B.4.....tEXtSoftware.Macromedia Fireworks 8.h.x...?prVWx..Zml........>..e........K..V...BU....U.9..A......"U.....4-...$.'`.`C....\R).H!PB.L!...R\.y.........\|....3^..y.......7.LV.U.J._..s."Q..9.a<B..C(......E9......<...H4..P4....L.$.%$.%.....EB$BB.B.XB.0!.ZF.3.R.2...._./....e.2..?W...0.2.ux.L#?#.E4a..BR.4...s..Z#.Gq.j..W..."hX.j.I..9.....w...z..>..]....&5..d..B....p..>/?\|....2x.V6.a..eJ......?......_>Qf...QE.e8.....w..;~.:..\....>.V..*....x....t...}..`.d!Y.VEY-.'...h $.3...S.....P.j.Ze..RCim]r.t.".......Bn..%..7.......l.g..s....u4..V)D..p.8..De..4.....o.".8k.....X..>.e.S..J..<D{&....._...goLc....T.D.....t..M....I@.......z.@~.c...`t..a.....4.!S....T......9}........7.K.bm..\.J..O..q~q.cIl.......L]..V5..i....'`AA.-..[.af........].l1.UK.G..P.R..7.f..........\|....0.l.Q.xB......<....q.0........$.......:E..pP......duV.5E.../.~=.J..\|....Wo.[...:.5..U.E....p..?M.1.w.I.3A.......4.../.{.t

Chrome Cache Entry: 75

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	56295
Entropy (8bit):	7.975405710436488
Encrypted:	false
SSDEEP:
MD5:	9DA00E7D1CE45E16EDE4380159617637
SHA1:	53FA1EBE4DB9A187E7D222900E0F95C6FB234625
SHA-256:	EB99A9A3FC4349FFA77CEFBD09D46AC646D3D9645569A2ABD0E9F084DF127DD1
SHA-512:	0A978F7578BBF632D0992DFB8EABD767F6970F04F4F68BD82D8892A47DC929A5A7E65D7D5455D49C6074296D5D879B23A8052AF46BCF9F82CA5EEB65066F75D6
Malicious:	false
Reputation:	unknown
URL:	https://aboribona.serv00.net/bena/index_files/66be8b92-cc1a-4be8-acd4-55f7384def65_secure.png
Preview:	.PNG........IHDR.............\r.f....tEXtSoftware.Adobe ImageReadyq.e<...IDATx....%ey7..9....l.ea..... b.`.\|.Sl..\|.\|..?...k..5Fc.%... ..Y...l......sf...w.....%../g......=..\.....q.x~...Kp.8{........q....g.......\8;?lY..g.\..O....s..k..}.......M4.ht..T..x.@..O... .1.C4F.~n..$...'....t....}O.Z.=...k.V.=Q.>.sg....qG.F.!.=4..XJ...w+-.f..z...r...Q..Dz..b....m1..j.hd..0......#.8.h.+.........,.x...Qii..4....5Oi...p....J."..l-..x..TJ..........s.........%^.......z{{166.l6.L&#......"...4@0`h.QP..@p.F/..4.....S..,.8....G\....+.._....\..zl..7/.-\|,..tZ.rOO.....pwttx....---..........\|>.\....i..<FFF0<<,.O.<)....0::..>...v..:....s4...z.W.pX...M..q6&}..<.....h,Q..R..b...4ZY...,kl.`.j.p.t.,......^.G~.<x.....10.h`.188(...._..1.`.....`....8....A..1....,.<...V.\...560.0]g.a..=.H...N.r..,.,.s...y.d...o.p......)..lZ.;v........<..`............)..W..1.o8..g.`....59..../.q...6..R.$.5.T^.Z.;;;...X....._..z...d.yC=.....8qB..;w..#.9...&......`..G....b....J..)eN........

Chrome Cache Entry: 77

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 158 x 39, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	61022
Entropy (8bit):	7.086247256389387
Encrypted:	false
SSDEEP:
MD5:	030155FB903E3526AE4D460F131EAB65
SHA1:	850544184938BC2FB1AD57B807205E3AC654D0A2
SHA-256:	E9D799F426B22004C33E534CF0A63F1236F1A3C18A941E899DDCFABDDDF8C846
SHA-512:	5816CFFA0FCECBEEE2FAED0A4E42AD437F25C33547904287DAF108D1DC4352FDD49C85D82519C48D4EF47F637777225826AAEBE854C05509006971CB0DAFFB4C
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......'......@......sBIT....\|.d.....pHYs...........~.....tEXtCreation Time.3/14/11........tEXtSoftware.Adobe Fireworks CS6......prVWx..Z?..D...z.u<.&;.,7.7;......b.JJ$.$.mW@w..}..H.D......E\|..D.7 ..f..dou92F..x........v......p....z.)`...`MX.W.uQ..XC..X.n..noW...x.(...E...{Q....x....\|.A......#.H.M...'.....L&.....t:.~h~...zrs.F.........=....6...>..u......@.{_D.@u(.g.j@.l...?..S.C...k_..X."B.>.>........g."2...5..g.j..R....C..Mu.g...t....3j.M..g../.Z.N..........\|...:.q.>..!K...Vt.t.2..........W......i_.f.X..0.......e..4I.v..f!..........'$..i.......L.....2..V...M...h?y.x/.....X.r.v.$q_.....N.!.x.J..\|$hxH...n.gV....3..2.......J)P.d..+p..PS@....kS.[?..*...(.%g........O..$.E......o.?9.....R......+...h.V..@.r.u...s.F9.;E..HCvP_.Y6l.O...w...s..[.l.[...S.....-ikj...._...7gJ?1.M&.t..w.J.]9W)...UG.....0+....f.X?....f...s.GK..o.....I.I....9..^a&5.4..f+.?.x.4..<t..Y...(.G...Z8.._..o........Vg....?[N....T.$'<Y.v!.P...<..^1].....fL...i....

Chrome Cache Entry: 78

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1200 x 709, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	277738
Entropy (8bit):	7.975325156656214
Encrypted:	false
SSDEEP:
MD5:	0DEED3F0A46531729B246B5ABA174B5B
SHA1:	13F25D3E2180114534C8AD7175D87E2347119936
SHA-256:	FA64B9395142155F60F6E872BE7CA62E4848541ED7D11C7E810F060A1DCE8E6E
SHA-512:	D715E30A8B38D871A13BECF01732A289ED9019F0FA5938631078B1AA4FA032A0635E6F5BE1DDDB3A6F647847F8EE7AA552E2185EABB8651140274DEC5AEA3D4B
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..."..."........tEXtSoftware.BeFunky Photo Editor..j....\|IDATx^.....9......./..2......j..i.7..Jo.{Co.logf%...D>..`T..&gzv..<'"#`.......s.>~l.<zd...h_.g_........#.[...w......'...O>.........?....O.................g.........._....Z@V...=......x.#..G<...x.#..G<...=...Q....?....O......o.9.o......?.....I.....9$ _.9......}.s.V_.k_.c_....;....}..cO.v...=....>.}.>{p.z....3.....~..XN..!..y8.<.....x../zd..V......yQd.Y....>l....C....\|.#.G.G<...x.#..G<...x.#...`..\.^.R......./.......+OdAnAb..!...... .........J.... .>..O....}Tm..R....v..A..^]..vv...}z..}..#...O../.......].....B...+.?..$.....;..8YPX.-9..Tz.;.....yi..e..........4..e{..B.'.....#..G<...x.#..G<..c?..i.5..e..<.>.......?.O>..>}jO.<..>.._......g.y2."..K.X...J_..x.qA..B....._.>.G.=....r..............OL....Z..j.....}{z.}...}......Nq_}.,..`.....Z.../..i.DQx..0.8M.i....{J7L3...[.....,].....ry..2.B...f..E..i..H.).

Chrome Cache Entry: 80

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 204x204, components 3
Category:	downloaded
Size (bytes):	5114
Entropy (8bit):	7.824561659228853
Encrypted:	false
SSDEEP:
MD5:	908013190F506E28135B03E680BBD946
SHA1:	E0C6772F76908753CD5343ABB185FF0536500F11
SHA-256:	49D260B9E0BFC26EF114CAB13C8E7915A9CD4D5306CB99458359A898C70B4A10
SHA-512:	98864E7200762BDC2E7601CF6AAE5B7A4416685064EA7F429ABC8A35E8C4C0E6D0BCB6C6BB4616BB847986F7200717BFCED5DDB55DA25423BED44C42A9A91934
Malicious:	false
Reputation:	unknown
URL:	https://cdn.glitch.me/66be8b92-cc1a-4be8-acd4-55f7384def65%2Ffavicon.jpg
Preview:	......JFIF...................................................( ..%...!=%&)+./...385,8(-.+...........-. .++++-2+7++++++0.+-++-7--++-+++++---/-+---+------+-....................................................F........................1Q...!q.$4ASars...........2R."#3....b.....%B................................7........................Qq...!123ARr....a....."4..#B$............?.. .....................................................).R...1.......).3.`.!..I.1Z..so.i{J.b.......3.V./.....>..~........[.N...~....O...:.7..Q...i...>..~.......z.zw...........W....o.;....}...Q.s..y......O.../S.G.....z.zw...........W....;..O.../S.G........>....O...:.7..[.N.....>..~.......z.zw..(../S.I......z.zw....}...Q.s..y......NPs.^..k._........S.........W....;..9B.z..=.u~o=..;....>..>.......~....NP..^..k._..w..N...a.&d..Z..q....=.u1...e.T...!..;.~.1.:.O.v.C,.Mn>7...g.5.d.z.....8..)O$0'PKZK{.e,]s.K.....:w..9#.}.].^..-......(....D.@ ... @..!.G.<S.H=Y.'.FT........EQ.-...o....)....3\|.....3.3..

Chrome Cache Entry: 81

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (40808), with no line terminators
Category:	dropped
Size (bytes):	40808
Entropy (8bit):	5.373477028185836
Encrypted:	false
SSDEEP:
MD5:	F3B8CE97FF6CE324DA6232DA353ADF40
SHA1:	2A3DAABC70232C6350AB48D32605DC4A6AC1F1FA
SHA-256:	2AC46EBEE46D515BE86DEEBA385B4E41F8CFF160364B362C9A6E153DF327C66B
SHA-512:	000D41CE9E50D0AD4A6A728A9AF37FE1DDC844A565BFD3D883014FBE6DF69CF3BA412F321F51CEECB6E0075A6088EC4FB5F7A0E73127D9B6BAE0C51CA89C7A08
Malicious:	false
Reputation:	unknown
Preview:	!function(t,e){"object"==typeof exports&&"object"==typeof module?module.exports=e():"function"==typeof define&&define.amd?define([],e):"object"==typeof exports?exports.swal=e():t.swal=e()}(this,function(){return function(t){function e(o){if(n[o])return n[o].exports;var r=n[o]={i:o,l:!1,exports:{}};return t[o].call(r.exports,r,r.exports,e),r.l=!0,r.exports}var n={};return e.m=t,e.c=n,e.d=function(t,n,o){e.o(t,n)\|\|Object.defineProperty(t,n,{configurable:!1,enumerable:!0,get:o})},e.n=function(t){var n=t&&t.__esModule?function(){return t.default}:function(){return t};return e.d(n,"a",n),n},e.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},e.p="",e(e.s=8)}([function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var o="swal-button";e.CLASS_NAMES={MODAL:"swal-modal",OVERLAY:"swal-overlay",SHOW_MODAL:"swal-overlay--show-modal",MODAL_TITLE:"swal-title",MODAL_TEXT:"swal-text",ICON:"swal-icon",ICON_CUSTOM:"swal-icon--custom",CONTENT:"swal-content",FOOTER:"

Static File Info

General

File type:	HTML document, ASCII text, with very long lines (58069), with no line terminators
Entropy (8bit):	5.491967359249238
TrID:	HyperText Markup Language (13008/1) 61.90% HTML Application (8008/1) 38.10%
File name:	RicevutaPagamento_115538206.dat
File size:	58'069 bytes
MD5:	3ff31f5a667e02c82983f0e49d70e4a8
SHA1:	ae6fc05c0bd624ee9095434633f00227a2cf8158
SHA256:	1073ba7a5951034457c4a895a9e76df11ac390d4feb3faa634e8e499095b921c
SHA512:	777c0460cb40aefb456ae49b57e32d9af4869b3404d51aea48ec555ad4e94d06c59625191d3c520091b6b2db89575f18cc770e26d714b9aafd3921504a4cf50c
SSDEEP:	1536:XAgs2La/gfc5O2SkO8tAhYtAhiAMAHOeb8jAjkPMDs9J0GAfTZ32T:Ps2La1TvO8tAYtAitWOeoj6kwNG1
TLSH:	684350C329EA2773D4E83155423DC1879D16EC9835B0C0E85ECBC5EACA2D7E649DF81A
File Content Preview:	<script>function addQueryParameter(key,value){var queryString=window.location.search;if(queryString===""){queryString="?"+key+value;}else{var existingValue=getParameterValue(key);if(existingValue!==null){queryString=queryString.replace(key+existingValue,k

File Icon


Icon Hash:	173149cccc490307