Edit tour

Windows Analysis Report
https://in.xero.com/538xzi7jR6vpCOoeVZX9FI8QyXA91hfWBxTy9jvY?utm_source=invoiceEmailPayNowButton&utm_campaign=classicInvoicesEmailV2PaymentServiceAttached#paynow

Overview

General Information

Sample URL:	https://in.xero.com/538xzi7jR6vpCOoeVZX9FI8QyXA91hfWBxTy9jvY?utm_source=invoiceEmailPayNowButton&utm_campaign=classicInvoicesEmailV2PaymentServiceAttached#paynow
Analysis ID:	1430558

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6952 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://in.xero.com/538xzi7jR6vpCOoeVZX9FI8QyXA91hfWBxTy9jvY?utm_source=invoiceEmailPayNowButton&utm_campaign=classicInvoicesEmailV2PaymentServiceAttached#paynow MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7140 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1972,i,18444751312920158574,14448086482904008040,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://m.stripe.network/inner.html#url=https%3A%2F%2Fin.xero.com%2Fm%2F538xzi7jR6vpCOoeVZX9FI8QyXA91hfWBxTy9jvY%3Futm_source%3DinvoiceEmailPayNowButton%26utm_campaign%3DclassicInvoicesEmailV2PaymentServiceAttached%23paynow&title=Invoice%20INV-83563%20-%20HelloSelf%20(UK)%20Limited&referrer=&muid=NA&sid=NA&version=6&preview=false	HTTP Parser: No favicon
Source: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fin.xero.com%2Fm%2F538xzi7jR6vpCOoeVZX9FI8QyXA91hfWBxTy9jvY%3Futm_source%3DinvoiceEmailPayNowButton%26utm_campaign%3DclassicInvoicesEmailV2PaymentServiceAttached%23paynow&title=Invoice%20INV-83563%20-%20HelloSelf%20(UK)%20Limited&referrer=&muid=NA&sid=NA&version=6&preview=false	HTTP Parser: No favicon
Source: https://b.stripecdn.com/stripethirdparty-srv/assets/v20.25/HCaptchaInvisible.html?id=221e024c-4494-4f55-aeea-7c188f7b254a&origin=https%3A%2F%2Fjs.stripe.com	HTTP Parser: No favicon
Source: https://b.stripecdn.com/stripethirdparty-srv/assets/v20.25/HCaptchaInvisible.html?id=221e024c-4494-4f55-aeea-7c188f7b254a&origin=https%3A%2F%2Fjs.stripe.com	HTTP Parser: No favicon
Source: https://js.stripe.com/v3/hcaptcha-invisible-5c57cdf6a837850398ee7d5222b205c1.html#debugMode=false&parentOrigin=https%3A%2F%2Fin.xero.com	HTTP Parser: No favicon
Source: https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html#frame=challenge&id=0e6zzusridhr&host=b.stripecdn.com&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=463b917e-e264-403f-ad34-34af0ee10294&size=invisible&theme=light&origin=https%3A%2F%2Fb.stripecdn.com	HTTP Parser: No favicon
Source: https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html#frame=challenge&id=0e6zzusridhr&host=b.stripecdn.com&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=463b917e-e264-403f-ad34-34af0ee10294&size=invisible&theme=light&origin=https%3A%2F%2Fb.stripecdn.com	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49818 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: unknown

DNS traffic detected: queries for: in.xero.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49818 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@17/61@66/194

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://in.xero.com/538xzi7jR6vpCOoeVZX9FI8QyXA91hfWBxTy9jvY?utm_source=invoiceEmailPayNowButton&utm_campaign=classicInvoicesEmailV2PaymentServiceAttached#paynow
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1972,i,18444751312920158574,14448086482904008040,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1972,i,18444751312920158574,14448086482904008040,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://in.xero.com/538xzi7jR6vpCOoeVZX9FI8QyXA91hfWBxTy9jvY?utm_source=invoiceEmailPayNowButton&utm_campaign=classicInvoicesEmailV2PaymentServiceAttached#paynow	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
about:blank	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
fastly-tls12-bam.nr-data.net	162.247.243.29	true	false	unknown
api.hcaptcha.com	104.18.125.91	true	false	unknown
widget.intercom.io	18.244.202.101	true	false	high
js-agent.newrelic.com	162.247.243.39	true	false	high
api-iam.intercom.io	3.210.68.90	true	false	high
stripecdn.map.fastly.net	151.101.192.176	true	false	unknown
r.stripe.com	54.186.23.98	true	false	high
hcaptcha.com	104.18.124.91	true	false	unknown
m.stripe.com	44.240.235.135	true	false	high
dexeqbeb7giwr.cloudfront.net	52.85.132.96	true	false	high
stripe.com	198.137.150.201	true	false	high
www.google.com	74.125.136.106	true	false	high
nexus-websocket-a.intercom.io	35.174.127.31	true	false	high
api2.hcaptcha.com	104.18.124.91	true	false	unknown
merchant-ui-api.stripe.com	198.202.176.81	true	false	high
newassets.hcaptcha.com	104.18.125.91	true	false	unknown
api.stripe.com	34.237.201.68	true	false	high
js.intercomcdn.com	3.163.101.21	true	false	high
in.xero.com	unknown	unknown	false	high
b.stripecdn.com	unknown	unknown	false	unknown
m.stripe.network	unknown	unknown	false	high
bam.nr-data.net	unknown	unknown	false	unknown
product-analytics-bff.xero.com	unknown	unknown	false	high
edge.xero.com	unknown	unknown	false	high
js.stripe.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://js.stripe.com/v3/hcaptcha-invisible-5c57cdf6a837850398ee7d5222b205c1.html#debugMode=false&parentOrigin=https%3A%2F%2Fin.xero.com	false		high
https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html#frame=challenge&id=0e6zzusridhr&host=b.stripecdn.com&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=463b917e-e264-403f-ad34-34af0ee10294&size=invisible&theme=light&origin=https%3A%2F%2Fb.stripecdn.com	false		unknown
https://b.stripecdn.com/stripethirdparty-srv/assets/v20.25/HCaptchaInvisible.html?id=221e024c-4494-4f55-aeea-7c188f7b254a&origin=https%3A%2F%2Fjs.stripe.com	false		unknown
about:blank	false	Avira URL Cloud: safe	low
https://m.stripe.network/inner.html#url=https%3A%2F%2Fin.xero.com%2Fm%2F538xzi7jR6vpCOoeVZX9FI8QyXA91hfWBxTy9jvY%3Futm_source%3DinvoiceEmailPayNowButton%26utm_campaign%3DclassicInvoicesEmailV2PaymentServiceAttached%23paynow&title=Invoice%20INV-83563%20-%20HelloSelf%20(UK)%20Limited&referrer=&muid=NA&sid=NA&version=6&preview=false	false		high
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fin.xero.com%2Fm%2F538xzi7jR6vpCOoeVZX9FI8QyXA91hfWBxTy9jvY%3Futm_source%3DinvoiceEmailPayNowButton%26utm_campaign%3DclassicInvoicesEmailV2PaymentServiceAttached%23paynow&title=Invoice%20INV-83563%20-%20HelloSelf%20(UK)%20Limited&referrer=&muid=NA&sid=NA&version=6&preview=false	false		high
https://in.xero.com/m/538xzi7jR6vpCOoeVZX9FI8QyXA91hfWBxTy9jvY?utm_source=invoiceEmailPayNowButton&utm_campaign=classicInvoicesEmailV2PaymentServiceAttached#paynow	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
18.244.202.101	widget.intercom.io	United States	16509	AMAZON-02US	false
142.250.105.84	unknown	United States	15169	GOOGLEUS	false
151.101.0.176	unknown	United States	54113	FASTLYUS	false
74.125.136.106	www.google.com	United States	15169	GOOGLEUS	false
23.202.153.232	unknown	United States	20940	AKAMAI-ASN1EU	false
54.162.198.104	unknown	United States	14618	AMAZON-AESUS	false
35.174.127.31	nexus-websocket-a.intercom.io	United States	14618	AMAZON-AESUS	false
198.137.150.81	unknown	United States	3356	LEVEL3US	false
104.18.124.91	hcaptcha.com	United States	13335	CLOUDFLARENETUS	false
142.251.15.95	unknown	United States	15169	GOOGLEUS	false
142.250.9.94	unknown	United States	15169	GOOGLEUS	false
162.247.243.39	js-agent.newrelic.com	United States	13335	CLOUDFLARENETUS	false
3.163.101.21	js.intercomcdn.com	United States	16509	AMAZON-02US	false
3.210.68.90	api-iam.intercom.io	United States	14618	AMAZON-AESUS	false
74.125.138.94	unknown	United States	15169	GOOGLEUS	false
198.137.150.201	stripe.com	United States	3356	LEVEL3US	false
64.233.177.95	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
23.197.109.242	unknown	United States	20940	AKAMAI-ASN1EU	false
52.85.132.96	dexeqbeb7giwr.cloudfront.net	United States	16509	AMAZON-02US	false
44.237.131.121	unknown	United States	16509	AMAZON-02US	false
54.187.159.182	unknown	United States	16509	AMAZON-02US	false
172.253.124.139	unknown	United States	15169	GOOGLEUS	false
23.197.110.27	unknown	United States	20940	AKAMAI-ASN1EU	false
34.237.201.68	api.stripe.com	United States	14618	AMAZON-AESUS	false
54.186.23.98	r.stripe.com	United States	16509	AMAZON-02US	false
151.101.128.176	unknown	United States	54113	FASTLYUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
198.202.176.81	merchant-ui-api.stripe.com	United States	22182	AS22182US	false
162.247.243.29	fastly-tls12-bam.nr-data.net	United States	13335	CLOUDFLARENETUS	false
104.18.125.91	api.hcaptcha.com	United States	13335	CLOUDFLARENETUS	false
23.222.193.8	unknown	United States	16625	AKAMAI-ASUS	false
44.240.235.135	m.stripe.com	United States	16509	AMAZON-02US	false
23.202.153.8	unknown	United States	20940	AKAMAI-ASN1EU	false
151.101.192.176	stripecdn.map.fastly.net	United States	54113	FASTLYUS	false

Private

IP
192.168.2.17
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1430558
Start date and time:	2024-04-23 21:46:00 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://in.xero.com/538xzi7jR6vpCOoeVZX9FI8QyXA91hfWBxTy9jvY?utm_source=invoiceEmailPayNowButton&utm_campaign=classicInvoicesEmailV2PaymentServiceAttached#paynow
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@17/61@66/194

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe, SgrmBroker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 74.125.138.94, 172.253.124.139, 172.253.124.100, 172.253.124.102, 172.253.124.113, 172.253.124.138, 172.253.124.101, 142.250.105.84, 23.222.193.8, 34.104.35.123, 23.202.153.232, 23.197.109.242, 23.62.230.45, 23.197.110.27, 23.202.153.8
Excluded domains from analysis (whitelisted): in.xero.com.edgekey.net, e6513.a.akamaiedge.net, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, new-edge.xero.com.edgekey.net, ctldl.windowsupdate.com, clientservices.googleapis.com, e11670.a.akamaiedge.net, product-analytics-bff.xero.com.edgekey.net, clients2.google.com, edgedl.me.gvt1.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://in.xero.com/538xzi7jR6vpCOoeVZX9FI8QyXA91hfWBxTy9jvY?utm_source=invoiceEmailPayNowButton&utm_campaign=classicInvoicesEmailV2PaymentServiceAttached#paynow

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 18:46:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9939534440060545
Encrypted:	false
SSDEEP:
MD5:	56324F867439B020B6883AADEB72470D
SHA1:	9EB5C2C36BE1DAF0CADDF333F5677285C5443D4B
SHA-256:	815BC2E7E466D7C41CB586A6C0A18BFCF795D56B55C901B7D629D6CD6194D069
SHA-512:	3EF247463477578A22BA2B51073C7AAC2EC14EE827E746B9999C4903863319AC4804D72CADE6ABC582D136E4F0F6220262F106B6033701EC53B19667B8C2A952
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............7.".....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 18:46:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.010878234049291
Encrypted:	false
SSDEEP:
MD5:	13A12223F87C92F9B85B47D9B0747F8D
SHA1:	F92F59831491B546E441FBFCA92087902AA80A46
SHA-256:	6204AAC3CEDF310EFD62CEB968E37319F6694AA20C0C2F86CE9D462A2F8033D6
SHA-512:	30947536380D34BDAA717A9B88D78C7CD67676F37D696C06685999ECEFC522D2C54698D02AB91E47E2781AF11469F3A0D3473AC38D2C2172788194DEF2467678
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,...../....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............7.".....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.014736743371093
Encrypted:	false
SSDEEP:
MD5:	C7196DDA85837B9E1CFFC465D0C2AED5
SHA1:	35C56781561D5166B2B308F4EE9FA7170517F78E
SHA-256:	37AAA41523B9904AB1E4EC5D41BF5DF1BB68DA4A2D2655A089FC2D34D4BB7103
SHA-512:	BB6CB694F491E66FBF7ED69677DF6B301C743813D88BF11192C45816C66E30B26ACF8E7D63D1D53EF0984451499E67DD0157C9370BC772F57B3AF0D36F132C27
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............7.".....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 18:46:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.00753953415513
Encrypted:	false
SSDEEP:
MD5:	CAA3742BB60F229C57A98C5799F5B4AA
SHA1:	525EE40B7EB68288E50E03BD13E414C9E72B3C4F
SHA-256:	EE0CC5931642B52592ABBB852B28ED147B1EEF23CCD350506D47D706970DBD8E
SHA-512:	C4ED158B0708B1299784F75F44C78F09C42AD5A354E87B593630BF3AC849853C27B76622B9DAFF3EFA98E87B62F457FDBED2B4B99714329A17C4487C6A33A29E
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....@w...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............7.".....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 18:46:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9953254863210943
Encrypted:	false
SSDEEP:
MD5:	65CB40E0FAB070F3DA587986D2EA7463
SHA1:	5B5116A0206F6A44649D2769B586B5DC0C2724BD
SHA-256:	3325B76DA5DA180ED921DDE7B25B544D3EE201B0AC17A9FB2CD307F10CE1D353
SHA-512:	1BECE700B859AA113E8BD870E58C4F4EC90D7F037EB79F3AD8FBD9D627D512EFC07A9F31D1E0D022E94CDF7DB9F8E35C914DE9C2BD8107FBBAE351D2C197D2FD
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....gJ....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............7.".....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 18:46:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.00490294218623
Encrypted:	false
SSDEEP:
MD5:	627AA08A2FF988C6045E69C795F3BD18
SHA1:	91E5D2CBDF186F10F44EEB7D25A1109F298B550E
SHA-256:	959522B0CCC33E26DEF0E4DAE927B4B4FB2A4F7D63841FB42C35249DE5CA1240
SHA-512:	14D05AEB50DEB8C198E269C4E5095DCE7401C56949737081D9DEA1180830D0FD0534857F8DA96E4B4C30E6B0D3DB33D36B6A9BA951D78019B81169BF36715943
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....\|m...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............7.".....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (65439)
Category:	downloaded
Size (bytes):	73135
Entropy (8bit):	5.293561585952851
Encrypted:	false
SSDEEP:
MD5:	5C57CDF6A837850398EE7D5222B205C1
SHA1:	63C9F93E14EE566E311D22E07EC98B61CE3D25E0
SHA-256:	2E00C971E9745C7D69766032AF00DAFC5063AF270212E8EFAC0C8E6915036593
SHA-512:	895F593EBED0C6981346DB90E39A1EC8500727D670F753EB05C330C716AB6107312AF5C259BA30974888DD5CCA8A9B680EF63062E78BF53C0772B7AF7576753F
Malicious:	false
Reputation:	unknown
URL:	https://js.stripe.com/v3/hcaptcha-invisible-5c57cdf6a837850398ee7d5222b205c1.html
Preview:	<!doctype html><html><head><meta charset="utf-8"/></head><body></body>. prettier-ignore -->.<script>!function(){function t(r){var o=n[r];if(void 0!==o)return o.exports;var i=n[r]={exports:{}};return e[r](i,i.exports,t),i.exports}var e={29317:function(t,e,n){var r=n(56274).Promise;!function(t,e){for(var n in e)t[n]=e[n]}(e,function(t){function e(r){if(n[r])return n[r].exports;var o=n[r]={i:r,l:!1,exports:{}};return t[r].call(o.exports,o,o.exports,e),o.l=!0,o.exports}var n={};return e.m=t,e.c=n,e.d=function(t,n,r){e.o(t,n)\|\|Object.defineProperty(t,n,{enumerable:!0,get:r})},e.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},e.t=function(t,n){if(1&n&&(t=e(t)),8&n)return t;if(4&n&&"object"==typeof t&&t&&t.__esModule)return t;var r=Object.create(null);if(e.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:t}),2&n&&"string"!=typeof t)for(var o in t)e.d(r,o,

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (945)
Category:	downloaded
Size (bytes):	131882
Entropy (8bit):	5.376896897488642
Encrypted:	false
SSDEEP:
MD5:	64141792105EA4861F9F33294D65AB81
SHA1:	506D9100CAA070005A890BD496DE64C437D6D008
SHA-256:	21758ED084CD0E37E735722EE4F3957EA960628A29DFA6C3CE1A1D47A2D6E4F7
SHA-512:	30E0A9AA84688AC093C09F2F41089C899BF4A9CA5138289D7A4DC64C54BA293936FB2EE6BA724894A09590509863EA7712B6055C28E61639DF4D34520B538759
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/common/react-dom/18.2.0/react-dom.min.js
Preview:	/*. @license React. * react-dom.production.min.js. . Copyright (c) Facebook, Inc. and its affiliates.. . This source code is licensed under the MIT license found in the. * LICENSE file in the root directory of this source tree.. /.(function(){/. Modernizr 3.0.0pre (Custom Build) \| MIT.*/.'use strict';(function(Q,mb){"object"===typeof exports&&"undefined"!==typeof module?mb(exports,require("react")):"function"===typeof define&&define.amd?define(["exports","react"],mb):(Q=Q\|\|self,mb(Q.ReactDOM={},Q.React))})(this,function(Q,mb){function n(a){for(var b="https://reactjs.org/docs/error-decoder.html?invariant="+a,c=1;c<arguments.length;c++)b+="&args[]="+encodeURIComponent(arguments[c]);return"Minified React error #"+a+"; visit "+b+" for the full message or use the non-minified dev environment for full errors and additional helpful warnings."}.function nb(a,b){Ab(a,b);Ab(a+"Capture",b)}function Ab(a,b){$b[a]=b;for(a=0;a<b.length;a++)cg.add(b[a])}function cj(a){if(Zd.call(dg,a))retu

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 400 x 77, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	12264
Entropy (8bit):	7.976693668160689
Encrypted:	false
SSDEEP:
MD5:	787B8DCD925A7B9F731FF39863AB27DA
SHA1:	2F893C42FBA6EC8993A7171A9FBC32AE106620AF
SHA-256:	3A52CB468D70267EA6F8790F81061D2FFBB4F0AE2EB2EC403FFA5EA6CCDC7325
SHA-512:	49C56C4B9F5878B7CC6E15CA838BFFEC6DD9C9624034A6303CA8BF8F90AE17257DF9BA1C3F26559FC6DF00E5031EED03FC8FB29EE364605EA1D569C674510AE1
Malicious:	false
Reputation:	unknown
URL:	https://in.xero.com/api/538xzi7jR6vpCOoeVZX9FI8QyXA91hfWBxTy9jvY/getLogo
Preview:	.PNG........IHDR.......M......h2.....sRGB.........gAMA......a.....pHYs...%...%.IR$.../}IDATx^.}.....~.W.5..x.;3.s.5G.=...."..HL.......g..1Qs'J4..;{..,.r...r.......!..r..}S5a]fg..Xv.~..}8.........!CF....0......qi..8.3r$..>...y'..t.z......1..N.P.\|]?r9.JJ..X...[..y...?].Y:.X....B..G..w.......ti.M..}....4.%..Qy..\.%..m.d{..'.....J.d..v.\..=.ic..H.n6..#....^C,.H!n(.^c/.>.2..E....:w.g.h.+,.V....q..OY..TX?y.Bw\|ty.J.N.51##A\Q.=2.R.....P ..c..[..i.ta@...E.&...:........0.....r..~.mXj...J.....8...Q^.,6e.^._.l\|..6...:d.._.:......R..!#_}...w.%..?\....\|.qt.5q...V>...Yw1......S...~C..K..$..DY....9..~,......A......}v..UF......uMb"F.....X.~b..o...ri[Z.............h...J...P.u...!..WP3..-.5....6ca..w^4@@\|1.........."...b.._q...r..a.I..h,..A...Gj"....'6..".h\1.S...........Xu.......V....aW..... 4`/....M..`..R..?!..v...'P.0(.X....d.. l.c..q.G;..........nP*n....!v.wM.w.v..l"ew.Z.{........k......U...........!5.....a.....U..7j"...m\.._........".v.:.P

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	14
Entropy (8bit):	3.6644977792004623
Encrypted:	false
SSDEEP:
MD5:	0CEF85A06BA488876294077160628616
SHA1:	85ED668F4B9369F661F9F5D07AF7FA56F568471D
SHA-256:	E7196C74A5271AB14B6DB5B0D9F1BD22622CB7FD9F5E426F2A4BB578EC268ABE
SHA-512:	E7F076037848AA802510F6B271EFB46FB09A305D2F5EB3CB873145174275FD7F06498AE11F09827213CFF86A0E5563F44F6477D41775CBE228A81FDE828A76E9
Malicious:	false
Reputation:	unknown
Preview:	Invalid Method

Chrome Cache Entry: 116

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	227843
Entropy (8bit):	5.426943373287834
Encrypted:	false
SSDEEP:
MD5:	31E53CC3A804A6014ED05D318D4310CE
SHA1:	121269CE2829A0E0C9909EBD5E04C04F86BB0A8B
SHA-256:	45DFAD3151CC1F748916DFB060584BB603AE394DA35752E689D2BAFEA19841A1
SHA-512:	BD40DBFCF3C769FD55DAC1971F01F9D0E39AF2E190F8F1C05280F9BFA3825FE7FC10EF1D184EE592350E5B939D8D977FBCEE44B9404C13D8ACDD43CCBD90A264
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/business/mybills/production/837.105aae41c2cc6739b850.chunk.js
Preview:	(self.webpackChunkmy_bills=self.webpackChunkmy_bills\|\|[]).push([[837],{82248:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.default={width:11,height:7,path:"M5.5 4.2L9.625 0 11 1.4 5.5 7 0 1.4 1.375 0z"}},10966:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.default={width:14,height:13,path:"M4 5.5l4-4L6.5 0 0 6.5 6.5 13 8 11.5l-4-4h10v-2z"}},44630:(e,t)=>{"use strict";t.A={width:20,height:20,path:"M10 20C15.5228 20 20 15.5228 20 10C20 4.47715 15.5228 0 10 0C4.47715 0 0 4.47715 0 10C0 15.5228 4.47715 20 10 20ZM5.8313 9.51435L4.54565 10.8L8.4026 14.6569L16.1165 6.94305L14.8308 5.65741L8.4026 12.0856L5.8313 9.51435Z"}},22664:(e,t)=>{"use strict";t.A={width:15,height:15,path:"M4 3h10c.5 0 1 .5 1 1.09v9.82c0 .545-.5 1.09-1 1.09H4c-.5 0-1-.545-1-1.09l.01-9.82C3 3.546 3.5 3 4 3zm0 11h10V4H4v10zM1 0h10c.5 0 1 .5 1 1.09V2h-1v-.91H1V11l1 .018V12H1c-.5 0-1-.5-1-.982V1.09C-.01.545.77 0 1 0z"}},81890:(e,t)=>{"use strict";t.A={width:15,height:15,path

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4706)
Category:	downloaded
Size (bytes):	4707
Entropy (8bit):	5.209342867580516
Encrypted:	false
SSDEEP:
MD5:	8F464F6B465E1BD7C723319B980B0A94
SHA1:	485EA8FC56E26ECFF4BB20354C3998CEB64D6766
SHA-256:	462EC91DA5F13557F7035D0BEB94E88EA21E41DD1576F1A5E1CA66CCE7FC6989
SHA-512:	2A62AFE2A43D00FA57830DDBE37E0002A99FC8006D44A8C2339888E173DC84F96B293D50E01EA0F09173A05EC9BF9DC6FF6B2E9E04CF20F4565B03BAE6F59CE4
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/i6m-wrapper/1.x/i6m-wrapper.js
Preview:	!function(){"use strict";const e=new Event("intercom-wrapper:script-loaded"),t=(e,t,n)=>{var o;null===(o=window.newrelic)\|\|void 0===o\|\|o.addPageAction(e,{kotahiId:t,deploymentEnvironment:"production",...n})},n=function(e){let t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:"";return Object.keys(e).filter((t=>null!=e[t])).reduce(((o,i)=>"object"==typeof e[i]&&null!==e[i]?[...o,...n(e[i],t+i+".")]:[...o,t+i]),[])},o=e=>e?{intercomWorkspaceId:e.app_id,intercomSettingsAttributes:n(e)}:{},i=async(e,t)=>{var n,o,i,a,s,r,d;const c=null===(n=e.user)\|\|void 0===n?void 0:n.user_id,w=null===(o=e.company)\|\|void 0===o?void 0:o.company_id,l=null!==(i=null===(a=e.user)\|\|void 0===a?void 0:a.custom_attributes)&&void 0!==i?i:{},u=null!==(s=null===(r=e.company)\|\|void 0===r?void 0:r.custom_attributes)&&void 0!==s?s:{},m={...l,...null!==(d=e.messenger)&&void 0!==d?d:{},app_id:t};return c?(m.user_id=c,m.user_hash=await(async(e,t)=>{var n,o;const i=sessionStorage.getItem(`intercom-user-hash-${e}-${t}

Chrome Cache Entry: 118

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Category:	downloaded
Size (bytes):	88751
Entropy (8bit):	5.414296471740167
Encrypted:	false
SSDEEP:
MD5:	69CB7809B5011312E716F29B3D19DCE6
SHA1:	833DABFB546D57065AEBA7190B5EE5A2428DFA47
SHA-256:	E039E607C78306C7E029A7FD0ECDB14F86456F16E1A5CE65AA26B4FDF1D38A3C
SHA-512:	4259C8F940CFE4B7EC384E5ABD855713DA7792A955A7B737B75E45E6559A90292ADE59D7CCAB381EA4C2D0FA5109B4ABD9BFA0887C05C9FB1A27469D5E198A69
Malicious:	false
Reputation:	unknown
URL:	https://m.stripe.network/out-4.5.43.js
Preview:	var StripeM=function(e){var t={};function n(r){if(t[r])return t[r].exports;var _=t[r]={i:r,l:!1,exports:{}};return e[r].call(_.exports,_,_.exports,n),_.l=!0,_.exports}return n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var _ in e)n.d(r,_,function(t){return e[t]}.bind(null,_));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=30)}([function(e,t,n){"use strict";(function(e){n.d(t,"a",(function(){retur

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (930), with no line terminators
Category:	downloaded
Size (bytes):	930
Entropy (8bit):	5.12292712843304
Encrypted:	false
SSDEEP:
MD5:	06BFCD88AF438673A8BF9B845A11AA6E
SHA1:	D024A745032CBE115526ABE648D9FA0F0A10A681
SHA-256:	947AC0903521F5ECEEFC90637C066306A8CA67466CCC188BB0107FB7CFB532D1
SHA-512:	6A37EA27F3AD16DE6BCB4C386D9F09962902AE2F2FDF76B6723CFF8155CD0B9D4504D1EA6ED3C4D5C9D49BE9C636EB9386BB13C9A787A71F02640A8EC939D180
Malicious:	false
Reputation:	unknown
URL:	https://m.stripe.network/inner.html
Preview:	<!doctype html><html><head><meta charset="utf-8"><title>StripeM-Inner</title></head><body><script>!function(){var e=document.createElement("script");e.defer=!0,e.src="out-4.5.43.js",e.onload=function(){var e;window.StripeM&&(e=window.location.hash,/ping=false/.test(e)\|\|(e=(e=e.match(/version=(4\|6)/))?e[1]:"4",window.StripeM.p({t:!0,v:e})),e=function(e){if(window.opener\|\|window.parent\|\|window)try{var i=((t=JSON.parse(e.data)).message\|\|t).action,t=t.message?t.message.payload:t;switch(i){case"ping":window.StripeM.p({t:!0,o:{muid:t.muid,sid:t.sid,referrer:t.referrer,url:t.url,title:t.title,v2:t.v2},v:t.version\|\|"4"});break;case"track":if(!t.source\|\|!t.data)return;window.StripeM.b({muid:t.muid,sid:t.sid,url:t.url,source:t.source,data:t.data},t.version\|\|"4")}}catch(e){}},window.addEventListener?window.addEventListener("message",e,!1):window.attachEvent("onMessage",e))},document.body.appendChild(e)}()</script></body></html>

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (630)
Category:	downloaded
Size (bytes):	10737
Entropy (8bit):	5.327237293204141
Encrypted:	false
SSDEEP:
MD5:	D86DCDBFED4C273C4742744941259902
SHA1:	98089A33D0CF2FA4B3E1BA9B7EEB9B8BA0AC82A7
SHA-256:	4B4969FA4EF3594324DA2C6D78CE8766FBBC2FD121FFF395AEDF997DB0A99A06
SHA-512:	F10E98F579D36CE13E24DBE3050C09D87F12F94578B80EA1891CA485DB48C83619D93A6B74D99639468A746CCE872AF8742CA4DBCECE7A36CFBF097B96B7EAAD
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/common/react/18.2.0/react.min.js
Preview:	/*. @license React. * react.production.min.js. . Copyright (c) Facebook, Inc. and its affiliates.. . This source code is licensed under the MIT license found in the. * LICENSE file in the root directory of this source tree.. */.(function(){'use strict';(function(c,x){"object"===typeof exports&&"undefined"!==typeof module?x(exports):"function"===typeof define&&define.amd?define(["exports"],x):(c=c\|\|self,x(c.React={}))})(this,function(c){function x(a){if(null===a\|\|"object"!==typeof a)return null;a=V&&a[V]\|\|a["@@iterator"];return"function"===typeof a?a:null}function w(a,b,e){this.props=a;this.context=b;this.refs=W;this.updater=e\|\|X}function Y(){}function K(a,b,e){this.props=a;this.context=b;this.refs=W;this.updater=e\|\|X}function Z(a,b,.e){var m,d={},c=null,h=null;if(null!=b)for(m in void 0!==b.ref&&(h=b.ref),void 0!==b.key&&(c=""+b.key),b)aa.call(b,m)&&!ba.hasOwnProperty(m)&&(d[m]=b[m]);var l=arguments.length-2;if(1===l)d.children=e;else if(1<l){for(var f=Array(l),k=0;k<l;k++)f[k

Chrome Cache Entry: 121

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 6952
Category:	downloaded
Size (bytes):	2705
Entropy (8bit):	7.924358202258972
Encrypted:	false
SSDEEP:
MD5:	9D14FC18A381C31EC40B46E504F00F2A
SHA1:	8F3BAEDAE6869A7F23AC6ABCA77EFC7A6CA610F6
SHA-256:	5FC82CB0F0F6AE96F56D660176866866F37B8B81DD740E914FAAF24ED052C26F
SHA-512:	0EDA68A0BD806E5AA22532587AFC0A6A6BCF4DAEB0A4D85413F15E2170D0ADF50103B55400F6ABE1293E5B76358B85C7B3FF57C720A83CCFD859E50ED89F9942
Malicious:	false
Reputation:	unknown
URL:	https://widget.intercom.io/widget/
Preview:	...........Y.s.8..+.wC.0..M...e..m.m.t..&..a.Pk,.,B....G..6....v..~.~.....mM.I..H...J......'}..3..y.!.Re.c&.2d.9M}{..%.....&4.1....J3........b2.x.6I.......[V1.Q..W.&.1..R).V;.%s'.1.uv..D..A..rYY.H.w.i..HA}......6.I.h..."b{.K.{..j.%[......~.....}sBO..z.:z...2....h5S.nd...'.oN.i..9....p.y.4....-...U....\...W..Q..g.9.G2er.{#...D....ha.....qsV.82O;..[9<...^...@....L,Qf...3x,h..fsV02,8..$..e.e....).Ce..i...L$l.S...4.$.Y.c.~.3)Wk.2I.9O......u9.tko.)..Z2...`tb..3&mRg....s...UK.H...@...5..OxH..2{....e.LzDD[..xb-..b..Qm..U..o..b..c._...p.....2.X..C.v..$.p..q...s7.,.iWJ..M.:.w\....^.6..8!y1E9hZ.[/.....4q.4.....l@'T.n.....n-A.c.9z.TiK.5_h......V3/F....nW)Y-...../~.......S.s.V.ET...p+..w3.(..\|.JX.Rhq.y`...j..c....".~A.b...w?.,..z.....].P.8...S..N..m.H.=. ....j.u...z..K.M-w6.k..c...}..3..t.......dF.....`....k.........z....BgU....jv).&..4..Z.VSbC`..i<...){..J.k..kd..;.....Z.....T...y..0.1.n.H...<S[....T...."..<="..L.B..bW1.o.M

Chrome Cache Entry: 122

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	368
Entropy (8bit):	7.12063513642207
Encrypted:	false
SSDEEP:
MD5:	032A0E2CAC13DFCA4A5AB55BDA676D7D
SHA1:	BAA4EAE01777B7EF91ECBE4DF00CE211976E8FCB
SHA-256:	7BCE0A5C00B7A985D2D4DDDE3578D9D03F521DE9176D63DD6C5338428E7F7D8D
SHA-512:	069CD41E52FEA3FD380C83CCC2AE3F3873D833D0EB417886C2067FCC70BF8EB87DDB44622293A2D37DBD4875E5FFD016F7E489078F74425683ACC5C38B58C6DE
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/business/mybills/production/favicon.png
Preview:	RIFFh...WEBPVP8X..............ALPHb....O.4.$5z`O.f.D>".l>j=...$[....>`......P@a.J......!..j.a...y.......U =$9...x...\|........?....VP8 ....p...........%..t........x...X..g..37.G.7...1...1........z"je ..)'...7.f0].:y.9...i..~.\Vk..t.l..?U..1.."........}x.x.k./.0.........>..RV....9q".B..4-.Ab.......H.ICDo...i...q........)...t...F.p.....+...so.H..F..3....

Chrome Cache Entry: 123

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	200
Entropy (8bit):	4.942373347667344
Encrypted:	false
SSDEEP:
MD5:	3437AADDCDF6922D623E172C2D6F9278
SHA1:	F69066CF20141AC93418102D3EEE7C0225B8A623
SHA-256:	35DCC382EB69D00369D708708CDC545F3968B68FA5BBE3E728D11FEDD04F93BB
SHA-512:	2DAE5C5C30C6A0E763D8128F2CE1D467EAD432E582AB4EBB68E23991DB08F57490ABC0EED805FD33FAB5503C1737D9D47D4CC1090AE15D7391593FBB295D66E7
Malicious:	false
Reputation:	unknown
URL:	https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Preview:	<!doctype html><html><head><meta charset="utf-8"/><script defer="defer" src="https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js"></script></head><body></body></html>

Chrome Cache Entry: 125

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	736512
Entropy (8bit):	5.605994514843957
Encrypted:	false
SSDEEP:
MD5:	6C2E6D8372562C55AF2CD8F27CCE78DB
SHA1:	528ED4B6C1552FCC5F54B471C513862333FCC6E6
SHA-256:	76E5A843C672DEED891886A4FE377D4213485B6D06CBBEF073207C67152213F7
SHA-512:	143C81A047DA4CDB6EDFA34F16A5F49D4A2F89D9006C9474DFC28198CD92134DD495FFD1B0F582E4251B47C9B8F9032D7B8263EDD8768CAE98136E4E7317B39F
Malicious:	false
Reputation:	unknown
URL:	https://js.stripe.com/v3/fingerprinted/js/controller-ba8b88b42c577bf2593713fee22d0114.js
Preview:	!function(){function e(t){var n=i[t];if(void 0!==n)return n.exports;var r=i[t]={id:t,loaded:!1,exports:{}};return a[t](r,r.exports,e),r.loaded=!0,r.exports}var t,n,r,a={94184:function(e,t){var n;!function(){"use strict";function r(){for(var e=[],t=0;t<arguments.length;t++){var n=arguments[t];if(n){var i=typeof n;if("string"===i\|\|"number"===i)e.push(n);else if(Array.isArray(n)&&n.length){var o=r.apply(null,n);o&&e.push(o)}else if("object"===i)for(var s in n)a.call(n,s)&&n[s]&&e.push(s)}}return e.join(" ")}var a={}.hasOwnProperty;e.exports?(r.default=r,e.exports=r):void 0===(n=function(){return r}.apply(t,[]))\|\|(e.exports=n)}()},62322:function(e,t,n){e.exports=n.p+"fingerprinted/data/countryRanges-a050ba825d2a602f9a70b3873de9738c.json"},8464:function(e,t,n){e.exports=n.p+"fingerprinted/data/countries_ar-7995ee218dfd37546f754bd73b67e2cc.json"},90342:function(e,t,n){e.exports=n.p+"fingerprinted/data/countries_bg-c9f7496faecf6cafdeb3cf831b179cc8.json"},32726:function(e,t,n){e.exports=n.p+"f

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3911
Entropy (8bit):	5.264244013382905
Encrypted:	false
SSDEEP:
MD5:	6FF4CB311970127BC2384CAE5DF38E46
SHA1:	0ACC787DC99B2E0B8410652A121725E85D58E92E
SHA-256:	9607AE35CA24B3DAED73E7D42CB1496328F8866DF45449FA9A4CF78AFCE88D83
SHA-512:	F5DE97111CCA187A1E131CE6028DE9136F9714D8DB6229009839AEA337A9D6A48F954317916BD7E7E4ABF5F4C12B52F867BEBA05B2B564CA6B554CDFDF4BCDC2
Malicious:	false
Reputation:	unknown
Preview:	{"status":"AUTHORISED","organisationId":"61aa96af-860c-4b37-9ddf-23eab4696190","orgLegalName":"HelloSelf (UK) Limited","orgName":"HelloSelf (UK) Limited","organisationAddress":"HelloSelf (UK) Limited\r\nHelloSelf UK Ltd, 3Space International House, 6 Canterbury Crescent\r\nLondon\r\nSW9 7QE\r\nGBR","orgCountryCode":"GB","documentType":"INVOICE","documentTitle":"TAX INVOICE","isPdfPreview":false,"isX4XDocument":false,"isRepeatingDocument":false,"showLogo":true,"logoAlignment":"Right","contact":{"id":"85c2f9fa-c8f8-4074-b736-6371582f5941","name":"PMI Excess - Megan Dobstaff","emailAddress":"megan_dobstaff@gensler.com","address":""},"documentNumber":"INV-83563","reference":"Excess \| 150679","dateString":"2024-04-23","expiryDateString":"2024-04-30","showLineItemsHeaders":true,"taxUnitName":"VAT","lineItems":[{"description":"\| AXA Pship \| Session ID: 150679 \| Appt: 11/04/24 \| Jasmine Patel \| Reason of charging: We have been unable to pay this claim in full, because of a member contribution.

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (7698)
Category:	dropped
Size (bytes):	2253154
Entropy (8bit):	5.1158709300874365
Encrypted:	false
SSDEEP:
MD5:	E14A7BD79268B13D573D87EC4F4A827E
SHA1:	A0E92663BBDA5FB39621A69684729250634F74C2
SHA-256:	EF47A5817CDC32EC4E1FE80C31483BB4559105B63770B390A5F4889EE941FDD1
SHA-512:	A0D89463C92E3BDA640AD00C6F76A91472363BB2396F538E5AA05D4635103A1AA38DCA61E76E41DB39236EFA01FFC8E36AD6CEBDD3C64C423B3FC43B1B9F72BA
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE html>.<html. class="MktRoot". lang="en-US". data-js-controller="Page". data-page-id="Home". data-page-title="Stripe \| Financial Infrastructure for the Internet". data-loading.>. <head>. <script>window.__capturedErrors = [];.window.onerror = function (message, url, line, column, error) { __capturedErrors.push(error); };.window.onunhandledrejection = function(evt) { __capturedErrors.push(evt.reason); }.</script>.<meta. name="sentry-config". data-js-dsn="https://7cd38b0eb2b348b39a6002cc768f91c7@errors.stripe.com/376". data-js-release="0a444c4de625ea1c6f405be75f6c34bf1f257500". data-js-environment="production". data-js-project="mkt".>.. <meta name="experiment-treatments" content="wpp_site_mobile_header_nav_redesign_v2.control.ursula.ea1edd5b-38de-4f58-bc0f-e0a8306a8695.a,acquisition_start_now_copy_change.control.ursula.94da6865-e5fb-423f-a774-1fe1f17491de.a,acquisition_mobile_sticky_nav_cta.control.ursula.abe7afbc-5e31-412c-8be8-78ac4a66586b.m,acquisition_top_ct

Chrome Cache Entry: 130

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	56
Entropy (8bit):	4.7509038602945655
Encrypted:	false
SSDEEP:
MD5:	5C0D2F592924CF8640BCC49B50E28E3E
SHA1:	430B6AC0493DEFEB5207AD1E2A8B25F14DD5363F
SHA-256:	A1245B1CDD24538FA2E4B17EC76D2AD453F0073A1E958368AEE3D63AE399B518
SHA-512:	79BF2ADAAEA81BDFEF053985B970CB31E512234A1EC10A71966FBE4D70698F1F1A223EB1E066E09C1696273A79D0F22AB598D15842CEA2D0F7D79BB1A45DCAA0
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwlpo5wA_K2ogBIFDVNaR8USBQ2_JFKQEhcJpEg3X7tu_5sSBQ1TWkfFEgUNvyRSkA==?alt=proto
Preview:	ChIKBw1TWkfFGgAKBw2/JFKQGgAKEgoHDVNaR8UaAAoHDb8kUpAaAA==

Chrome Cache Entry: 131

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 493458
Category:	downloaded
Size (bytes):	150799
Entropy (8bit):	7.998173297503546
Encrypted:	true
SSDEEP:
MD5:	B27B573E6B04DAED0B4144A6E206BA93
SHA1:	026B3BC8B3F967D7096191718F9B999C06A090AF
SHA-256:	70371467412BCA4624E5589F75D4A2BB10581E6C4C9CE9F2520AC9DA5A60DECF
SHA-512:	E1787EE13F039FA01B01EF018B70FF38C5BC179EF3AEEA19E013C4DFD308D628FE9BDF91AD9B5BD47489BA1C061E68DFC9A03BA10CE28534516DB2FEFF9C4756
Malicious:	false
Reputation:	unknown
URL:	https://js.intercomcdn.com/vendor-modern.07772018.js
Preview:	...........i{.8.(....6'.!#Z..2...T.v.gb...**=..I,S.BR^.....9X..r......X.....8...oo....0..(e[A4.....q.....Q)c[.,..dw..,......N.}..#m..x}....g[...?s..#/...i......l...Q.q<......Z..Vs.Lgf...........c2;.#.}.h,.oY..3.{9......&A.>&.%....p.......a?.z.9.........<>.o.Xv.....O;.-...1b..p..a...V.qP...3#...^..A'.B.N..........=.^.^.X...2..HS.Y.lg'l..I......d..Zc..}..N...=vey>z.:n........ ...1.W...Ys<..0g/3.......e.$.t"k.]....+j.8..<=q..z]...U..z.0...`..d....u....g...V......^E...Q...e....9...k..8Y3].Af..&.....z...\|i..o....Z`VL.>...0..y..V+c..F...\|.E.hv..3...;2Rb........B."<......Q...&.....s..y>.K.b..Y.p.B@.8y....f.!..^..y...5.Q...V.e.x..8.._..c.JNlS.2kNY.2...-3f...-.@c..AX.a.g....a.....@......5......Y....s%M.V.5q.A.1\Nar-sl.i..c...E.(.ys.U....c..........K....K. .0wNd.3..`6.......S...p<;..1..._;]0.?@....R.l.Y....)...<.E.....I...&.C.._...h.b...&C...W.m7.n1..J~.3.....8K....Q.r... .$!2K..X.F........h.jJ.H..P#0..........\....).@..".1......C.v.N

Chrome Cache Entry: 132

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	144
Entropy (8bit):	4.54178832719941
Encrypted:	false
SSDEEP:
MD5:	F447C440ABF2B8AF203938329FE494F8
SHA1:	3E071AE6400D84FB2EBE38EAEE60E1161D9F4556
SHA-256:	11BBA994684E05187E8CB291F03254CE7810FB3EABBC900299F078F2E584550F
SHA-512:	BC05CEC72D8512A1CE483156BDCD963199EBFFD224D991AABAD638D3FA075CD7C96E20B20B85C7224925B8263143772174B3BC824EA258C0B196C83E03007C9F
Malicious:	false
Reputation:	unknown
Preview:	{"errors":[{"code":"media_type_not_acceptable","message":"The Accept header should send a media type of application/json"}],"type":"error.list"}

Chrome Cache Entry: 134

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (391), with no line terminators
Category:	downloaded
Size (bytes):	391
Entropy (8bit):	5.005217072551161
Encrypted:	false
SSDEEP:
MD5:	BEECCCFC8D2D565628A0AC8E67601C4A
SHA1:	186FFC872ED3B2B4FCE883EEFAAEE2708C3F75C9
SHA-256:	E4AD504BFE2CA3811BC2426DF6314C97676314A42226CA21872D3AADFA579856
SHA-512:	F96F59D101FB02BFDAAF538A1C0319418142AAB8CC5E1F4F28A0AC49383516D85EE7C32DC863DCB5740E1E8E097BFCD05D5661BDD66A718DC12C6EBB799ED40F
Malicious:	false
Reputation:	unknown
URL:	https://js.stripe.com/v3/controller-with-preconnect-beecccfc8d2d565628a0ac8e67601c4a.html
Preview:	<!doctype html><html><head><link rel="preconnect" href="https://api.stripe.com" crossorigin/><meta charset="utf-8"/><script defer="defer" src="https://js.stripe.com/v3/fingerprinted/js/shared-35c77bd82d366601c664789c5f20b551.js"></script><script defer="defer" src="https://js.stripe.com/v3/fingerprinted/js/controller-ba8b88b42c577bf2593713fee22d0114.js"></script></head><body></body></html>

Chrome Cache Entry: 135

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (419), with no line terminators
Category:	downloaded
Size (bytes):	419
Entropy (8bit):	5.202982003769001
Encrypted:	false
SSDEEP:
MD5:	4C0D839A05613B0F5D6F591F2FF1422C
SHA1:	0B14D4DB020F70EBE4F618E557DA36565BE13089
SHA-256:	7046E325BEE6E4FFD4581616A2B76772F5749FBD45EB77998A1B5810ED476D2E
SHA-512:	46E3F971CBC214CAE62F77AC0567F40C01F17BA4E359CB4DDAAD2D26A9AEA53CC0B0F124DE3BBB0E1802F838EF4875C47B76D08F635A57D414EC2A9FBDB0B7DE
Malicious:	false
Reputation:	unknown
URL:	https://b.stripecdn.com/stripethirdparty-srv/assets/v20.25/HCaptchaInvisible.html?id=221e024c-4494-4f55-aeea-7c188f7b254a&origin=https%3A%2F%2Fjs.stripe.com
Preview:	<!doctype html><html><head><script src="https://hcaptcha.com/1/api.js?onload=captchaLoad&render=explicit" async defer="defer"></script></head><body><div id="root"></div><script src="vendors~AddressAutocomplete~AffirmInContext~AmazonPayButton~AuthMap~DemoPayButton~DynamicMap~GoogleA~35711e2c.292fe004c7b932cf1066.bundle.js"></script><script src="HCaptchaInvisible.b27e55a4db75cd3e653a.bundle.js"></script></body></html>

Chrome Cache Entry: 136

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (29919), with no line terminators
Category:	downloaded
Size (bytes):	29919
Entropy (8bit):	5.536630461545264
Encrypted:	false
SSDEEP:
MD5:	930AC9802BF439125EF5999945F2C2DA
SHA1:	3EC7B1E7155CA9C8F9F9ABD56D25B1D997590D54
SHA-256:	5F1A7A24206F089ADCD2F4FABA07E77E075C85FF88ABEE9465CCCA2C2AF3686F
SHA-512:	1710A150634AEF2A6E9644E2995944B244749DB16D66F1AF92DB5415978C69061CDF5AD7C448613AF4EC24923DBF7126255DB2298ECF71BACE202253DC9591AC
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/business/mybills/production/638.b07420b55d4b65b7f045.chunk.js
Preview:	(self.webpackChunkmy_bills=self.webpackChunkmy_bills\|\|[]).push([[638],{50193:(e,t,a)=>{"use strict";var n=a(41594);var r,i,l,o=function(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}(n);t.rs=void 0,(r=t.rs\|\|(t.rs={})).INITIAL="initial",r.PENDING="pending",r.REJECTED="rejected",r.RESOLVED="resolved",t.oY=void 0,(i=t.oY\|\|(t.oY={})).LOADING_STATUS="setLoadingStatus",i.RESET_OPTIONS="resetOptions",i.SET_BRAINTREE_INSTANCE="braintreeInstance",t.ul=void 0,(l=t.ul\|\|(t.ul={})).NUMBER="number",l.CVV="cvv",l.EXPIRATION_DATE="expirationDate",l.EXPIRATION_MONTH="expirationMonth",l.EXPIRATION_YEAR="expirationYear",l.POSTAL_CODE="postalCode";var s=function(){return(s=Object.assign\|\|function(e){for(var t,a=1,n=arguments.length;a<n;a++)for(var r in t=arguments[a])Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r]);return e}).apply(this,arguments)};function c(e,t){var a={};for(var n in e)Object.prototype.hasOwnProperty.call(e,n)&&t.indexOf(n)<0&&(a[n]=e[n]);if(null!=e&&"function"==typ

Chrome Cache Entry: 138

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	75
Entropy (8bit):	4.094537025438351
Encrypted:	false
SSDEEP:
MD5:	A43C7AC772122FE4D977D94876437F2A
SHA1:	CA7B2EF2734369BB815A7CFA49FFFA5C55BE8635
SHA-256:	029918E68AAC864A6F19969163941C2F437015C3ABC4A448CF35D7F2A0452955
SHA-512:	EF51F0915131A17F7AD354CEDA7C112F05E60438520F4304E3D72E58D9C97F9D4712AB125C7AD71381E3CF7AA5DD2F30D0DE4939D97AC2EF692A2A1DE215651F
Malicious:	false
Reputation:	unknown
Preview:	{error: {message: "The request returned an error. We have been notified."}}

Chrome Cache Entry: 139

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.208966082694623
Encrypted:	false
SSDEEP:
MD5:	89BE93E81169A3478F5B92F3C91AF580
SHA1:	C62E2852B394952919463742831CB4C66CCA1C8B
SHA-256:	77C5F518D3925E0083F47A20572ADB178B2204D07FAA396A2E3B0AFD803155B9
SHA-512:	0F837CB5A3E3C67CFE10B21FB4965A1B39E4C10CEA9137D03A9D5B743B6F36A02CDE5348752D59C0BF28F9CFA0163D99A7767CCE9255500E5C3E15EA1F74C173
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwmkSDdfu27_mxIFDVNaR8USBQ2_JFKQ?alt=proto
Preview:	ChIKBw1TWkfFGgAKBw2/JFKQGgA=

Chrome Cache Entry: 140

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.459147917027245
Encrypted:	false
SSDEEP:
MD5:	BC32ED98D624ACB4008F986349A20D26
SHA1:	2D3DF8C11D2168CE2C27E0937421D11D85016361
SHA-256:	0C9CF152A0AD00D4F102C93C613C104914BE5517AC8F8E0831727F8BFBE8B300
SHA-512:	71ACC6DA78D5D5BF0EEA30E2EE0AC5C992B00EFEC959077DFE0AB769F1DBBD9AF12D5C5C155046283D5416BEB606A9EF323FB410E903768B1569B69F37075B4E
Malicious:	false
Reputation:	unknown
Preview:	GIF89a.......,..........

Chrome Cache Entry: 141

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (36028), with no line terminators
Category:	downloaded
Size (bytes):	36028
Entropy (8bit):	5.13737983213806
Encrypted:	false
SSDEEP:
MD5:	7682536729AD9EA1A4DC8E24F4C7568A
SHA1:	52E6D0BBA139CEAF735A3A328F3A458B1450DFC9
SHA-256:	40F537631A8EA71038827C57D604891F13938A49F5208B495D587FCB48AE6B4E
SHA-512:	4D9BA1EC61B84F0417E57BA180F3692D625C4F8E86F2BE2F9B0FD1E4D416837BD18A4A8A0C2150653BF95F8A667C3A0161AEE7CD4CB920B47B3FB713F024BB3E
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/business/mybills/production/IndexRoute.5869f81b5c3105141012.css
Preview:	.my-bills-DeletedQuote .content-wrapper{height:409px;max-height:330px;padding:40px 21px;width:358px}.my-bills-DeletedQuote .subheading{font-size:15px;line-height:24px}.my-bills-DeletedQuote--copy-container{display:flex;flex-direction:column;height:100%;margin-top:19px}.my-bills-DeletedQuote--illustration{padding:0}.my-bills-Footer{width:100%}.my-bills-Footer--logo-text{color:#59606d;font-size:.8125rem}@media screen and (min-width:600px){.my-bills-Footer{padding:0 20px}}.my-bills-AcceptQuoteAction{margin-right:4px}@media screen and (min-width:600px){.my-bills-AcceptQuoteAction{margin-right:6px}}.my-bills-ActionStatus{font-weight:700;width:-moz-fit-content;width:fit-content}.my-bills-ActionStatus h1{font-size:21px}@media screen and (min-width:1000px){.my-bills-ActionStatus{margin-top:4px;padding-bottom:4px}}@media screen and (min-width:600px){.my-bills-ActionStatus{margin-right:12px}}.my-bills-ActionStatus--accepted{color:#00823c}.my-bills-ActionStatus--declined,.my-bills-ActionStatus--d

Chrome Cache Entry: 142

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	719
Entropy (8bit):	5.82554034087803
Encrypted:	false
SSDEEP:
MD5:	7758BD88BB4C7D2E2BF13EF8BD74EAF1
SHA1:	1A154470FF44DB6D4AE749425E492D78D0BEF796
SHA-256:	3E43D8BE8C818708C2B2363D9FE387C71B3FB4C86308BDAA0C28818DA363E037
SHA-512:	B2DC9DB961B4D3115AF194F53CB8149E0364A557D91FBEC9E1C0100BBE3A9957E35E36E30E1FD690FD90D33E4B52073C82046570BBF134F52546888047DBB77C
Malicious:	false
Reputation:	unknown
Preview:	{"features":{"custom_theme":true},"c":{"type":"hsw","req":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmIjowLCJzIjoyLCJ0IjoidyIsImQiOiJGeU8yU1Y1SVhVSVFKZVVYdnBDZU9VZlBCWVNsNEdQMkxYSFF3ZU56ZkhWV09HaHlBVlBCeWQ0d0h5dm01T0lRVzV2L21oZUcxaEZucm5GcU8yWFR5b2taZVB3MEtxV3pGWnMwRHVyNFdabWFBakQzbDJ1eGVMa3Y1UW9mQ1c3dWllN0N5Tm9JaEdiT3dtME11bDBDUWhRT1ZVdGZQeW5reVhBZzM1YmhZdmRWNTk1TTQrVTNJM3FpN2hLcDlYWTJDY1EyR0c0QnFRb1VxbU43QjlvM3k2N3JzSWR4dmlzVHVwOVdOVGlSaDY1MUV0TldKZ01oOVYrN3AzVldVY2c0IiwibCI6Imh0dHBzOi8vbmV3YXNzZXRzLmhjYXB0Y2hhLmNvbS9jL2U3OGEzOGMiLCJpIjoic2hhMjU2LW9xYmpSd01LZVV5Z2l2U29SVlhVWnYvckNZMThDYXZuYUZIMXZvU2wyZ2c9IiwiZSI6MTcxMzkwMTg0NywibiI6ImhzdyIsImMiOjEwMDB9.CReotMsDdc2sEx7t-WNDp_1jw7Be_BeD6GHj6SRF-YI"},"pass":true}

Chrome Cache Entry: 143

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Category:	downloaded
Size (bytes):	210623
Entropy (8bit):	5.2657612513849426
Encrypted:	false
SSDEEP:
MD5:	F1293D9665CF5713B80B2FB0FAB4A84E
SHA1:	A8C21E2D2531F842F02B75A141B2123DF17C6A9D
SHA-256:	573C961FFC4C9ED4FFD7693640512ABCD9A31736CFD49B3EAE812DFBDB3060DB
SHA-512:	4545174F1495ED729AB956F9CFC5C67FC1549A2AA9E8D0F2D3841300F989781A51337769C2B5FB3C5E5B14B9F7A185D4CECF56D15D72AAA5EA6287B05450E826
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/identity/client/1.1.13/identity.js
Preview:	!function(){"use strict";function o(t,e){var r,n=Object.keys(t);return Object.getOwnPropertySymbols&&(r=Object.getOwnPropertySymbols(t),e&&(r=r.filter(function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable})),n.push.apply(n,r)),n}function c(n){for(var e=1;e<arguments.length;e++){var i=null!=arguments[e]?arguments[e]:{};e%2?o(Object(i),!0).forEach(function(e){var t,r;t=n,r=i[e=e],e in t?Object.defineProperty(t,e,{value:r,enumerable:!0,configurable:!0,writable:!0}):t[e]=r}):Object.getOwnPropertyDescriptors?Object.defineProperties(n,Object.getOwnPropertyDescriptors(i)):o(Object(i)).forEach(function(e){Object.defineProperty(n,e,Object.getOwnPropertyDescriptor(i,e))})}return n}function M(e){return(M="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e})(e)}function I(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class

Chrome Cache Entry: 144

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 35428
Category:	downloaded
Size (bytes):	11457
Entropy (8bit):	7.9808081927848935
Encrypted:	false
SSDEEP:
MD5:	549D63DC73C5770CA6C7ACD1ABDEAAA1
SHA1:	FB9655A72C0F8CEA5DAB9693F1BF14048023AAE2
SHA-256:	53BCEF9ED6F1D7D241585FF81D0B45E4251C7962EAE0E847088C21F9FA1C24CD
SHA-512:	5A61A05E8B7474A36DCE1D0AE3AA307D720D476503498921E99617621BBACBDF942D24C7EA4E3CD6786FF1E45847A2BD50C29D6AFE841947DAE7869C06B420EC
Malicious:	false
Reputation:	unknown
URL:	https://js.intercomcdn.com/vendors~tooltips-modern.8e0f853f.js
Preview:	...........}ms.6.._.y:....9I..ql.IO..q.&..NJS.."U...Z..ww.. E9Io.9..3..I.c..X..u._y..4H;..j..7..Et.D.H.x..S.?_d.....\|.N....G.....GO.>vm.2..\|g-R..fI.gVo.%{.KX........g.,...1.\|8..U.?.-..:..w?.......~........._..x..&...8..s'..3..LD..x..S..q..b1,t)VE.C(Q~Z..Q.M.......5...l.8.2/.Rl..5.d..q-V.!...t...;.Ycw/.H.7zS....#{.7h..C.....y...5./...q..c9Z..3.B..F[~...i...#.^..W.R..V_......x.6`.w.q.....f+.~.V...[........d3..DN._.......dll.2.S+.Tp.H.rY.U&?.3..6._...0....o....,X...'..............i..DYt0.....VqX..jQ..#..n5.="]..Pp.\..]....E...\..s.....S.&zU.3xqI=.._^^..8G\|.5.pH..>.8...H.F@o.....i..F...`J.N..,..R....O..w..G.v...ut18.....~..^......../1.../.......z......tp.u...N...#.h...k.....q...vp...z~...y..8#............t...[......Y.,H$.Q.O..<.^l.....T.Zd..m..L.`.m..S.l.3W.....,.2q.v.\|......n".E..ye..5&G...#....7../.0..Q....Z..>...&.....y.o..p._7..YU....................l...m..~" .i..!i.3...RHGV+......g{.u-...$:i.........p..7..y..Da...U..$..0.2n.(.t..[....

Chrome Cache Entry: 145

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	176
Entropy (8bit):	5.0830039192559076
Encrypted:	false
SSDEEP:
MD5:	96F5B26D366F47393B3FF36FE7471474
SHA1:	6CAA14FF7E3692BEB752734C28CBEA160C113B7A
SHA-256:	07B6B3D899DD69C0E9EB463E23E10E30E82588EDDF95D15D45BB505C6703A813
SHA-512:	970801461D6E12D7C14752B7844F1C0347650897A8C9C1540BD0CE49CABCFBF760A9B6B891DA828537F6AD49099608F205E5D47149CB71043DC9915E215E8574
Malicious:	false
Reputation:	unknown
URL:	https://js.stripe.com/v3/fingerprinted/js/trusted-types-checker-efd8cf45ce422659c098993bfc62531b.js
Preview:	"use strict";(window.webpackChunkStripeJSouter=window.webpackChunkStripeJSouter\|\|[]).push([[913],{9554:function(e,n,r){r.r(n),r.d(n,{loaded:function(){return t}});var t=!0}}]);

Chrome Cache Entry: 146

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65530), with no line terminators
Category:	downloaded
Size (bytes):	617854
Entropy (8bit):	5.3597518902690675
Encrypted:	false
SSDEEP:
MD5:	0909739FC5EED96F5F374478E42F3AA6
SHA1:	0D05EC145BF2F6670D10BEC629D379F87D4FF973
SHA-256:	6E04C6B3BBC03B3BB9C2D9ECB538DA8CCBADCD8DB5DDEE48997BCFBA912450EB
SHA-512:	3F94E1DAA825351479D3EF09AD2212344B89DB1D813FC608BBBE9CE90CDAF509946FECFAE898122DF94C74F911D5FB91DF5600525EE4CA4CDEE6C147F757839E
Malicious:	false
Reputation:	unknown
URL:	https://js.stripe.com/v3
Preview:	!function(){function e(t){var n=o[t];if(void 0!==n)return n.exports;var a=o[t]={id:t,loaded:!1,exports:{}};return r[t](a,a.exports,e),a.loaded=!0,a.exports}var t,n,r={723:function(e,t,n){"use strict";function r(e){l.length\|\|(i(),!0),l[l.length]=e}function o(){for(;d<l.length;){var e=d;if(d+=1,l[e].call(),d>1024){for(var t=0,n=l.length-d;t<n;t++)l[t]=l[t+d];l.length-=d,d=0}}l.length=0,d=0,!1}function a(e){return function(){function t(){clearTimeout(n),clearInterval(r),e()}var n=setTimeout(t,0),r=setInterval(t,50)}}e.exports=r;var i,c,s,u,l=[],d=0,p=void 0!==n.g?n.g:self,m=p.MutationObserver\|\|p.WebKitMutationObserver;"function"==typeof m?(c=1,s=new m(o),u=document.createTextNode(""),s.observe(u,{characterData:!0}),i=function(){c=-c,u.data=c}):i=a(o),r.requestFlush=i,r.makeRequestCallFromTimer=a},5937:function(e,t,n){e.exports=n.p+"fingerprinted/img/abnamro-4445e65420800f96f68cfc67a273f66b.svg"},1520:function(e,t,n){e.exports=n.p+"fingerprinted/img/asn-3d9b1bbff2f8f12105510992dbb37ae8.svg

Chrome Cache Entry: 147

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Category:	downloaded
Size (bytes):	571166
Entropy (8bit):	5.538028208780883
Encrypted:	false
SSDEEP:
MD5:	AA506978B16DC4EEABE7C31473ED8DAA
SHA1:	9999C9B4B9FB0369F7E5C337D8DDE3F229271AD3
SHA-256:	FBB7940C873CED91C1146BFA2821132025D4F4D91F5F66ABF190925860DBCE62
SHA-512:	263B0C8016BCE44ED2DD69A418AA8C18B07A3C974D7466D48ADB745D09063C90ABEC65D7AD5C60B645B76E3BCF65D0222B7B40BAD4A39A11D6362192843C20C3
Malicious:	false
Reputation:	unknown
URL:	https://js.stripe.com/v3/fingerprinted/js/shared-35c77bd82d366601c664789c5f20b551.js
Preview:	(window.webpackChunkStripeJSinner=window.webpackChunkStripeJSinner\|\|[]).push([[3712],{10723:function(e,t,n){"use strict";function a(e){c.length\|\|(i(),!0),c[c.length]=e}function o(){for(;p<c.length;){var e=p;if(p+=1,c[e].call(),p>1024){for(var t=0,n=c.length-p;t<n;t++)c[t]=c[t+p];c.length-=p,p=0}}c.length=0,p=0,!1}function r(e){return function(){function t(){clearTimeout(n),clearInterval(a),e()}var n=setTimeout(t,0),a=setInterval(t,50)}}e.exports=a;var i,u,l,s,c=[],p=0,d=void 0!==n.g?n.g:self,y=d.MutationObserver\|\|d.WebKitMutationObserver;"function"==typeof y?(u=1,l=new y(o),s=document.createTextNode(""),l.observe(s,{characterData:!0}),i=function(){u=-u,s.data=u}):i=r(o),a.requestFlush=i,a.makeRequestCallFromTimer=r},64198:function(e,t,n){var a=n(12897);e.exports=a},14771:function(e,t,n){n(80290);var a=n(5379);e.exports=a("Array","fill")},9554:function(e,t,n){var a=n(64198);e.exports=a},24883:function(e,t,n){var a=n(57475),o=n(69826),r=TypeError;e.exports=function(e){if(a(e))return e;th

Chrome Cache Entry: 149

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	369
Entropy (8bit):	6.872823617470407
Encrypted:	false
SSDEEP:
MD5:	B42CB6EDE27D2B5BE4F43C79AB30B9F3
SHA1:	152DE95E673E17E835D94B714555C76F91FD8F16
SHA-256:	6F59F3FEDCC6D879B48025E6ABCCCCC0934818DBE3148419DBD8D62C7C744E75
SHA-512:	A8AF5ABB91BBBF1F6A54FEC64CE40F8D8403EA5143FA61645031DF1C09B07C59FF25CDD063E2B9D8171037809C1654A30069A941E6EF166E86DE2EDA9C7155F1
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............(-.S....PLTE<..<..<..<..<..<..<..<..<..<.....h..o...........R.......~..o.................u.....r.....p....................q.....=.......S.....E.......j....tRNS.F... ....^....orNT..w.....IDAT..e....0.E..6:.).... *....s&..........Rp.?...U....._.p.ry=........U...fk..C...l.g.....s}..[..;/\...W...>B....1.:)..?.....g~.....IEND.B`.

Chrome Cache Entry: 151

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (41625)
Category:	downloaded
Size (bytes):	387091
Entropy (8bit):	5.502271359574146
Encrypted:	false
SSDEEP:
MD5:	052BF4ABB4128EF78B68C418F7D94678
SHA1:	2B6C44A8CC009017A2909C7AFD71E371E82B7D27
SHA-256:	01908359050DA30C842F89D13AF0447BE961B00B67B46EB61114D1FA48F1BDC9
SHA-512:	FFDE2BB8EA29B67335C886C9E631EC48FCE0EF29E381B0302C40656233B5C3BACBE63CB0C7AB79E0ADE96F8880121B738111031921F1F22CD4131E30911FBFA1
Malicious:	false
Reputation:	unknown
URL:	https://hcaptcha.com/1/api.js?onload=captchaLoad&render=explicit
Preview:	/* https://hcaptcha.com/license */.!function(){"use strict";function t(t){var e=this.constructor;return this.then((function(i){return e.resolve(t()).then((function(){return i}))}),(function(i){return e.resolve(t()).then((function(){return e.reject(i)}))}))}function e(t){return new this((function(e,i){if(!t\|\|"undefined"==typeof t.length)return i(new TypeError(typeof t+" "+t+" is not iterable(cannot read property Symbol(Symbol.iterator))"));var n=Array.prototype.slice.call(t);if(0===n.length)return e([]);var o=n.length;function r(t,i){if(i&&("object"==typeof i\|\|"function"==typeof i)){var s=i.then;if("function"==typeof s)return void s.call(i,(function(e){r(t,e)}),(function(i){n[t]={status:"rejected",reason:i},0==--o&&e(n)}))}n[t]={status:"fulfilled",value:i},0==--o&&e(n)}for(var s=0;s<n.length;s++)r(s,n[s])}))}var i=setTimeout,n="undefined"!=typeof setImmediate?setImmediate:null;function o(t){return Boolean(t&&"undefined"!=typeof t.length)}function r(){}function s(t){if(!(this instanceof

Chrome Cache Entry: 153

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 210938
Category:	downloaded
Size (bytes):	54058
Entropy (8bit):	7.995302937615491
Encrypted:	true
SSDEEP:
MD5:	E3F42890FD479DD5F9E7CE2B13595746
SHA1:	BF417574CEF96258C8B80637AFD7C4C843288653
SHA-256:	3EF5E13ABA749410B0144B37E79C5D8475E2BB565F7D92671490A5036AB81C5A
SHA-512:	C6F035D05A04DCD9A82EBA207A9CAAF80547DB26FB60A06BD59B8D103A518DE5CE59388D8AD51CCFCE6C2AE1DA048D24A2904EBF3BBA32CB3E72F9659A26DDC8
Malicious:	false
Reputation:	unknown
URL:	https://js.intercomcdn.com/app~tooltips-modern.a27940de.js
Preview:	...........z.F.(..6...&.(.V...3.m....dS...4.Jb(..g......q..$3.s.... .....{Y....$.&.uR....{.s..Kwr}>_..^..h...?......`;.U<...?.....f..t..:g.........9....U...7Q.Z.%0...[...j.(...{..<x..s.f..m.:m...x..t.6..q.?nwl..c..k..'.0...dTo..9[.ukL.Yl....O..ou........x.....8..<...w.8..i.b..m.J.j.b...F..,....{..z..w.C/.7.~8.>Y...\...m{yw2YE14..i....;.Vq:.F.].a...d..a..5.v...{W.p..e.{.....n...........z.7..$\6\|>KT_]hN~..0.E...b.s.L\|7._....m.v.._..Ch6iL.?.......@...W.\:...M..W..M.../..>.$\|:..2..>L.pB...oaf.0H.....o6a.....6....l.0.e...'.8g.{./.7.....;...i..p.uk.`.5....{k.z..e.......@x.@..79...Y0..p..7c.,W...i...o.F:..;A.......f..D{%.$P...&.Y..{.~U.Y....$........&..Aik=.3w.''....3...a..&...%...8K.$`F.%.h.p...h..@Cc.6.jWH.t....^ ..0..>r..G......8...+.... ....v8..S..P_.hw....F.R....}o.{qzk.........rz'!..%.a..FwB....o.x....L.Z..%.#A...3ZM.0.;...M.Zr..;.$....>?......rQg....6a.ae.3.m...vD..Q..O"..^eko....G..w.....xx....24....j...i.L".....P.

Chrome Cache Entry: 154

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	294433
Entropy (8bit):	4.919897960135226
Encrypted:	false
SSDEEP:
MD5:	2D6E56E859C536646B2F1A76684E2227
SHA1:	374864AE4D33D9F9CA6941DF489A4CEDC4A572F4
SHA-256:	BAFADF9C618FB3D866385426D8AABCBDE2E9983CDC3961CCC2A676A7D1EE438A
SHA-512:	A16B9A803D4BB71B59BC517EAE889472AC87E6536BC9E8B7A5807CD32D34164DE53F6AE4C075E08A633A81146D92BF9FBC2F3EB3B6D7B13FECE5CD6DFA98A417
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/style/xui/22.0.0/xui.min.css
Preview:	html{font-size:100%;-webkit-text-size-adjust:100%}*,:after,:before{box-sizing:inherit}body,form{margin:0;padding:0}label:hover{cursor:pointer}input[type=number]{-moz-appearance:textfield}input::-moz-focus-inner{border:0;padding:0}input[type=number]::-webkit-inner-spin-button,input[type=number]::-webkit-outer-spin-button{-webkit-appearance:none;margin:0}input[type=search]::-webkit-search-cancel-button,input[type=search]::-webkit-search-decoration{-webkit-appearance:none}input:-webkit-autofill{-webkit-animation-fill-mode:both;-webkit-animation-name:xui-animation-autofill}textarea{overflow-x:hidden}table{border-collapse:collapse}button::-moz-focus-inner{border:0;padding:0}a{color:#0078c8;cursor:pointer}a:hover{color:#003c64}a:active{color:#002a46}a:focus-visible{color:#003c64}.xui-html{height:100%;min-height:100%}.xui-body{font-smooth:antialiased;-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;font-size:var(--x-font-size-medium, .9375rem);line-height:var(--x-line-heig

Chrome Cache Entry: 155

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 729 x 733, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	11377
Entropy (8bit):	7.890567209099171
Encrypted:	false
SSDEEP:
MD5:	4B2AB93362B5F9558F994FDF12E3CA7C
SHA1:	F74E8BE1B8F85457ECDB8BDD8C9646D497257D4E
SHA-256:	786ECD2A5D662201E7F7C7F829763E5B39166453C1C33B253CBF9FE306EE24D9
SHA-512:	5869117D8F4E6C909B2CD74EDA12CCA055A733031E1E21667101C03E1D35FF9457E447A40D9A7777A2709F26D5D03E79C0EEBABFA8AC880368661F3C5243AF4D
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................fPLTE......................................................0..@.......p....... ........P..........`.............tRNS...@.p0...` P...n.m.....orNT..w...+.IDATx...b*;.E.y...!!...Ov.3e(.-Y.........P.........................................S....>.71....\|.JX.w.....h2......t.o..r<^.Fkk..........f<...............F......I.7..~.c...A.....c....Te9ie.b...A.........".l2.Z...]R.W..30.g7.oZ.....?.u.t53......Cn..7..Q...{rb...!.w...R.C....q......z[..Q.b..n............=.^.Zd..n..k.a.....-..@2.O<MYZ.w.Hv.p......M..........+..z.u.....K...n&.CJ.......tMk'r[.w.h\|..6.A.!.u.....sI.+....?\|{..q..-.......>.N%....h.....3.l.U..nY}........^vx...fR7+......W..ZWdVsK.u.......,..n..............K._.0...Q.Y.x.......Z&g....8...l.!M.'%.v..!..s....n..jH......]6{..:.n....5{....n.4..6..f.k::n[..M..5....M......v.lx.....v.lx.....v.lx]....v..)..f)V.6.;fc^F....kS.b.pi.Dg..'.6.#f..>D...^wkS;a.......ou.6..f. ...4.6..fc..n..-A..GY.mmj...!.Ve^

Chrome Cache Entry: 157

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	116946
Entropy (8bit):	5.279696046452288
Encrypted:	false
SSDEEP:
MD5:	74E21B04FC13EFE6E788FCA7016AE74C
SHA1:	3C5E9F21E9403DE9F59A6339DA92C41289E44ED4
SHA-256:	FA38EEBB1ECA7C94241152AE35CEC12209D942905DC49F6D00DBE50636441258
SHA-512:	69F3F17E58E2409C8EACF756429411F6AD127BC3B6E96C7E0CDC7A63199E0CE9BF66DE6909B6DCF3C92DC07D71FFA9039F19CBB5B8AEED6DE1DB47399FAF21C6
Malicious:	false
Reputation:	unknown
URL:	https://b.stripecdn.com/stripethirdparty-srv/assets/v20.25/vendors~AddressAutocomplete~AffirmInContext~AmazonPayButton~AuthMap~DemoPayButton~DynamicMap~GoogleA~35711e2c.292fe004c7b932cf1066.bundle.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[0],{10:function(t,e,n){var r=n(6),o=n(45),i=n(226);r({target:"Object",stat:!0,forced:n(13)((function(){i(1)}))},{keys:function(t){return i(o(t))}})},103:function(t,e){t.exports=function(t){if("function"!=typeof t)throw TypeError(String(t)+" is not a function");return t}},104:function(t,e,n){"use strict";var r=n(320),o=n(51),i=n(251);t.exports=function(t,e,n){var a=r(e);a in t?o.f(t,a,i(0,n)):t[a]=n}},1064:function(t,e,n){"use strict";n.d(e,"a",(function(){return v}));var r=n(9),o=n(361),i=n(1857),a=n(49),c=n(193),u=n(314),s=n(30),f=n(93),l=n(249),p=n(184),h=[];function d(t){var e={};return function(t){var e=t.defaultIntegrations&&r.d(t.defaultIntegrations)\|\|[],n=t.integrations,o=[];if(Array.isArray(n)){var i=n.map((function(t){return t.name})),a=[];e.forEach((function(t){-1===i.indexOf(t.name)&&-1===a.indexOf(t.name)&&(o.push(t),a.push(t.name))})),n.forEach((function(t){-1===a.indexOf(t.name)&&(o.push(t),a.push(t.name))}))}else"funct

Chrome Cache Entry: 158

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (526), with no line terminators
Category:	downloaded
Size (bytes):	526
Entropy (8bit):	4.844995662196588
Encrypted:	false
SSDEEP:
MD5:	D96C709017743C0759CF3853D1806BA5
SHA1:	72E21587610C49C8305A55E71F73FA88ED618205
SHA-256:	BA2338AA6670580269C762F51C4291DAEF913201AA8F4D4FD166C1A878262652
SHA-512:	974E260ED8BD1D99628FC3248F07179F6EA228E37A6B9D3EF906DBA57571F2DF54D73F93D1F3460902D28A90BD4793BCA35477B2EF8FBF424B9112147F04BCCF
Malicious:	false
Reputation:	unknown
URL:	https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js
Preview:	!function(){"use strict";var e="https://m.stripe.network",n=window.location.hash,t=/preview=true/.test(n)?"inner-preview.html":"inner.html",o=document.createElement("iframe");o.src="".concat(e,"/").concat(t).concat(n);var i=function(n){if(n.origin===e){var t=window.opener\|\|window.parent\|\|window;if(!t)return;t.postMessage(n.data,"")}else o.contentWindow.postMessage(n.data,"")};window.addEventListener?window.addEventListener("message",i,!1):window.attachEvent("onMessage",i),document.body&&document.body.appendChild(o)}();

Chrome Cache Entry: 159

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (583), with no line terminators
Category:	downloaded
Size (bytes):	583
Entropy (8bit):	4.922866901699429
Encrypted:	false
SSDEEP:
MD5:	A8CCD32EEAE2573B015B4AAC7604ED0E
SHA1:	8C9C97BEF485EDEA6E7752BEFFD4F3D8D51AA19E
SHA-256:	29108B508F3E3A2258B5FF26CD876D31B87D7861DCD999190E083D25228C8AB7
SHA-512:	B50319539ED61BB6FE3C7D1B4B838F2DDA2C5FD3A6D861F06D76F2F532BCB1CD6BC45A235B43EEA912666E9A2E5115A261D243F9ED5898743433023E22B81A0A
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/business/mybills/production/main.3cf9c16495486cc66bcb.css
Preview:	.sbt-ErrorComponent{align-items:center;display:flex;height:100%;justify-content:center}.sbt-ErrorComponent--heading{font-size:1.0625rem;line-height:1.75rem}.sbt-ErrorComponent--description{font-size:1.0625rem;margin-bottom:20px}.sbt-ErrorComponent--illustration{padding:0}@media screen and (min-width:600px){.sbt-ErrorComponent--heading{font-size:1.3125rem;line-height:2rem}.sbt-ErrorComponent--illustration{height:400px;padding:56px}}@media screen and (min-width:800px){.sbt-ErrorComponent--heading{font-size:1.875rem;line-height:2.75rem}}.my-bills-SharedLayout--loader{flex-grow:1}

Chrome Cache Entry: 160

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 13299
Category:	downloaded
Size (bytes):	5191
Entropy (8bit):	7.957287922448704
Encrypted:	false
SSDEEP:
MD5:	1B65C0FE701D4C16A04AE5403AC1C290
SHA1:	0CAF71F5B2167089C84AB7056E73231EACBE5BAF
SHA-256:	6336D7E7231FB0E8FC185004FA4D4D5DE619FC69BA22195BDF49A07AF701C340
SHA-512:	2D90CF9751A2D1F144AFB953FE38E62B04B1C443F11F8F04B409D9338205888ABDADA74CF44FFB5FCDEDC84839EC9462690DFE777152731BCA4BC4DDD7E766C9
Malicious:	false
Reputation:	unknown
URL:	https://js.intercomcdn.com/tooltips-modern.1675f4a2.js
Preview:	...........[.s.6..Wh..!. ..EJ...q.qk..w.x...,&.....[..~....j'.{37..%.X`.....>-.V."..~d.. L.GI.gb0../'.i.%.(.\|..s.\|.d...5.dZ......l.:n....$....y..C.,.!.<..p.J....R>..M....z..d..2.`.I...p,h.......yt..Z..F.s;...hv..g......x]....9m...4m...M.B..v..[B..y^.dS.....&A.3cj......g....u-...\|..C...N.....4ih.;.......5...Q..P..'D=3..<+.6...6..4.d.g.0..".2.."..U."..^...l.u.f......?.4.....yq.S....f..r....H.FR...1{...uK.4...%...%E..`..eOg..}...K..4....<..X...LB9........YL.X...6w....^;.Z..<[k.S.6\|v.U..=...:.c...8Z.w.6..;...X.M..z..w.6P.......q...M..6pp....i.[.E.a.E"....!i...B0.j............v#n.=`.-....q..@...V.na7...........y..A..,.:....m...m...C...........r.....n.K[.:j4t..F.h...x..:^..p...;...8.Z...MF.5....d.........M[.m.!..c..N.....v5. ...8T..>HH..$g.v.t].;8yj.d9.....m83..>.89..K4@Kt4.............Y..n..fH.........i..F=<c.o.j...9.b.....muq'....4.,.../..iv..6b.mW..A..c.}..h....`.x...^.g.GC.1....5.y.vWS.....l.>u...N..0...w4..Fm.9..u.O).S.J.

Chrome Cache Entry: 161

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (34055), with no line terminators
Category:	downloaded
Size (bytes):	34055
Entropy (8bit):	5.382034135784619
Encrypted:	false
SSDEEP:
MD5:	ED99E2C2B7E432BF1B01B17E26FEA4F1
SHA1:	31B19A9F34FEF2D8C779585F4477CD05A6784FAA
SHA-256:	C64B612E535BAE0B630160E4B0054682C16C475EE18FB18CB2ACF0E92ED99A84
SHA-512:	48E524BD8721D7DDFCEBB9EDFF0D980AA1789193001A61AD53D6A5A5C1EBF09906E4E2591311D8F831A3E83BBCDC3348D5877BE7ED88C475288A6CE4ECBE804F
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/business/mybills/production/locale.en-NZ.4a8119cde29ca710e9f3.chunk.js
Preview:	"use strict";(self.webpackChunkmy_bills=self.webpackChunkmy_bills\|\|[]).push([[229],{8301:e=>{e.exports=JSON.parse('{"ACCEPT":"Accept","ACCEPT_MODAL_HEADER_MOBILE":"Are you sure?","ACCEPT_QUOTE_ERROR":"Sorry! An error has occurred and your quote has not been accepted. Please try again.","ACCOUNT_NUMBER":"Account number","ACTIVATED_YOUR_ACCOUNT":"Activated your account?","ACTIVATED_YOUR_ACCOUNT_MESSAGE":"You should have received an email with a link to activate your Xero account.<p>Have you activated your account?</p>","ADDRESS":"Address","AMOUNT_DUE":"Amount due","APP_NAME":"My Bills","AT":"@ ","ATTACHMENTS":"Attachments ({totalCount})","DOWNLOAD_ATTACHMENTS":"Download attachments ({totalCount})","AUSTRALIA_BUSINESS_NUMBER":"ABN","BANNER_COMMENT_SUCCESS":"Your message has been sent","BANNER_ERROR":"Sorry! An error has occurred and your quote has not been {action}. Please try again later","BANNER_MESSAGE":"Thanks! Your quote has been {action} and {orgName} has been notified","BILLING_ADD

Chrome Cache Entry: 162

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (18812), with no line terminators
Category:	downloaded
Size (bytes):	18812
Entropy (8bit):	5.3535049001343
Encrypted:	false
SSDEEP:
MD5:	09EC813B4574067AB37E81D05F9C25C4
SHA1:	0FB792104D812BD0376C9DC05E6D234A2589AC1F
SHA-256:	FBB1DBAE387EBE6836838EBEA3B64BDD7723B60617B80FCCDA795D555A526C31
SHA-512:	9F007B283FDB1AD227E4C48EFCD72656957CAF638D691BFB8D82FA34FB43273B1B73B41F617664234D71034282C96CC1AC713B85220372D82C61BF7E0DD4AFAA
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/business/mybills/production/564.b5a02b8d5a01ba93520c.chunk.js
Preview:	(self.webpackChunkmy_bills=self.webpackChunkmy_bills\|\|[]).push([[564],{22926:function(e,t,n){!function(e,t){"use strict";function n(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function r(e){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{};t%2?n(Object(r),!0).forEach((function(t){o(e,t,r[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):n(Object(r)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(r,t))}))}return e}function a(e){return a="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},a(e)}function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumera

Chrome Cache Entry: 164

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	474
Entropy (8bit):	4.419883165956976
Encrypted:	false
SSDEEP:
MD5:	69CB34BB24259E111A77A9B5CCFB2CFE
SHA1:	575ABBD10BC2014E1F812C8206CF5B835E85A632
SHA-256:	4F53ECEB4C539FBD76C7960BAAC9C3CF0AC238811C007444BD9016F81EB5EA5B
SHA-512:	5CAC210BA9CCA38CEE0EFE79B416737520DC77A985E1F4ADF49EE5FCD2C5C86858BD6426482C5199BDA149AACA0A89813D784CC5AF1F6650E87194116880C08B
Malicious:	false
Reputation:	unknown
URL:	https://js.stripe.com/v3/.deploy_status_henson.json
Preview:	{"canaryPercentage":0,"deployedRevisions":["1739695951e3525674eb6c066482e4110ba068c7","1ac59292a4c1b11caaa7f03b1f856ef4244e58ca","21421a9e38d8e57e6ee4fc01e6df7b280922b9ca","9e321c785d9a3af96a3a2b825741e252a0ea976b","4f38cb9b573b593aa25d64b0ef5f91aa7dbb2685","9629c5a07b95303271c136dff2ee197591d11e10","71dc521fb7a8d07275eb0b16addfde8236bcc470","737366135d872cce35e57ce9ba491a5f475389f8","9a2758e434df9c6a22c75bcc414ae7c46a599e56","569a682bb637dc2a9adf9acf4cbeca650df73dbc"]}

Chrome Cache Entry: 165

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (26008), with no line terminators
Category:	downloaded
Size (bytes):	26008
Entropy (8bit):	5.400205313818421
Encrypted:	false
SSDEEP:
MD5:	83C0A3AE20BDB338DE5F1C32594E8A28
SHA1:	1BB16A48E3C00715C03F6DCCFDF886543F8C28AD
SHA-256:	24C6667BF50AF02C957012F598C561091A1C690B70C154762B8116BA887081B4
SHA-512:	6B3EDC6C1BC06C8DD4EEF2D1640F609F2CF3D7601FC92AA6E4E42686EAAE512D6BBB0F7B94394DBB1E8DDF69F9D9BD2172F9D8CCBE26A933E10BA4B38FFEEDD7
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/business/mybills/production/680.6aaa81dd750ad656b318.chunk.js
Preview:	(self.webpackChunkmy_bills=self.webpackChunkmy_bills\|\|[]).push([[680],{53233:(e,t,a)=>{"use strict";Object.defineProperty(t,"Ay",{enumerable:!0,get:function(){return s.default}});var l,s=(l=a(31806))&&l.__esModule?l:{default:l}},84278:(e,t,a)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.default=void 0;var l=p(a(71508)),s=p(a(5556)),r=p(a(41594)),i=p(a(7129)),n=a(34900),o=p(a(94238)),d=p(a(83668)),u=a(74848);function p(e){return e&&e.__esModule?e:{default:e}}const f=r.default.forwardRef(((e,t)=>{let{characterCounter:a,children:s,fieldClassName:r,hintMessage:p,isFieldLayout:f,isGroup:c,isInvalid:h,isLabelHidden:g,label:b,labelClassName:x,labelRef:m,labelTagType:v,onBlur:y,onClick:C,onKeyDown:w,qaHook:k,validationMessage:M,wrapperIds:I,wrapperProps:E}=e;const P=(0,l.default)(r,f&&`${n.ns}-field-layout`),j=(p\|\|M)&&(0,u.jsx)(o.default,{isInvalid:h,validationMessage:M,hintMessage:p,qaHook:k,wrapperIds:I})\|\|void 0;return(0,u.jsx)(i.default.Consumer,{children:e=>{let{useFl

Chrome Cache Entry: 166

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 4 icons, 64x64, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	24838
Entropy (8bit):	3.496915319918756
Encrypted:	false
SSDEEP:
MD5:	C169AEE3C6F710672AE66CDB0AE20879
SHA1:	CAA44FB392A6427C7E5C22437137CB771E717C53
SHA-256:	B5107D80D618E1824D266984E1673710D3A6D766E8B3997C52E1E271FB57FA49
SHA-512:	EAE8E4EF77CF5DDCA93303DAD6B1E23E6256426EE82D0E2E20F8869D4EBCDD88E3EDF3DA9755485C3B3857F286B32CCA5F60D609FC4ED5099A82714FB51CDE8D
Malicious:	false
Reputation:	unknown
Preview:	......@@.... .(B..F... .... .....nB........ ......S........ .h....\..(...@......... ..........................................................................................................................+..Y......................................].......................................................................................................................................................................................@..............................................................F................................................................................................................................................................v.............................................................................#...................................................................................................................................................................................

Chrome Cache Entry: 167

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (30711)
Category:	downloaded
Size (bytes):	32780
Entropy (8bit):	5.28589503233425
Encrypted:	false
SSDEEP:
MD5:	FF2E3BF25D34969239CEA277B666302B
SHA1:	B80AA464141C6DA1A6A3C7B1A69BE833980B2F1B
SHA-256:	95F4D3871468A9CF835156C273861A08830324BCD2B98D72CD89F6158602883C
SHA-512:	A4995CF9C9EA09FCD3B3490AC9FF86D1078D7D8F26411C12A9F9517528176C0800B42F428434DA40B75DE7E9DECE12215720492C808BA0B7792AC28B123DD76C
Malicious:	false
Reputation:	unknown
URL:	https://in.xero.com/m/538xzi7jR6vpCOoeVZX9FI8QyXA91hfWBxTy9jvY?utm_source=invoiceEmailPayNowButton&utm_campaign=classicInvoicesEmailV2PaymentServiceAttached
Preview:	<!doctype html><html lang="en-NZ" class="xui-html"><head><title>Xero</title><meta name="robots" content="noindex,nofollow"/><meta charset="UTF-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link crossorigin href="https://edge.xero.com" rel="preconnect"/><script>;window.NREUM\|\|(NREUM={});NREUM.init={distributed_tracing:{enabled:true},privacy:{cookies_enabled:true},ajax:{deny_list:["bam.nr-data.net"]}};. window.NREUM\|\|(NREUM={}),__nr_require=function(t,e,n){function r(n){if(!e[n]){var o=e[n]={exports:{}};t[n][0].call(o.exports,function(e){var o=t[n][1][e];return r(o\|\|e)},o,o.exports)}return e[n].exports}if("function"==typeof __nr_require)return __nr_require;for(var o=0;o<n.length;o++)r(n[o]);return r}({1:[function(t,e,n){function r(t){try{s.console&&console.log(t)}catch(e){}}var o,i=t("ee"),a=t(31),s={};try{o=localStorage.getItem("__nr_flags").split(","),console&&"function"==typeof console.log&&(s.console=!0,o.indexOf("dev")!==-1&&(s.dev=!0),o.indexOf("nr_dev")

Chrome Cache Entry: 168

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (1165)
Category:	downloaded
Size (bytes):	1725
Entropy (8bit):	5.380373079374969
Encrypted:	false
SSDEEP:
MD5:	3D1F28CAF6C2BAB68E6F70FA0952E46B
SHA1:	626164A4B3EF5DA55C2D6C2B6F89E271DD622767
SHA-256:	E1308539D9AE9C8C04A21CABD5BC4FFBA8436C143B32C4FCD6329BEB38D25118
SHA-512:	1092817CFF8923399626752BC9058FE58037BE67A9108535E8CDF770F51DF3712D1A09731796C40F6CED20CEBD11084334E34FA12C2C1F73A07914FD65A0C7DB
Malicious:	false
Reputation:	unknown
URL:	https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html
Preview:	<!DOCTYPE html>.<html lang="en">.<head>.<title>hCaptcha</title>.<meta charset="utf-8">.<meta http-equiv="X-UA-Compatible" content="IE=edge">.<meta http-equiv="Content-Security-Policy" content="object-src 'none'; base-uri 'self'; worker-src blob:; script-src 'self' https: 'unsafe-eval' 'sha256-AZCDWQUNowyEL4nROvBEe+lhsAtntG62ERTR+kjxvck=';">.<style type="text/css">*{-webkit-tap-highlight-color:transparent;-webkit-font-smoothing:antialiased}body,html{margin:0;padding:0;font-family:-apple-system,system-ui,BlinkMacSystemFont,"Segoe UI",Roboto,Oxygen,Ubuntu,"Helvetica Neue",Arial,sans-serif;overflow:hidden;height:100%;width:100%}fieldset{margin:0;padding:15px 20px;border:none}button:focus,input:focus,select:focus,textarea:focus{outline:0}:focus{border:none;outline:0}textarea{border:none;overflow:auto;outline:0;-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none;resize:none}.no-selection{-webkit-touch-callout:none;-webkit-user-select:none;-khtml-user-select:none;-moz-user-select:non

Chrome Cache Entry: 169

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (18233)
Category:	downloaded
Size (bytes):	18307
Entropy (8bit):	5.299257866469154
Encrypted:	false
SSDEEP:
MD5:	B2C9E79BB9D0B77EB9EAEDCF701AF07A
SHA1:	CE16CB6C1B659E32A550E800EBE9403F40ADFC0F
SHA-256:	3132461EC63AA7D365E4C13C9A089825675B0FA7D3AA071B96A06E393950022A
SHA-512:	DC17A977C75667DDFB241FEB7D1E7EA9DEB6ADDD773C7D73DC66D910F783BA9735DC3FBC887461A2DF8D979F56D093865218BB6D33CF18430560AEB49D5674BD
Malicious:	false
Reputation:	unknown
URL:	https://b.stripecdn.com/stripethirdparty-srv/assets/v20.25/HCaptchaInvisible.b27e55a4db75cd3e653a.bundle.js
Preview:	!function(t){function e(e){for(var n,a,c=e[0],u=e[1],s=e[2],l=0,p=[];l<c.length;l++)a=c[l],Object.prototype.hasOwnProperty.call(o,a)&&o[a]&&p.push(o[a][0]),o[a]=0;for(n in u)Object.prototype.hasOwnProperty.call(u,n)&&(t[n]=u[n]);for(f&&f(e);p.length;)p.shift()();return i.push.apply(i,s\|\|[]),r()}function r(){for(var t,e=0;e<i.length;e++){for(var r=i[e],n=!0,c=1;c<r.length;c++){var u=r[c];0!==o[u]&&(n=!1)}n&&(i.splice(e--,1),t=a(a.s=r[0]))}return t}var n={},o={16:0},i=[];function a(e){if(n[e])return n[e].exports;var r=n[e]={i:e,l:!1,exports:{}};return t[e].call(r.exports,r,r.exports,a),r.l=!0,r.exports}a.m=t,a.c=n,a.d=function(t,e,r){a.o(t,e)\|\|Object.defineProperty(t,e,{enumerable:!0,get:r})},a.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},a.t=function(t,e){if(1&e&&(t=a(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esModule)return t;var r=Object.create(null

Chrome Cache Entry: 170

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 529834
Category:	downloaded
Size (bytes):	145451
Entropy (8bit):	7.998243770803383
Encrypted:	true
SSDEEP:
MD5:	6AF2B93C09D4A214AD436BCD3568E36D
SHA1:	AB743215BEE82D6E35B33D2BEF7AB704B8FA0A59
SHA-256:	80EA006D3B4945D70023F9C7DB7D256830EFD317A26020B50B49D4185F8D7CFF
SHA-512:	4E63E8B98E775018459745A1D5431A7F26DEE0354C247F5DC232F747EC5AF904D3547545F20FAE3A658B3882AAD616F0317B60F75A187BF1A4CE44CE1DED3D0E
Malicious:	false
Reputation:	unknown
URL:	https://js.intercomcdn.com/frame-modern.14494ffc.js
Preview:	............{.H. .W(^?]`..1)...V.l%+..^.$.",....4-..9...B...{w...7.2.P....0....S;(q...y.a~.q.^.WZ..S/x...>......^n.k.u.7=?r.N.......z....1.......F.o......F......L..6Pr.nR.Q...G..+.Fd....30V..7<.M...g.. ...\|`{0.............?....,.;.0.g....}...]...u./n:./n...,Z.~./.....<l....Q>..~.....`....w...3n.c?.....~..u.j...f....=..r.K..Q.b.J....{...6.MV.77..O=.o7..Y.R...B....Y.......g.....v..aK.....Fe.mm..A?.b...l.ZC.....~0RO.j...jV....v....j.=.n<.j..h.^.s..\j.[..^<.z..Ua.[..<.......ld`..\..l7.X=~..#...-. ^.j.^o.M.lz0..P..`..X.a...vms......jlW`5.[..I....J.m.j.s..7U..........\..8...{.....b....\|....X.zS...-mU.........T.......Q.....j.mV.....l.X.!....c...`.y?..j...U.....{..y...,....g.\|.l.g.b..hm..$..NS.)..cn4..v.)z..UiT.[[..-.7...^...mn.=.]...l.V.....n.....).0.&]4..#.M.`..vc..`...~4........m....o28.b%'..j...5..OcP...W.......p..<Y.-8...fM=.....&,q.p..,.NaX......\!:..!..#&%.N$l.;.I@..iG__w2..]...uz............X..j.4M...v.{.$M.Y...@.....a.'!/.Q...

Chrome Cache Entry: 171

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65441)
Category:	downloaded
Size (bytes):	947039
Entropy (8bit):	5.428936803124091
Encrypted:	false
SSDEEP:
MD5:	1D0212A390F1E5B2D0AB12D5BC075BC4
SHA1:	4AE9211C0696BD1817935258B22216B499349E39
SHA-256:	579E5C009E0E62843C2D6891C17B15A7728640E34BB69BBC3BC084E43A672BD3
SHA-512:	F82ED56C608ACB2D28F80A5A05C53143927A664BA9D6456C75FFEC7C6E53095BE900DEC79215A6CE302C6DDDF173A52100A481A43BE511EF33C4EF52A5CFB2A3
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/business/mybills/production/IndexRoute.51d4e02b1491b79fb5ea.chunk.js
Preview:	/! For license information please see IndexRoute.51d4e02b1491b79fb5ea.chunk.js.LICENSE.txt /.(self.webpackChunkmy_bills=self.webpackChunkmy_bills\|\|[]).push([[952],{8009:(e,t)=>{"use strict";function r(e){return r="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},r(e)}var n,a="https://js.stripe.com/v3",i=/^https:\/\/js\.stripe\.com\/v3\/?(\?.*)?$/,o=null,u=function(e){return null!==o\|\|(o=new Promise((function(t,r){if("undefined"!=typeof window&&"undefined"!=typeof document)if(window.Stripe,window.Stripe)t(window.Stripe);else try{var n=function(){for(var e=document.querySelectorAll('script[src^="'.concat(a,'"]')),t=0;t<e.length;t++){var r=e[t];if(i.test(r.src))return r}return null}();n&&e\|\|n\|\|(n=function(e){var t=e&&!e.advancedFraudSignals?"?advancedFraudSignals=false":"",r=document.createElement("script");r.src="".concat(a).concat(t);v

Chrome Cache Entry: 172

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32010)
Category:	downloaded
Size (bytes):	50049
Entropy (8bit):	5.315307632257224
Encrypted:	false
SSDEEP:
MD5:	63E2DF852D15AB21D7FF8FC4363222E8
SHA1:	7EE401BA652DB0A4EC960350E17216CDA01E22FB
SHA-256:	545156ADEAE44DADC82B98D504F805EBE77FB79C928EF34EED1057BB9D4CB8FE
SHA-512:	BAAD17C762461527B270B57EF294E28BEFF92B3A66829B8DDD8788A791AEBB0A40BE849BFC79FCFC5CB0D7FFC7FD709CA6CD6A61CAC878CE60F585D40F214970
Malicious:	false
Reputation:	unknown
URL:	https://js-agent.newrelic.com/nr-spa-1216.min.js
Preview:	!function(t,n,e){function r(e,o){if(!n[e]){if(!t[e]){var a="function"==typeof __nr_require&&__nr_require;if(!o&&a)return a(e,!0);if(i)return i(e,!0);throw new Error("Cannot find module '"+e+"'")}var s=n[e]={exports:{}};t[e][0].call(s.exports,function(n){var i=t[e][1][n];return r(i\|\|n)},s,s.exports)}return n[e].exports}for(var i="function"==typeof __nr_require&&__nr_require,o=0;o<e.length;o++)r(e[o]);return r}({1:[function(t,n,e){var r=t(46);n.exports=function(t,n){return"addEventListener"in window?window.addEventListener(t,n,r(!1)):"attachEvent"in window?window.attachEvent("on"+t,n):void 0}},{}],2:[function(t,n,e){function r(t,n,e,r){var i=d(t,n,e);return i.stats=a(r,i.stats),i}function i(t,n,e,r,i){var a=d(t,n,e,i);return a.metrics=o(r,a.metrics),a}function o(t,n){return n\|\|(n={count:0}),n.count+=1,v(t,function(t,e){n[t]=a(e,n[t])}),n}function a(t,n){return null==t?s(n):n?(n.c\|\|(n=f(n.t)),n.c+=1,n.t+=t,n.sos+=t*t,t>n.max&&(n.max=t),t<n.min&&(n.min=t),n):{t:t}}function s(t){return t?t.

Chrome Cache Entry: 173

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65453)
Category:	downloaded
Size (bytes):	703366
Entropy (8bit):	5.474221757712168
Encrypted:	false
SSDEEP:
MD5:	217249B467829E20EDCB9CE529FF53FE
SHA1:	6B86B9A52C4C9D7102B518F3AF5C5D118983E463
SHA-256:	9CCCCBCEDFF99C9FBCFD728C83B1789E024132544A390A84EA4719756F63718B
SHA-512:	B8E4DDF8AA38E4A936A2F388495AE5F2CB3F51A912771C265F7F187C2334109779C8106DD67937B26985E51D47D4F7FD1FC7F58BA7A124710E5C97B2AB37BC3F
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/business/mybills/production/main.1fa941fbe0b37736643c.js
Preview:	/! For license information please see main.1fa941fbe0b37736643c.js.LICENSE.txt /.(()=>{var e,t,r,n,o={14147:(e,t)=>{"use strict";function r(e){if(void 0===e)return NaN;if(null===e)return 0;if("boolean"==typeof e)return e?1:0;if("number"==typeof e)return e;if("symbol"==typeof e\|\|"bigint"==typeof e)throw new TypeError("Cannot convert symbol/bigint to number");return Number(e)}function n(e,t){return Object.is?Object.is(e,t):e===t?0!==e\|\|1/e==1/t:e!=e&&t!=t}Object.defineProperty(t,"__esModule",{value:!0}),t.msFromTime=t.OrdinaryHasInstance=t.SecFromTime=t.MinFromTime=t.HourFromTime=t.DateFromTime=t.MonthFromTime=t.InLeapYear=t.DayWithinYear=t.DaysInYear=t.YearFromTime=t.TimeFromYear=t.DayFromYear=t.WeekDay=t.Day=t.Type=t.HasOwnProperty=t.ArrayCreate=t.SameValue=t.ToObject=t.TimeClip=t.ToNumber=t.ToString=void 0,t.ToString=function(e){if("symbol"==typeof e)throw TypeError("Cannot convert a Symbol value to a string");return String(e)},t.ToNumber=r,t.TimeClip=function(e){return isFinite(e)?

Chrome Cache Entry: 174

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	528392
Entropy (8bit):	5.573984311164052
Encrypted:	false
SSDEEP:
MD5:	4342B00F906EEA1D05B94293D52AA8B3
SHA1:	BA41F9126678214599E77D71D64BDBDE14CF65E6
SHA-256:	A2A6E347030A794CA08AF4A84555D466FFEB098D7C09ABE76851F5BE84A5DA08
SHA-512:	043B107D0064373888329063C575E983A8BA842B49F580126611BDA5A17C36D79EC4AB263C088EE0CBC948AAFF0CF109EAE9AFFF8D52728022E6E5820D5AAD5F
Malicious:	false
Reputation:	unknown
URL:	https://newassets.hcaptcha.com/c/e78a38c/hsw.js
Preview:	var hsw=function(){"use strict";function A(A,I,g){return I<=A&&A<=g}function I(A){if(void 0===A)return{};if(A===Object(A))return A;throw TypeError("Could not convert argument to dictionary")}var g=function(A){return A>=0&&A<=127},B=-1;function C(A){this.tokens=[].slice.call(A),this.tokens.reverse()}C.prototype={endOfStream:function(){return!this.tokens.length},read:function(){return this.tokens.length?this.tokens.pop():B},prepend:function(A){if(Array.isArray(A))for(var I=A;I.length;)this.tokens.push(I.pop());else this.tokens.push(A)},push:function(A){if(Array.isArray(A))for(var I=A;I.length;)this.tokens.unshift(I.shift());else this.tokens.unshift(A)}};var Q=-1;function E(A,I){if(A)throw TypeError("Decoder error");return I\|\|65533}function i(A){return A=String(A).trim().toLowerCase(),Object.prototype.hasOwnProperty.call(D,A)?D[A]:null}var D={};[{encodings:[{labels:["unicode-1-1-utf-8","utf-8","utf8"],name:"UTF-8"}],heading:"The Encoding"}].forEach((function(A){A.encodings.forEach((functi

Chrome Cache Entry: 175

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	79
Entropy (8bit):	3.9905520344529988
Encrypted:	false
SSDEEP:
MD5:	708FD37768AAAC4FAC6B11B43BC538A3
SHA1:	A47D5B07394D4447EAFE830DBC6A4ACBCB40CF33
SHA-256:	F2205C30AB0D0A86CD0D715CF483BAFD550C0EA9D4DDB24E2C182F1D7F024144
SHA-512:	6BED68D78AC26DA769975B5C20D389173B36A1301CA1F118D8EF362DD548DDFF696AC84ABF774882982C4CC61B9F0D337A57BB4FA4E1C4C776F0D901152F3116
Malicious:	false
Reputation:	unknown
URL:	"https://bam.nr-data.net/1/bd61b676be?a=1134228971&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=6923&ck=1&ref=https://in.xero.com/m/538xzi7jR6vpCOoeVZX9FI8QyXA91hfWBxTy9jvY&be=3991&fe=6267&dc=6248&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1713901586976,%22n%22:0,%22r%22:20,%22re%22:3298,%22f%22:3298,%22dn%22:3299,%22dne%22:3299,%22c%22:3299,%22s%22:3300,%22ce%22:3537,%22rq%22:3537,%22rp%22:3854,%22rpe%22:3988,%22dl%22:3858,%22di%22:5015,%22ds%22:6248,%22de%22:6249,%22dc%22:6268,%22l%22:6268,%22le%22:6271%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fp=5523&jsonp=NREUM.setToken"
Preview:	NREUM.setToken({'stn':0,'err':1,'ins':1,'spa':1,'sr':0,'srs':0,'st':0,'sts':0})

Chrome Cache Entry: 176

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 705897
Category:	downloaded
Size (bytes):	166299
Entropy (8bit):	7.99719957204128
Encrypted:	true
SSDEEP:
MD5:	D625DB79DB383FDAEF04243566C4AFCE
SHA1:	602DD72D8ACE3CAF67935FADFA7DBB2F8124AC80
SHA-256:	7F3046C46346778BB29417C58A123A51E6B192997660E5AA4315B84D5ECBC5C6
SHA-512:	50B47A9E4605FDEDDF18D54BA7B01EDB8797EEF02F480475CABF8665908D7669440708CAD92DC6BB4E34924EC613BD630668D9BFBE2780CA17233024F248E2CE
Malicious:	false
Reputation:	unknown
URL:	https://js.intercomcdn.com/vendors~app~tooltips-modern.7e0e68e9.js
Preview:	............s.G./....../......6(H..)K6..D.n..N.(.e.(.P E............S.e[^..v..^...\|x......B..<=..>..k.U.Y...<..df.N..k........G..,Qrs. z.....$..G....(....z.C.E.,x}.n..K..W.x...kq...Ro\M.u/%N~$G.......39WZ.....3..#.j..+xd^r...\|..:Ka..8..c~.....g.Z..v....lf.Xe...c..).%.!...8.Y.>N...XdI..(...8.cf...S....z..ror.D....'J.$[..Yf!...A.>..y..j.<..G>\|d.-V....z....l<.G.K..,.`G...Ex..sg..h?N..v.{....g....$zyI..~.22x.M..w.&+....S.E.+..y.Y.../..B..[of..j...gT<.Y...7..K......{\..sH.W.tr2W...b...*.OG..9=?.b.......H4....B..$.......t.<.....kx}......3......R.]{...V....c..F;D..I..T...).d5.6=L4v..e.~...<..c.5N-..)>4_z.....e7sv...I...9x.d5.,zL..C...hSu.f...%..9.t.x.,X.,.PQOXE.Z(.6[..&W$....v5.?N.8.G........K..Ef............1.X........j.)..O6;,....\...^;..?...S.%.OM.z............d.<./CI.f.DG...9)...0...1=.&\|........=.T.%qn..1-)-...q.....w..uy....L......".e...v.fFJj..[i..n%......e..WsxG.-.l.0...... ..w!T.D..'..!...N.d..[N[)yW.>Yt..:....\|...>.......&.Y_=

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://in.xero.com/538xzi7jR6vpCOoeVZX9FI8QyXA91hfWBxTy9jvY?utm_source=invoiceEmailPayNowButton&utm_campaign=classicInvoicesEmailV2PaymentServiceAttached#paynow

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 125

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Chrome Cache Entry: 130

Chrome Cache Entry: 131

Chrome Cache Entry: 132

Chrome Cache Entry: 134

Chrome Cache Entry: 135

Chrome Cache Entry: 136

Chrome Cache Entry: 138

Chrome Cache Entry: 139

Chrome Cache Entry: 140

Chrome Cache Entry: 141

Chrome Cache Entry: 142

Chrome Cache Entry: 143

Chrome Cache Entry: 144

Chrome Cache Entry: 145

Chrome Cache Entry: 146

Chrome Cache Entry: 147

Chrome Cache Entry: 149

Chrome Cache Entry: 151

Windows Analysis Report
https://in.xero.com/538xzi7jR6vpCOoeVZX9FI8QyXA91hfWBxTy9jvY?utm_source=invoiceEmailPayNowButton&utm_campaign=classicInvoicesEmailV2PaymentServiceAttached#paynow