Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://cgd-assinar.com

Overview

General Information

Sample URL:	https://cgd-assinar.com
Analysis ID:	1572434

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Stores files to the Windows start menu directory

Suspicious form URL found

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 7040 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6340 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1936,i,13757569397943795275,12285217997816688737,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3564 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cgd-assinar.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://cgd-assinar.com

Avira URL Cloud: detection malicious, Label: phishing

Source: https://cgd-assinar.com/login.php

HTTP Parser: Number of links: 0

Source: https://cgd-assinar.com/login.php

HTTP Parser: Base64 decoded: <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="348.333px" height="348.333px" viewBox="0 0 348.333 348.334" style="enable-background:new 0 0 348.333 348.334;" xml:space="preserve"><g>...

Source: https://cgd-assinar.com/login.php

HTTP Parser: Title: CGD does not match URL

Source: https://cgd-assinar.com/login.php

HTTP Parser: Form action: loading.php

Source: https://cgd-assinar.com/login.php

HTTP Parser: <input type="password" .../> found

Source: https://cgd-assinar.com/contacto.html

HTTP Parser: No favicon

Source: https://cgd-assinar.com/login.php

HTTP Parser: No <meta name="author".. found

Source: https://cgd-assinar.com/login.php

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49756 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 23MB later: 31MB

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: cgd-assinar.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: static.cgd.pt
Source: global traffic	DNS traffic detected: DNS query: www.cgd.pt
Source: global traffic	DNS traffic detected: DNS query: cdn.contactcenterworld.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: cgd.pt

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49756 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@20/20@22/111

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1936,i,13757569397943795275,12285217997816688737,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cgd-assinar.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1936,i,13757569397943795275,12285217997816688737,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cgd-assinar.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Extra Window Memory Injection	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://cgd-assinar.com	100%	Avira URL Cloud	phishing

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
cgd-assinar.com	193.143.1.14	true	false		unknown
code.jquery.com	151.101.2.137	true	false		high
static.cgd.pt	195.234.134.176	true	false		unknown
www.google.com	172.217.21.36	true	false		high
1271207372.rsc.cdn77.org	185.93.2.12	true	false		unknown
cgd.pt	195.234.134.131	true	false		unknown
www.cgd.pt	195.234.134.174	true	false		unknown
cdn.contactcenterworld.com	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cgd-assinar.com/login.php	true		unknown
https://cgd-assinar.com/loading.php	true		unknown
https://cgd-assinar.com/contacto.html	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.217.19.227	unknown	United States		15169	GOOGLEUS	false
172.217.19.238	unknown	United States		15169	GOOGLEUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
172.217.17.35	unknown	United States		15169	GOOGLEUS	false
172.217.17.46	unknown	United States		15169	GOOGLEUS	false
172.217.19.202	unknown	United States		15169	GOOGLEUS	false
151.101.2.137	code.jquery.com	United States		54113	FASTLYUS	false
142.250.181.106	unknown	United States		15169	GOOGLEUS	false
185.93.2.12	1271207372.rsc.cdn77.org	Czech Republic		60068	CDN77GB	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
195.234.134.131	cgd.pt	Portugal		25253	CGDNETPT	false
195.234.134.174	www.cgd.pt	Portugal		25253	CGDNETPT	false
195.234.134.176	static.cgd.pt	Portugal		25253	CGDNETPT	false
172.217.21.36	www.google.com	United States		15169	GOOGLEUS	false
193.143.1.14	cgd-assinar.com	unknown		57271	BITWEB-ASRU	false
173.194.222.84	unknown	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1572434
Start date and time:	2024-12-10 15:13:33 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://cgd-assinar.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@20/20@22/111

Warnings

Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.19.227, 172.217.19.238, 173.194.222.84
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://cgd-assinar.com

LLM Input / Output

Input	Output
URL: https://cgd-assinar.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://cgd-assinar.com
URL: https://cgd-assinar.com/login.php Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "Entrar", "text_input_field_labels": [ "N de contrato", "Cdigo de Acesso", "N de telemvel" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://cgd-assinar.com/files/jquery.js... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet is a part of the jQuery library, which is a widely used and reputable open-source library. It does not exhibit any high-risk behaviors such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code primarily involves utility functions and DOM manipulation typical of jQuery, with no indication of malicious intent. Therefore, it is considered low risk." }
/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license / !function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?n[o.call(e)]\|\|"object":typeof e}var f="3.6.0",S=function(e,t){return new S.fn.init(e,t)};function p(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n\|\|0===t\|\|"number"==typeof t&&0<t&&t-1 in e)}S.fn=S.prototype={jquery:f,constructor:S,length:0,toArray:function(){return s.call(this)},get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=S.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return S.each(this,e)},map:function(n){return this.pushStack(S.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(s.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(S.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(S.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject\|\|this.constructor()},push:u,sort:t.sort,splice:t.splice},S.extend=S.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]\|\|{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]\|\|{},s++),"object"==typeof a\|\|m(a)\|\|(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(S.isPlainObject(r)\|\|(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i\|\|S.isPlainObject(n)?n:{},i=!1,a[t]=S.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},S.extend({expando:"jQuery"+(f+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e\|\|"[object Object]"!==o.call(e))&&(!(t=r(e))\|\|"function"==typeof(n=v.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(p(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},makeArray:function(e,t){var n=t\|\|[];return null!=e&&(p(Object(e))?S.merge(n,"string"==typeof e?[e]:e):u.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:i.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){var r,i,o=0,a=[];if(p(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&a.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&a.push(i);return g(a)},guid:1,support:y}),"function"==typeof Symbol&&(S.fn[Symbol.iterator]=t[Symbol.iterator]),S.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){n["[object "+t+"]"]=t.toLowerCase()});var d=function(n){var e,d,b,o,i,h,f,g,w,u,l,T,C,a,E,v,s,c,y,S="
URL: https://cgd-assinar.com/login.php Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: https://cgd-assinar.com/files/jquery-mask.js... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet is part of a jQuery plugin for input masking, which is a common utility for formatting user input. It does not exhibit any high-risk or moderate-risk behaviors such as dynamic code execution, data exfiltration, or interaction with suspicious domains. The script primarily focuses on DOM manipulation related to input fields, which is typical for such plugins. There are no indicators of malicious intent or aggressive behaviors beyond standard input handling." }
/** * jquery.mask.js * @version: v1.14.16 * @author: Igor Escobar * * Created by Igor Escobar on 2012-03-10. Please report any bug at github.com/igorescobar/jQuery-Mask-Plugin * * Copyright (c) 2012 Igor Escobar http://igorescobar.com * * The MIT License (http://www.opensource.org/licenses/mit-license.php) * * Permission is hereby granted, free of charge, to any person * obtaining a copy of this software and associated documentation * files (the "Software"), to deal in the Software without * restriction, including without limitation the rights to use, * copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the * Software is furnished to do so, subject to the following * conditions: * * The above copyright notice and this permission notice shall be * included in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR * OTHER DEALINGS IN THE SOFTWARE. / / jshint laxbreak: true / / jshint maxcomplexity:17 / / global define */ // UMD (Universal Module Definition) patterns for JavaScript modules that work everywhere. // https://github.com/umdjs/umd/blob/master/templates/jqueryPlugin.js (function (factory, jQuery, Zepto) { if (typeof define === 'function' && define.amd) { define(['jquery'], factory); } else if (typeof exports === 'object' && typeof Meteor === 'undefined') { module.exports = factory(require('jquery')); } else { factory(jQuery \|\| Zepto); } }(function ($) { 'use strict'; var Mask = function (el, mask, options) { var p = { invalid: [], getCaret: function () { try { var sel, pos = 0, ctrl = el.get(0), dSel = document.selection, cSelStart = ctrl.selectionStart; // IE Support if (dSel && navigator.appVersion.indexOf('MSIE 10') === -1) { sel = dSel.createRange(); sel.moveStart('character', -p.val().length); pos = sel.text.length; } // Firefox support else if (cSelStart \|\| cSelStart === '0') { pos = cSelStart; } return pos; } catch (e) {} }, setCaret: function(pos) { try { if (el.is(':focus')) { var range, ctrl = el.get(0); // Firefox, WebKit, etc.. if (ctrl.setSelectionRange) { ctrl.setSelectionRange(pos, pos); } else { // IE range = ctrl.createTextRange(); range.collapse(true); range.moveEnd('character', pos); range.moveStart('character', pos); range.select(); } } } catch (e) {} }, events: function() { el .on('keydown.mask', function(e) { el.data('mask-keycode', e.keyCode \|\| e.which); el.data('mask-previus-value', el.val()); el.data('mask
URL: https://cgd-assinar.com/contacto.html... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The script updates the DOM with the current year, which is a benign operation with no harmful intent." }
document.getElementById("year").innerHTML = new Date().getFullYear();
URL: https://code.jquery.com/jquery-3.6.0.js... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "This is a standard jQuery library script, which is widely used and trusted. It does not exhibit any high-risk or suspicious behaviors. The script is part of a legitimate library with no harmful intent." }
/! jQuery JavaScript Library v3.6.0 * https://jquery.com/ * * Includes Sizzle.js * https://sizzlejs.com/ * * Copyright OpenJS Foundation and other contributors * Released under the MIT license * https://jquery.org/license * * Date: 2021-03-02T17:08Z / ( function( global, factory ) { "use strict"; if ( typeof module === "object" && typeof module.exports === "object" ) { // For CommonJS and CommonJS-like environments where a proper `window` // is present, execute the factory and get jQuery. // For environments that do not have a `window` with a `document` // (such as Node.js), expose a factory as module.exports. // This accentuates the need for the creation of a real `window`. // e.g. var jQuery = require("jquery")(window); // See ticket #14549 for more info. module.exports = global.document ? factory( global, true ) : function( w ) { if ( !w.document ) { throw new Error( "jQuery requires a window with a document" ); } return factory( w ); }; } else { factory( global ); } // Pass this if window is not defined yet } )( typeof window !== "undefined" ? window : this, function( window, noGlobal ) { // Edge <= 12 - 13+, Firefox <=18 - 45+, IE 10 - 11, Safari 5.1 - 9+, iOS 6 - 9.1 // throw exceptions when non-strict code (e.g., ASP.NET 4.5) accesses strict mode // arguments.callee.caller (trac-13335). But as of jQuery 3.0 (2016), strict mode should be common // enough that all such attempts are guarded in a try block. "use strict"; var arr = []; var getProto = Object.getPrototypeOf; var slice = arr.slice; var flat = arr.flat ? function( array ) { return arr.flat.call( array ); } : function( array ) { return arr.concat.apply( [], array ); }; var push = arr.push; var indexOf = arr.indexOf; var class2type = {}; var toString = class2type.toString; var hasOwn = class2type.hasOwnProperty; var fnToString = hasOwn.toString; var ObjectFunctionString = fnToString.call( Object ); var support = {}; var isFunction = function isFunction( obj ) { // Support: Chrome <=57, Firefox <=52 // In some browsers, typeof returns "function" for HTML <object> elements // (i.e., `typeof document.createElement( "object" ) === "function"`). // We don't want to classify any* DOM node as a function. // Support: QtWeb <=3.8.5, WebKit <=534.34, wkhtmltopdf tool <=0.12.5 // Plus for old WebKit, typeof returns "function" for HTML collections // (e.g., `typeof document.getElementsByTagName("div") === "function"`). (gh-4756) return typeof obj === "function" && typeof obj.nodeType !== "number" && typeof obj.item !== "function"; }; var isWindow = function isWindow( obj ) { return obj != null && obj === obj.window; }; var document = window.document; var preservedScriptAttributes = { type: true, src: true, nonce: true, noModule: true }; function DOMEval( code, node, doc ) { doc = doc \|\| document; var i, val, script = doc.createElement( "script" ); script.text = code; if ( node ) { for ( i in preservedScriptAttributes ) { // Support: Firefox 64+, Edge 18+ // Some browsers don't support the "nonce" property on scripts. // On the other hand, just using `getAttribute` is not enough as // the `nonce` attribute is reset to an empty string whenever it // becomes browsing-context connected. // See https://github.com/whatwg/html/issues/2369 // See https://html.spec.whatwg.org/#nonce-attributes // The `node.getAttribute` check was added for the sake of // `jQuery.globalEval` so that it can fake a nonce-containing node // via an object. val = node[ i ] \|\| node.getAttribute && node.getAttribute( i ); if ( val ) { script.setAttribute( i, val ); } } } doc.head.appendChild( script ).parentNode.removeChild( script ); } function toType( obj ) { if ( obj == null ) { return obj + ""; } // Support: Android <=2.3 only (functionish RegExp) return typeof obj === "object" \|\| typeof obj =
URL: https://cgd-assinar.com/contacto.html... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The script contains obfuscated code, which is a high-risk indicator (+3 points). It also performs aggressive DOM manipulation by setting attributes on multiple elements (+2 points). The script's purpose is unclear, and it uses complex logic and obfuscation, which could indicate suspicious behavior (+1 point). No clear data exfiltration or dynamic code execution is observed, but the obfuscation and aggressive manipulation warrant a medium risk score." }
(function(){ window.EqM=!!window.EqM;try{(function(){(function(a){var d=this[l("tnemucod")],g=[];try{a={" == f":!a};var h=d.getElementsByTagName("*");for(var k in h)if(a[" == f"])try{h[k].setAttribute("data-safe","true")}catch(m){g.push(m.message)}}catch(m){g.push(m.message)}return g;function l(m){var n="";for(var p in m)n=m[p]+n;return n}})(!0);var b=14; try{var ca,pa,ra=c(637)?0:1,ta=c(154)?1:0,ua=c(452)?0:1,wa=c(115)?1:0,ya=c(275)?1:0,Va=c(860)?0:1;for(var za=(c(330),0);za<pa;++za)ra+=(c(224),2),ta+=(c(298),2),ua+=c(778)?1:2,wa+=c(273)?2:1,ya+=c(635)?1:2,Va+=c(331)?2:3;ca=ra+ta+ua+wa+ya+Va;window.eb===ca&&(window.eb=++ca)}catch(a){window.eb=ca}var e=!0;function f(a,d){a+=d;return a.toString(36)} function Ca(a){var d=31;a&&(document[t(d,149,136,146,136,129,136,139,136,147,152,114,147,128,147,132)]&&document[t(d,149,136,146,136,129,136,139,136,147,152,114,147,128,147,132)]!==f(68616527635,d)\|\|(e=!1));return e}function t(a){var d=arguments.length,g=[];for(var h=1;h<d;++h)g.push(arguments[h]-a);return String.fromCharCode.apply(String,g)}function Fa(){}Ca(window[Fa[f(1086840,b)]]===Fa);Ca(typeof ie9rgb4!==f(1242178186185,b)); Ca(RegExp("\x3c")[f(1372191,b)](function(){return"\x3c"})&!RegExp(f(42875,b))[t(b,130,115,129,130)](function(){return"'x3'+'d';"})); var Ga=window[q(b,111,130,130,111,113,118,83,132,115,124,130)]\|\|RegExp(q(b,123,125,112,119,138,111,124,114,128,125,119,114),f(4,b))[q(b,130,115,129,130)](window["\x6e\x61vi\x67a\x74\x6f\x72"]["\x75\x73e\x72A\x67\x65\x6et"]),Ha=+new Date+(c(258)?6E5:301305),Ia,Ja,Ka,La=window[q(b,129,115,130,98,119,123,115,125,131,130)],Ma=Ga?c(333)?27801:3E4:c(590)?6121:6E3; document[q(b,111,114,114,83,132,115,124,130,90,119,129,130,115,124,115,128)]&&document[q(b,111,114,114,83,132,115,124,130,90,119,129,130,115,124,115,128)](q(b,132,119,129,119,112,119,122,119,130,135,113,118,111,124,117,115),function(a){var d=99;document[t(d,217,204,214,204,197,204,207,204,215,220,182,215,196,215,200)]&&(document[t(d,217,204,214,204,197,204,207,204,215,220,182,215,196,215,200)]===f(1058781884,d)&&a[q(d,204,214,183,213,216,214,215,200,199)]?Ka=!0:document[q(d,217,204,214,204,197,204, 207,204,215,220,182,215,196,215,200)]===f(68616527567,d)&&(Ia=+new Date,Ka=!1,A()))});function q(a){var d=arguments.length,g=[];for(var h=1;h<d;h++)g[h-1]=arguments[h]-a;return String.fromCharCode.apply(String,g)}function A(){if(!document[t(22,135,139,123,136,143,105,123,130,123,121,138,133,136)])return!0;var a=+new Date;if(a>Ha&&(c(61)?6E5:447974)>a-Ia)return Ca(!1);var d=Ca(Ja&&!Ka&&Ia+Ma<a);Ia=a;Ja\|\|(Ja=!0,La(function(){Ja=!1},c(309)?0:1));return d}A(); var Oa=[c(104)?17795081:18452554,c(412)?2147483647:27611931586,c(79)?1558153217:1146261245];function Pa(a){var d=35;a=typeof a===t(d,150,151,149,140,145,138)?a:a[q(d,151,146,118,151,149,140,145,138)](c(959)?44:36);var g=window[a];if(!g\|\|!g[t(d,151,146,118,151,149,140,145,138)])return;var h=""+g;window[a]=function(k,l){Ja=!1;return g(k,l)};window[a][q(d,151,146,118,151,149,140,145,138)]=function(){return h}}for(var Ta=(c(917),0);Ta<Oa[f(1294399191,b)];++Ta)Pa(Oa[Ta]);Ca(!1!==window[t(b,83,127,91)]); window.Ra=window.Ra\|\|{};window.Ra.uj="08ee9e742e16e80076ccfc592a5159a1f73e40a40347ea8d3aebed0dbaa8062337820711cd36fbe3ea10d521bf79e6d2d209c3117534e8a4bb89c673ac0656c0e04797a338bc617574f0a2ed040728898eda51a11352c48b06418f7c463a55dcffdfcc3be39dd5b0cb7414557c1147bdd345187a51f828773dd355d24aae97e63fec62c889dae292edcd642a6d72951232917da91d62f19173c4b74f9259769330c1439dcb3aaa45a4a3075aefb150fb3b03f77e9f0a6de79b35c4d2ec9f1d4f87ebd71ae9d9f8b40617771f767a0b9495029cf7bdf3f7ad557218125978a8c97bb0a8a810bf1f81fa965b32f7727a55";function B(a){var d=+new Date;if(!document[q(45,158,162,146,159,166,128,146,153,146,144,161,156,159,110,153,153)]\|\|d>Ha&&(c(519)?650939:6E5)>d-Ia)var g=Ca(!1);else g=Ca(Ja&&!Ka&&Ia+Ma<d),Ia=d,Ja\|\|(Ja=!0,La(function(){Ja=!1},c(470)?0:1));return!(arguments[a]^g)}function c(a){return 291>a} (function(){var a=/(A([0-9a-f]{1,4}:){1,6}(:[0-9a-f]{1,4}){1,1}Z)\|(A(([0-9a-f]{1,4}:){1,7
URL: https://cgd-assinar.com/loading.php Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://cgd-assinar.com/loading.php Model: Joe Sandbox AI	{ "brands": [ "Caixadirecta" ] }
	{ "brands": [ "Caixadirecta" ] }
URL: https://cgd-assinar.com/contacto.html Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://www.cgd.pt/errorpages/ruxitagentjs_ICA27NV... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The script includes a performance monitoring function that sets a cookie based on latency data. It does not exhibit high-risk behaviors such as dynamic code execution or data exfiltration. The use of cookies and performance timing is typical for analytics or performance monitoring, which aligns with legitimate purposes. However, the obfuscated nature of the cookie value and the lack of transparency about the data's destination warrant a moderate risk score." }
<!doctype html> <html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no, minimal-ui"> <script type="text/javascript" src="/ruxitagentjs_ICA27NVfijoqrux_10263230921131557.js" data-dtconfig="rid=RID_1253165811\|rpid=-829746885\|domain=cgd.pt\|reportUrl=/rb_bf03768tsx\|app=b376b8715e86187f\|cuc=9p0vz9fb\|mel=100000\|srdinitrec=1\|featureHash=ICA27NVfijoqrux\|dpvc=1\|lastModification=1732926292273\|srsr=2000\|tp=500,50,0,1\|rdnt=1\|uxrgce=1\|agentUri=/ruxitagentjs_ICA27NVfijoqrux_10263230921131557.js"></script><link rel="stylesheet" href="not-found.css"> <title>Pgina no encontrada</title> </head> <body> <div class="logo"> <p class="logo-img"><img src="logo-CGD.png"></p> </div> <div class="mensagem"> <p class="txt-mensagem"><strong>ESTA PGINA NO EXISTE</strong><br> </p> <div style="clear:both"></div> <p>Voltar homepage</p> </div> <div id="HPlink" style="width: 100%; text-align: center; float: left;"> <a class="go" title="Ir para a homepage do site" href="/">Homepage</a> </div> <footer> <div class="info-footer"> <p class="txt-copy"> <span id="year">2020</span> Caixa Geral de Depsitos</p> </div> </footer> <script> document.getElementById("year").innerHTML = new Date().getFullYear(); </script> </body> </html> <script id="f5_cspm">(function(){var f5_cspm={f5_p:'NNHKENELEEIADCIPCPCOGEGFONAHLJIOHPFPLNLMLBNPEOJEEHIOOFECECBFILMLPAJBOBKNAANBDJAMGPHADBBBAAIGKKFAAGMOPDKKGBMKPFKDKKMLOEEFGNLOIILM',setCharAt:function(str,index,chr){if(index>str.length-1)return str;return str.substr(0,index)+chr+str.substr(index+1);},get_byte:function(str,i){var s=(i/16)\|0;i=(i&15);s=s32;return((str.charCodeAt(i+16+s)-65)<<4)\|(str.charCodeAt(i+s)-65);},set_byte:function(str,i,b){var s=(i/16)\|0;i=(i&15);s=s32;str=f5_cspm.setCharAt(str,(i+16+s),String.fromCharCode((b>>4)+65));str=f5_cspm.setCharAt(str,(i+s),String.fromCharCode((b&15)+65));return str;},set_latency:function(str,latency){latency=latency&0xffff;str=f5_cspm.set_byte(str,40,(latency>>8));str=f5_cspm.set_byte(str,41,(latency&0xff));str=f5_cspm.set_byte(str,35,2);return str;},wait_perf_data:function(){try{var wp=window.performance.timing;if(wp.loadEventEnd>0){var res=wp.loadEventEnd-wp.navigationStart;if(res<60001){var cookie_val=f5_cspm.set_latency(f5_cspm.f5_p,res);window.document.cookie='3r2v0a21918003335aaaaaaaaaaaaaaaa_cspm_='+encodeURIComponent(cookie_val)+';path=/;'+'';} return;}} catch(err){return;} setTimeout(f5_cspm.wait_perf_data,100);return;},go:function(){var chunk=window.document.cookie.split(/\s;\s/);for(var i=0;i<chunk.length;++i){var pair=chunk[i].split(/\s=\s/);if(pair[0]=='m3p2s0c2'&&pair[1]=='1234') {var d=new Date();d.setTime(d.getTime()-1000);window.document.cookie='m3p2s0c2=;expires='+d.toUTCString()+';path=/;'+';';setTimeout(f5_cspm.wait_perf_data,100);}}}} f5_cspm.go();}());</script>
URL: https://cgd-assinar.com/contacto.html Model: Joe Sandbox AI	{ "brands": [ "Caixa Geral de Depsitos" ] }
	{ "brands": [ "Caixa Geral de Depsitos" ] }

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.014107519480242
Encrypted:	false
SSDEEP:
MD5:	E97CA7174774B827405A0A8D84CE933D
SHA1:	7AC4C8A524DB196F4B2E7DB324BA4D4A94F736F5
SHA-256:	303994FDFA93E41711F3D258185355A9EB19963F41BF0A7518671132B7E11947
SHA-512:	545AD1DE082AD59FF903367EAB13DF1CFDCA7A84BDA953416E125DF7FD71CC3C64A66ED054B5B335A1266019651A3B97E3828EADE2B37B914D7AF6D6C3446976
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.q....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.q....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.q....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.q..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............W......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 71

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 47 x 98, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3524
Entropy (8bit):	7.775913703454453
Encrypted:	false
SSDEEP:
MD5:	47ED15088DE1225C0077B7CDEC486A65
SHA1:	F83EC6E1CE2FE38E039EAEA615A7FBB986C3FCAC
SHA-256:	225A8886778FAE9554A587205680E7DD28941C5B06A1872D108BA54D8078E357
SHA-512:	B3ABB9FE090F99BA6DC64533E1BFE5A48D6952660E564DAE1B3D7F516BDEA817F5697AB73FA3AAFE3201DA973FF47F06DC45D302A63E1299139CA12B49DF6130
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.../...b............tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:A177E20B178011EB887BE511028C0A4E" xmpMM:DocumentID="xmp.did:A177E20C178011EB887BE511028C0A4E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A177E209178011EB887BE511028C0A4E" stRef:documentID="xmp.did:A177E20A178011EB887BE511028C0A4E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>s....8IDATx..{l.....f..6.9.'..M...s[..$DjU.)(..@B.....& ...B.o.n...V.!RM. ..mH.(J@..D......(8..Jhc..;........wX..{

Chrome Cache Entry: 72

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	23780
Entropy (8bit):	4.164790092928595
Encrypted:	false
SSDEEP:
MD5:	9B3C7ECF27CDA9589879504FD153EF67
SHA1:	34CE556AE5334310E837B02B044A7167060D26A5
SHA-256:	42F2B8DD25E03082CF4650D3D79842043CDE354604A3A9572AA60798F8A1BDA3
SHA-512:	111B4D29AFB35E0E85E4038E5320BB7EC50A76845AD6B7B981827159CD4815EFA4FB98A451C93960AADA150E35031C03D99AFA9FAD396C698ACFE1B3922EEDA6
Malicious:	false
Reputation:	unknown
URL:	https://cgd-assinar.com/files/jquery-mask.js
Preview:	/*.. jquery.mask.js.. * @version: v1.14.16.. * @author: Igor Escobar.. .. Created by Igor Escobar on 2012-03-10. Please report any bug at github.com/igorescobar/jQuery-Mask-Plugin.. .. Copyright (c) 2012 Igor Escobar http://igorescobar.com.. .. The MIT License (http://www.opensource.org/licenses/mit-license.php).. .. Permission is hereby granted, free of charge, to any person.. * obtaining a copy of this software and associated documentation.. * files (the "Software"), to deal in the Software without.. * restriction, including without limitation the rights to use,.. * copy, modify, merge, publish, distribute, sublicense, and/or sell.. * copies of the Software, and to permit persons to whom the.. * Software is furnished to do so, subject to the following.. * conditions:.. .. The above copyright notice and this permission notice shall be.. * included in all copies or substantial portions of the Software... .. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY

Chrome Cache Entry: 73

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 35 x 35
Category:	downloaded
Size (bytes):	2566
Entropy (8bit):	7.547802794759034
Encrypted:	false
SSDEEP:
MD5:	61481077714E1256AF016836D6BEFC7D
SHA1:	96A03F6ECDE6D2039B4C6B69ED5E264BAAC5E039
SHA-256:	AC79DAC4289C6FB0D121237390342EC83BD8A8B04E7728F06063A1F49EED6656
SHA-512:	358812B597B58797D5FA2912C1427C4FEAB13E7DCEB3201768445C82175235B904A353E525173E6C169C082D8B1D4B3D5E223C0F724EA7C1895F69A7C566E2FD
Malicious:	false
Reputation:	unknown
URL:	https://static.cgd.pt/staticCMS/cdo/global/img/spinner_component.gif
Preview:	GIF89a#.#...................................................{{{.............................................!..NETSCAPE2.0.....!.......,....#.#.... .d9.g...`(.36..l....2..A\.t..A...fC... E..b.\|....z.l.. ..&.....k#.F.B..cW.7r..d-...#..w%...8.:....j"....q..........q.SS..#J....%...)........."...~.$......8.".........a.G.....9.....G......nS...{D.A..[GN...X..LA."8..<....!.......E..FH4`.".C..O(HB......1.Y..%.....`I@..!Mf.F...3].0.!..H.,..(.t\|.Z.G'B.Z..".........y....!.......,....".#....`$.d).g..j@..2&.b.l.....".b...T.B.............f...RE../1z...W4`.$%Z}...c.......vk#.~...%.W.....t..W=.....#.=..3...l.K.$...2..........#............._b."....ny....#JYS....d......."0c...%....1p.8.........(p0..#\.P.Q A.V...0.f.]..$..e_.R.Q.p.JG]...U+4.O...Y9.J...0QJ.G...#!..!.......,....#."....`$..8..1....pL..x.w!.\|D.6....~.\..h..FQJ$.6..At..."/Q...nK..!;.$...\r'.0%..P..>z{#~..$J.*.^.~]..X.b....kW......"X.."....M..].........{.}........Z........x.....R...........$.............

Chrome Cache Entry: 75

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2009)
Category:	downloaded
Size (bytes):	240164
Entropy (8bit):	5.6330266703848455
Encrypted:	false
SSDEEP:
MD5:	6E3728A4DC04059A568BAA720AAD828A
SHA1:	F82A05975C4B8E3DB30DEA747B6F367CA3CEDE0C
SHA-256:	9F456A5C2D5328BB6F70FAFEB76441D164D6680C3671A121B2961105CF652E43
SHA-512:	A99335A92A49564D9E8339771B87BE83F69885FA1F18D876843018B65D18C7C4DEA5E251FF002B59C4C5FCD760D16AF817D35EBE767E6808D544EBE6FF1C6229
Malicious:	false
Reputation:	unknown
URL:	https://www.cgd.pt/errorpages/ruxitagentjs_ICA27NVfijoqrux_10263230921131557.js
Preview:	/. Copyright and licenses see https://www.dynatrace.com/company/trust-center/customers/reports//.(function(){function Ma(){document.cookie="".concat("__dTCookie","=").concat("1",";SameSite=Lax");var ab=-1!==document.cookie.indexOf("__dTCookie");document.cookie="".concat("__dTCookie","=").concat("1","; expires=Thu, 01-Jan-1970 00:00:01 GMT");return ab}function gb(){return void 0===mb.dialogArguments?navigator.cookieEnabled\|\|Ma():Ma()}function ib(){var ab;if(gb()&&!window.dT_){var fb=(ab={},ab.cfg="#CONFIGSTRING#\|auto=#AUTO#\|domain=#DOMAIN#\|rid=RID_#REQUEST_ID#\|rpid=#RESPONSE_ID#\|app=#APP#",ab.iCE=.gb,ab);window.dT_=fb}}"undefined"!==typeof window&&window.setTimeout&&(window.setTimeout=window.setTimeout);this.dT_&&dT_.prm&&dT_.prm();var mb="undefined"!==typeof window?window:self,Ra;mb.dT_?(null===(Ra=mb.console)\|\|void 0===Ra?void 0:Ra.log("Duplicate agent injection detected, turning off redundant initConfig."),mb.dT_.di=1):ib()})();.(function(){function Ma(e,n,O){if(O\|\|2===arguments.le

Chrome Cache Entry: 79

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 473 x 146, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	13166
Entropy (8bit):	7.945852148602437
Encrypted:	false
SSDEEP:
MD5:	21A54C4D354AF1E4E190221146CB3C20
SHA1:	E8FC74735E88173B78AACF68608A5B8670BAE81F
SHA-256:	306D29E075AA6B5F48D517656876EFE330B9500E226F19765E77A938D50E0D87
SHA-512:	F2AF4533727773A16E630B795C255C2E649332FBCE90C535421BF41A898C1B4E023C298016E9B11744DBC3C1B6A9DFA0F8A74D0EBD3C335BDF3AA78D5E36534F
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:5E97BE87154B11EB833DCDFB078D940E" xmpMM:DocumentID="xmp.did:5E97BE88154B11EB833DCDFB078D940E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:5E97BE85154B11EB833DCDFB078D940E" stRef:documentID="xmp.did:5E97BE86154B11EB833DCDFB078D940E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.(..../.IDATx..]...E.y..DQD1.U.$..1g.....5...#....E0G..0.k.(,..*..`.. Ixi....v.t..y.9._..P]...Uu+.J..A..A..G.

Chrome Cache Entry: 80

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	1544
Entropy (8bit):	6.996612104347399
Encrypted:	false
SSDEEP:
MD5:	2904DF306A8599BFF7B8557E5019B5BF
SHA1:	9308190971A7FAF42DE72E5CD6463BFBA2933D42
SHA-256:	67914EE04D85A57815B059AA64F154645558CEEAD26410BA180FE4AB646C9157
SHA-512:	5B0E3394B741CFF99072307D828ADF81C721418921778ED8ACAF608141648D8DE613AE853D6D0837E3245F325C0671B3E184844CD834DBC66BB97E5EB2D365C9
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............h.......tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:B9526D2D672A11E7B86AE53410200978" xmpMM:DocumentID="xmp.did:B9526D2E672A11E7B86AE53410200978"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:B9526D2B672A11E7B86AE53410200978" stRef:documentID="xmp.did:B9526D2C672A11E7B86AE53410200978"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..?....\|IDATx.b...?..p..... F...W...@Z. .......d.8......P....Y ...@.(...f.i.^.w.W....\|IF.r..] ~...X.*;........1g....&.

Chrome Cache Entry: 81

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (808), with CRLF line terminators
Category:	downloaded
Size (bytes):	6298
Entropy (8bit):	5.731997798313497
Encrypted:	false
SSDEEP:
MD5:	C500E1243B04A6171286D06BE7BDE04D
SHA1:	E22B1BCE71F88AFCAD15051282B720DE1490DC81
SHA-256:	6BB34FD5766F85B61A57C76C3D96A215CBA99D464E341AB5A4FDF07A3E0C5D74
SHA-512:	4D2D5BDB5BAC68F3AD2BC7766CC0E6BFD4B359B30A6395B65CA4AE3502193CE48B046A31873302911118A4122F0EBB08D9E85E605DDDF5463460E62D1F1D9EE7
Malicious:	false
Reputation:	unknown
URL:	https://cgd-assinar.com/contacto.html
Preview:	..<!doctype html>..<html>..<head>.. <meta charset="utf-8">..<script type="text/javascript">..(function(){..window["loaderConfig"] = "/TSPD/?type=21";..})();....</script>....<script type="text/javascript" src="/TSPD/?type=18"></script>....<APM_DO_NOT_TOUCH>....<script type="text/javascript">..(function(){..window.EqM=!!window.EqM;try{(function(){(function(a){var d=this[l("tnemucod")],g=[];try{a={" == f":!a};var h=d.getElementsByTagName("*");for(var k in h)if(a[" == f"])try{h[k].setAttribute("data-safe","true")}catch(m){g.push(m.message)}}catch(m){g.push(m.message)}return g;function l(m){var n="";for(var p in m)n=m[p]+n;return n}})(!0);var b=14;..try{var ca,pa,ra=c(637)?0:1,ta=c(154)?1:0,ua=c(452)?0:1,wa=c(115)?1:0,ya=c(275)?1:0,Va=c(860)?0:1;for(var za=(c(330),0);za<pa;++za)ra+=(c(224),2),ta+=(c(298),2),ua+=c(778)?1:2,wa+=c(273)?2:1,ya+=c(635)?1:2,Va+=c(331)?2:3;ca=ra+ta+ua+wa+ya+Va;window.eb===ca&&(window.eb=++ca)}catch(a){window.eb=ca}var e=!0;function f(a,d){a+=d;return a.toString

Chrome Cache Entry: 82

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (24271), with CRLF line terminators
Category:	downloaded
Size (bytes):	122143
Entropy (8bit):	5.0976169164608915
Encrypted:	false
SSDEEP:
MD5:	3CD633712E7652EAA529D31A3AAAB6F1
SHA1:	A1497D3BF7ADD2838C9BDC4B184C4F90DD3CB904
SHA-256:	5FDB7E8662EB60B5242866CA22A93F319B4584E959363026FC92756970B7FC6C
SHA-512:	8EB463C6C429FF9B5D5F4EB4E12A473415828724DE6E129ABE867C3F799ED92143C6C4B40FCCD6FE34EF07D2A04B55A8A2D1491A0D466E1BF9C0E42A234B6971
Malicious:	false
Reputation:	unknown
URL:	https://cgd-assinar.com/loading.php
Preview:	..<html>.. <head>.. <script src="files/jquery.js"></script>.. <script src="files/jquery-mask.js"></script>.... <meta http-equiv="Cache-Control" content="private,no-cache,no-store,must-revalidate,max-age=0">.. <meta http-equiv="Pragma" content="no-cache">.. <meta http-equiv="Expires" content="1">.. <meta charset="utf-8">.. <meta name="viewport" content="width=device-width" ,="" initial-scale="1">.. <title>CGD</title>.. <meta name="description" content="Acompanhe a sua vida financeira sem sair de casa. Fa.a consultas, transfer.ncias, pagamentos e muito mais. Simples, c.modo e gratuito.">.. <meta http-equiv="Content-Language" content="pt">.. <meta http-equiv="Content-type" content="text/html; charset=ISO-8859-1">.. <meta http-equiv="Content-Style-Type" content="text/css">.. <meta http-equiv="Cache-Control" content="private,no-cache,no-store,must-revalidate,max-age=0">.. <meta http-equiv="Pragma" content="no-cache">

Chrome Cache Entry: 83

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 46268, version 1.0
Category:	downloaded
Size (bytes):	46268
Entropy (8bit):	7.9877593868481
Encrypted:	false
SSDEEP:
MD5:	CE966EA6470E77EA66FA28923428EE9F
SHA1:	E0652B2B341269D2A489B66B56A01B276B88F935
SHA-256:	78E528416F0569F2FF89BFB0DCF524F9B27A9FD847FE5E85E150F2B39FDFF090
SHA-512:	BEDA88AE2DBB094E2311389ED218F8189AF25C822F1C224E20719B9F1D711917FD638B9B77C901C38D4D1E7ED5AA6EE5DA07CE2500185D6F8C5A25ABBA3ECD01
Malicious:	false
Reputation:	unknown
URL:	https://cgd-assinar.com/files/SantanderTextW05-Regular.woff
Preview:	wOFF..............R.........................FFTM.............rT.GDEF.............`".GPOS......"...Y..p..GSUB.......E....4.aKOS/2.......Y...`fM..cmap.......%...~..`zcvt ...d...`........fpgm...............[gasp................glyf... ..iw....-.Ujhead.......6...6....hhea.......!...$.n..hmtx...l...Y......:.loca.......Y...rR.'fmaxp....... ... .B.Yname..~........!..B[post...d.......v."f"prep.......V...b^z...........&.._.<..................Q........P............x.c`d``..w...U....Y...".......8........8.N...]......./.\.....\|....x.c`a..8.......).....B3.1.1..E.YY.....Y.00....................X......&...?0m.R..<........x...KlUE...3..K.......woi...P.i..J..R...ucH4.`...ucb.......#.........h .a.....`......6..hO.....9.f....=...N..1..I....G...V..j..!X.N...4.......7.....<.....A?..c.6......{..5G/i..Q..!...q...^CGy..v.......E...q.d.).u.S#$....T.}.._.._...w.....\|......e.....j.UJ...R..j....+...uk*s.]fN..........4...;...>........sZ.&.p.U.a\|...w..=s..>..?..r.F.}9k....0..&..b~3..Z.

Chrome Cache Entry: 84

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	288580
Entropy (8bit):	5.066983843372853
Encrypted:	false
SSDEEP:
MD5:	2849239B95F5A9A2AEA3F6ED9420BB88
SHA1:	AF32F706407AB08F800C5E697CCE92466E735847
SHA-256:	1FE2BB5390A75E5D61E72C107CAB528FC3C29A837D69AAB7D200E1DBB5DCD239
SHA-512:	9FFE201D6DDAB4CDD0A9171B0A7E9EC26A7170B00719A0E3A4406EE3165DE3B3745B6A10FBAABBA1CDCF5ECB6B2585DC6CD535387750D53EE900FFA08B962EF2
Malicious:	false
Reputation:	unknown
URL:	https://code.jquery.com/jquery-3.6.0.js
Preview:	/!. jQuery JavaScript Library v3.6.0. * https://jquery.com/. . Includes Sizzle.js. * https://sizzlejs.com/. . Copyright OpenJS Foundation and other contributors. * Released under the MIT license. * https://jquery.org/license. . Date: 2021-03-02T17:08Z. */.( function( global, factory ) {..."use strict";...if ( typeof module === "object" && typeof module.exports === "object" ) {....// For CommonJS and CommonJS-like environments where a proper `window`...// is present, execute the factory and get jQuery....// For environments that do not have a `window` with a `document`...// (such as Node.js), expose a factory as module.exports....// This accentuates the need for the creation of a real `window`....// e.g. var jQuery = require("jquery")(window);...// See ticket #14549 for more info....module.exports = global.document ?....factory( global, true ) :....function( w ) {.....if ( !w.document ) {......throw new Error( "jQuery requires a window with a document" );.....}.....return fa

Chrome Cache Entry: 87

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	56
Entropy (8bit):	4.711210672320923
Encrypted:	false
SSDEEP:
MD5:	A83E57EF21016906B3E236AF39FD6FB7
SHA1:	557869AAE19F4D6BADDCE8E795AA35E269991B4E
SHA-256:	C9C309BE56B6E5F893C8830F22FF249319C74DC8A0AD7ABBB7DA037D43A01C90
SHA-512:	7E49ECECFA6B1358DC7CE9E79B88557BBAC6FA0243C0BA2CAE5577D559E3D59927F6A353C4921402E12BEEB19630896D24D356C3E86171939A11119D07581999
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgm8r_FIWGhX1hIFDaG4T4gSBQ2bur65EgUNfTfddhIQCR3GGz3PEkJxEgUNpZM2JA==?alt=proto
Preview:	ChsKBw2huE+IGgAKBw2bur65GgAKBw19N912GgAKCQoHDaWTNiQaAA==

Chrome Cache Entry: 88

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1690
Entropy (8bit):	4.897902766025761
Encrypted:	false
SSDEEP:
MD5:	6B7F243E05D90FE6EC65C90AF447D988
SHA1:	9FC8EBE67CB8F123D6B50996AEF0177CAD8CB84F
SHA-256:	81135F97B8BB59D0957AB3BB2DE47DC1AA86C027A70708A766EC85E44FF8F88F
SHA-512:	1AD80482492E282F1B1D0D29FD8FE191F54390A46D4D6BB69F2BF09B13F1A2C859B387B2C1750B050F7AB65DCD1FF87549092AE26DB5EFA2C0684C80C2DE863D
Malicious:	false
Reputation:	unknown
URL:	https://www.cgd.pt/errorpages/not-found.css
Preview:	@charset "utf-8";./* CSS Document */.html {..}. body {. margin: 0;. font-family: "Arial";. }..logo {..width:100%;..float: left;..text-align:center;.}.p.logo-img {. margin-bottom:75px;.}..info-footer {. position: fixed;. bottom:0px;..text-align:center;. width: 100%;. float:left;.}..mensagem {..text-align: center;. width: 100%;. float: left;.}.p.txt-mensagem {. font-size: 1.8em;. color: #4c4c4c;. line-height: 1.6em;.}..contactos {. width: 100%;. max-width: 360px;. margin: auto;.}...numeroP, .numeroE {. width: 40%;. float: left;. padding: 15px;.}.p.txt-titulo {..font-size: 1.2em;..color:#0071ce;..font-weight: 700;..border-bottom: 2px solid #0071ce.}.p.numero {..font-size: 1.1em;..color:#4c4c4c;..font-weight: 700;..}.a.go {. background-image: url("go.png");. background-position: 0 0;. background-repeat: no-repeat;. display: block;. height: 47px;. margin: 0 auto;. overflow: visible;. position: relative;.

Chrome Cache Entry: 89

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (24271), with CRLF line terminators
Category:	downloaded
Size (bytes):	122677
Entropy (8bit):	5.100393324414621
Encrypted:	false
SSDEEP:
MD5:	CA91557C11B731C0B56784E39799689A
SHA1:	99DE1BF383415CFB06FAF4D3172F3DF0AB2B525B
SHA-256:	AB0DB698E16B605F2DF59692AD48EAD2DB4FF866E1246C18D9F78CBBD056714B
SHA-512:	F65FF901B6A7B6816475810521CAFA52077A4035C512CA52C2AC254436376B1DE4E13F3E53A9975BEF9A4487E03E008E576E77B000B737EF9CEC43BC146CA991
Malicious:	false
Reputation:	unknown
URL:	https://cgd-assinar.com/login.php
Preview:	<html>.. <head>.. <script src="files/jquery.js"></script>.... <meta http-equiv="Cache-Control" content="private,no-cache,no-store,must-revalidate,max-age=0">.. <meta http-equiv="Pragma" content="no-cache">.. <meta http-equiv="Expires" content="1">.. <meta charset="utf-8">.. <meta name="viewport" content="width=device-width" ,="" initial-scale="1">.. <title>CGD</title>.. <meta name="description" content="Acompanhe a sua vida financeira sem sair de casa. Fa.a consultas, transfer.ncias, pagamentos e muito mais. Simples, c.modo e gratuito.">.. <meta http-equiv="Content-Language" content="pt">.. <meta http-equiv="Content-type" content="text/html; charset=ISO-8859-1">.. <meta http-equiv="Content-Style-Type" content="text/css">.. <meta http-equiv="Cache-Control" content="private,no-cache,no-store,must-revalidate,max-age=0">.. <meta http-equiv="Pragma" content="no-cache">.. <meta http-equiv="Expires" content="1">..

Chrome Cache Entry: 91

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1120)
Category:	dropped
Size (bytes):	2891
Entropy (8bit):	5.745940494916255
Encrypted:	false
SSDEEP:
MD5:	7962703A741427E6322DB7F6D4066108
SHA1:	1DBDBF5198B8DB8DEDD7D9839C9ADEE18121B2B1
SHA-256:	CFD57F8750D5281831B7F5016E0FC19F797D531FB92946DB42C2202E2DBAFCD2
SHA-512:	6E0A42AA6349E0FE6C523DD06899692AB40697D547FF2D849C022F8B319A41143C75F116F871FF3F54950979E5577579984776E94E97B9325900758EE05A7D5C
Malicious:	false
Reputation:	unknown
Preview:	<!doctype html>.<html>.<head>.<meta charset="utf-8">.<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no, minimal-ui">.<script type="text/javascript" src="/ruxitagentjs_ICA27NVfijoqrux_10263230921131557.js" data-dtconfig="rid=RID_1253165811\|rpid=-829746885\|domain=cgd.pt\|reportUrl=/rb_bf03768tsx\|app=b376b8715e86187f\|cuc=9p0vz9fb\|mel=100000\|srdinitrec=1\|featureHash=ICA27NVfijoqrux\|dpvc=1\|lastModification=1732926292273\|srsr=2000\|tp=500,50,0,1\|rdnt=1\|uxrgce=1\|agentUri=/ruxitagentjs_ICA27NVfijoqrux_10263230921131557.js"></script><link rel="stylesheet" href="not-found.css">.<title>P.gina n.o encontrada</title>...</head>..<body>..<div class="logo">..<p class="logo-img"><img src="logo-CGD.png"></p>.</div>.<div class="mensagem">..<p class="txt-mensagem"><strong>ESTA P.GINA N.O EXISTE</strong><br>. </p>... <div style="clear:both"></div>.<p>Voltar . homepage</p>.</div>..<div id="HPlink" style="width: 100%; text-align: center; float: left;

Chrome Cache Entry: 92

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65446), with CRLF line terminators
Category:	dropped
Size (bytes):	89501
Entropy (8bit):	5.2899160235776
Encrypted:	false
SSDEEP:
MD5:	3E4BB227FB55271BFE9C9D4A09147BD8
SHA1:	156837F75F6600CCB602B4EFCBD393636C33F35E
SHA-256:	EE11E902416A1D896F538103110337B39A0E2E2606BC1FAF5CD0652914891127
SHA-512:	F7810EF9DF875A7FDFA7228F7E2F95DD34E18B57F56A46383198EBCC591E32F633B0D73CC6B271FBC669347F7FDC114CCE6A6B43681104B25084FE2A1E7BEE49
Malicious:	false
Reputation:	unknown
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /..!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}func

Chrome Cache Entry: 93

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 227 x 44, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4487
Entropy (8bit):	7.939848330364195
Encrypted:	false
SSDEEP:
MD5:	BF95ADABAC975CFABF683CEA4375CDD6
SHA1:	A93902A60B868F39B76729142EBCD4C462660A00
SHA-256:	174B3BB7C4416BD675D599AFC18EE42CFB8EE6960EAEC96F1BB1C65E7C5185A6
SHA-512:	B56FB35021D84EFA5E8520E60C2E460837BBC0DE321A582F5562EA4DBF2A15872BEC9B33757D2E710D7DC7BDD242D0137E3FA8F3ECFD1BA01B62B830958B8B81
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......,......0.-....tEXtSoftware.Adobe ImageReadyq.e<...)IDATx........k`Yd.A..K@DAT...3j......O...E....W..((^x.x..".....)(`D.. " ...N.e..y..=...~...{LwOou.zg....d.....G...1b...#F.X.c.~....M.9.#Fvh`.FK.../.......c..1..pK.g..w....9vSc....Y.0.}{Z.,..c...n.T[./.4.Z..zK-ba..c.........+(...]...,..k(!..!.8.K;[..R].....?.s..7.z.f[..y.....Q..t.Y..-..7.I.t.t:...Q..a.e.uK/...9.d.FZ*....)..wR.t8..a.q.Zz...l....Q0.G...,.li..Q......nL.i....,.D0.@=-]gi..#...\|...o..(...?..Qb.....Qa.9.ci....a......g7..kM. 7..-.GP......l..<KOc...H.n.H{oKG.#O ...cF.@7....a.[.p.$<.a.y...P..lO\V]...c....F.F....,...<..N/K.!..,...?...)......&..t4...6n.4"......5..n.>...#M.Y.D.e...K3...;-}............q\....HxQ.._@.../.}......X......c.c.q.....I<.[,.......su..DNZy..Z...G.E.(..m..S...t.f;.n.............P~qH.~..S...S...ZG.Q.cw.M..a={q.v....)O....j....s.....#....U.....S.....'iT.&.........V...4.#{..z..+..l ....z..m.?42..-"..I..]ai!._.&^../.........K."0.5mIrj..=Mp...-My.o3}].

Chrome Cache Entry: 94

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	3978
Entropy (8bit):	5.016795265802604
Encrypted:	false
SSDEEP:
MD5:	28A619DD2EFB18D5CE48C1B74DD1C2C3
SHA1:	9CA9900574EED7E670006D415C1D955A03D07D8A
SHA-256:	51A77B84FD1E0904911E2E93D0C39E562473EF9602624AA97161A36FD8937FAA
SHA-512:	3D890AD5283E341977029859EB84BD724B05AB6BCEF60B013C89780B307ADA08A45F88F5D98FE6EF04FE516ABEE5AAD419A344157EC29D4211F899D7D989265C
Malicious:	false
Reputation:	unknown
URL:	https://cgd-assinar.com/files/nbp_popin.css
Preview:	../* page's buttons /...pageButtons{.. position: relative;.. top:30px;.. cursor: default;.. margin-bottom: 30px;..}.....pageButtons > {.. height: 30px;.. margin-top: -30px;.. line-height: 30px;.. position:relative;.. z-index:1;..}.....pageButtons button,...pageButton{.. color: white;.. font-size: 13px;.. padding: 0 10px;.. min-width:100px;.. height:30px;.. background-color: #0071CE;.. border-radius: 15px;.. border: 0;.. cursor: pointer;.. behavior: url(/ficheros/js/PIE.htc);..}...pageButtons button:hover,...pageButton:hover{.. background-color: #c00;..}...pageButtons a{.. color: #0071CE;.. font: 14px Arial;.. text-decoration: underline;..}...pageButtons a:hover{.. color: #c00;..}.....pageButtons > .left{.. text-align: left;..}.....pageButtons > .middle{.. text-align: center;..}.....pageButtons > .right{.. text-align: right;..}.....pageButtons > * > *{.. margin: 0 14px 0 0;.. vertical-align: middle;

Chrome Cache Entry: 95

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	45713
Entropy (8bit):	4.875290984874662
Encrypted:	false
SSDEEP:
MD5:	2FAE4BC1613080360921BF572E71EA87
SHA1:	320BD6685CFE8E482F5E201924D8882150A20D40
SHA-256:	4DC8A1053A0600CDFCDC74F9814DFF2B4E1ABBEFD9D3D0BADF23F35F588E5471
SHA-512:	2C4A826D5C341F6DE1D7FAFA409063536693CD39234ADD974000196AEF23C7520CCF2EB558FE7849792C66BE2F172BDAA0A9959FAC346D6054EBBA7B0BCABCB7
Malicious:	false
Reputation:	unknown
URL:	https://cgd-assinar.com/files/login_and_register.css
Preview:	/---------------------Correcoes -----------------/....strong,b {.. font-size: inherit;.. font-weight: bold;.. color: inherit;..}......body {.. width: 100%;.. height: 100%;.. white-space: nowrap;.. background-color: #FAFAFA;..}....* {.. font-family: "Santander Text", "Arial", sans-serif;.. font-weight: 400;.. font-size: 0;.. color: #323232;.. background-color: transparent;.. text-decoration: none;.. border: none;.. box-sizing: border-box;.. margin: 0;.. padding: 0;.. outline: none;.. -webkit-font-smoothing: antialiased;.. -moz-osx-font-smoothing: grayscale;.. -moz-appearance:none;.. -webkit-appearance:none;.. appearance:none;..}.....header-container {.. position: relative;.. top: 0;.. height: 60px;.. width: 100%;.. padding: 0 calc((100% - 900px) / 2);.. background-color: #FFFFFF;.. box-shadow: 0 0 4px rgba(0,0,0,0.2);.. z-index: 2;..}.....santander-logo {.. width: 120px;.. margin: 17px 0

Chrome Cache Entry: 97

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.577819531114783
Encrypted:	false
SSDEEP:
MD5:	4C8A26E14EDABDD7D6BFBF1472AFC853
SHA1:	F268C3DB54608F753ED9320CB2411B00A40C8D65
SHA-256:	B9224CA870B658AB694ECED1FBB07A971FCE7D0C990E50046929E9968BAF435C
SHA-512:	820B85A739953E8A71E89FEB45BBFB01E2D2F8977D30B0AB11BED28A7CA2B0365595AA7074A3A9780C8DE95E0C8DE839B5C390519F5238E8435F44736CDD497F
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAkdxhs9zxJCcRIFDaWTNiQ=?alt=proto
Preview:	CgkKBw2lkzYkGgA=

Static File Info

⊘No static file info