Edit tour

Windows Analysis Report
https://in.xero.com/Kw5EivBbP7cI8mUewaIbiEH2de2DrArU8XaI2H1t

Overview

General Information

Sample URL:	https://in.xero.com/Kw5EivBbP7cI8mUewaIbiEH2de2DrArU8XaI2H1t
Analysis ID:	1432216

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 1284 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://in.xero.com/Kw5EivBbP7cI8mUewaIbiEH2de2DrArU8XaI2H1t MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 1160 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1928,i,11331534210279989602,8350307251861396448,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: file:///C:/Users/user/Downloads/Invoice%20INV-0003.pdf	HTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/Invoice%20INV-0003.pdf	HTTP Parser: No favicon

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: unknown	HTTPS traffic detected: 40.126.29.15:443 -> 192.168.2.18:49694 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.29.15:443 -> 192.168.2.18:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.50.112.18:443 -> 192.168.2.18:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.18:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.18:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.18:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.18:49765 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.29.15

Source: global traffic	DNS traffic detected: DNS query: in.xero.com
Source: global traffic	DNS traffic detected: DNS query: edge.xero.com
Source: global traffic	DNS traffic detected: DNS query: js-agent.newrelic.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: bam.nr-data.net
Source: global traffic	DNS traffic detected: DNS query: product-analytics-bff.xero.com
Source: global traffic	DNS traffic detected: DNS query: widget.intercom.io
Source: global traffic	DNS traffic detected: DNS query: js.intercomcdn.com
Source: global traffic	DNS traffic detected: DNS query: api-iam.intercom.io
Source: global traffic	DNS traffic detected: DNS query: nexus-websocket-a.intercom.io
Source: global traffic	DNS traffic detected: DNS query: www.xero.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 40.126.29.15:443 -> 192.168.2.18:49694 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.29.15:443 -> 192.168.2.18:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.50.112.18:443 -> 192.168.2.18:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.18:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.18:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.18:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.18:49765 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@21/42@32/176

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://in.xero.com/Kw5EivBbP7cI8mUewaIbiEH2de2DrArU8XaI2H1t
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1928,i,11331534210279989602,8350307251861396448,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1928,i,11331534210279989602,8350307251861396448,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	3 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://in.xero.com/Kw5EivBbP7cI8mUewaIbiEH2de2DrArU8XaI2H1t	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
about:blank	0%	Avira URL Cloud	safe
file:///C:/Users/user/Downloads/Invoice%20INV-0003.pdf	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
fastly-tls12-bam.nr-data.net	162.247.243.29	true	false	unknown
widget.intercom.io	13.32.87.112	true	false	high
js-agent.newrelic.com	162.247.243.39	true	false	high
www.google.com	142.250.64.196	true	false	high
api-iam.intercom.io	44.214.72.116	true	false	high
nexus-websocket-a.intercom.io	35.174.127.31	true	false	high
js.intercomcdn.com	13.226.52.91	true	false	high
in.xero.com	unknown	unknown	false	high
edge.xero.com	unknown	unknown	false	high
www.xero.com	unknown	unknown	false	high
bam.nr-data.net	unknown	unknown	false	unknown
product-analytics-bff.xero.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://in.xero.com/m/Kw5EivBbP7cI8mUewaIbiEH2de2DrArU8XaI2H1t	false		high
about:blank	false	Avira URL Cloud: safe	low
file:///C:/Users/user/Downloads/Invoice%20INV-0003.pdf	false	Avira URL Cloud: safe	low

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.189.142	unknown	United States	15169	GOOGLEUS	false
172.253.123.84	unknown	United States	15169	GOOGLEUS	false
44.214.72.116	api-iam.intercom.io	United States	14618	AMAZON-AESUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
192.178.50.46	unknown	United States	15169	GOOGLEUS	false
34.199.118.93	unknown	United States	14618	AMAZON-AESUS	false
184.84.137.134	unknown	United States	16625	AKAMAI-ASUS	false
13.226.52.91	js.intercomcdn.com	United States	16509	AMAZON-02US	false
13.32.87.112	widget.intercom.io	United States	16509	AMAZON-02US	false
35.174.127.31	nexus-websocket-a.intercom.io	United States	14618	AMAZON-AESUS	false
142.250.64.195	unknown	United States	15169	GOOGLEUS	false
172.217.15.202	unknown	United States	15169	GOOGLEUS	false
34.237.73.95	unknown	United States	14618	AMAZON-AESUS	false
142.250.64.196	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
184.84.136.204	unknown	United States	16625	AKAMAI-ASUS	false
162.247.243.29	fastly-tls12-bam.nr-data.net	United States	13335	CLOUDFLARENETUS	false
162.247.243.39	js-agent.newrelic.com	United States	13335	CLOUDFLARENETUS	false
142.250.217.195	unknown	United States	15169	GOOGLEUS	false
23.34.204.146	unknown	United States	577	BACOMCA	false

Private

IP
192.168.2.18

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1432216
Start date and time:	2024-04-26 17:33:40 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://in.xero.com/Kw5EivBbP7cI8mUewaIbiEH2de2DrArU8XaI2H1t
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@21/42@32/176

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.64.195, 142.250.189.142, 172.253.123.84, 184.84.136.204, 34.104.35.123, 184.84.137.134, 23.45.182.83
Excluded domains from analysis (whitelisted): www.bing.com, in.xero.com.edgekey.net, e6513.a.akamaiedge.net, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, new-edge.xero.com.edgekey.net, ctldl.windowsupdate.com, clientservices.googleapis.com, e11670.a.akamaiedge.net, product-analytics-bff.xero.com.edgekey.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, login.live.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:34:39 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9760486755559596
Encrypted:	false
SSDEEP:
MD5:	D28FFF2C5D4A1E5246B446A52B25F01F
SHA1:	DF1DEE9AB140A51A8F3EF5462193C2979DEFF4F7
SHA-256:	2EB19F1B64DB977196D15A6177AEC9E7CAF51424CA71E14FC70EF7CC4576495E
SHA-512:	B6FD5B5A4F436A0B174910B8BEB26BA6AE7EE6370F9ABBE9D31ED3A641436F5A9FCB08F995DF76B8B2CA6B81A1AC91793D9C92EC245933EAC003E61871460250
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....OM@.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.XK\|....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XS\|....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.XS\|....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.XS\|...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.XT\|.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............$.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:34:39 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.992900062099011
Encrypted:	false
SSDEEP:
MD5:	564BDA49C64F7C527385B3AC888BEBD5
SHA1:	327804DB2785321BC7FBC6DDCAA088F98701B8B2
SHA-256:	F33FC36496EB39B50AD4738857160E8981D156E5DD3656CAA33A13AEB21FC23B
SHA-512:	019F24830FA2E3B62C30F939032EDA1007646100FE5580E194E60624DDB6BE7C8134351CFFDE5329D6C17DF3483A1919687EDD6FF9370CF5E9EA191A74E40006
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......5@.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.XK\|....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XS\|....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.XS\|....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.XS\|...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.XT\|.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............$.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 09:23:19 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2691
Entropy (8bit):	4.001864195713254
Encrypted:	false
SSDEEP:
MD5:	E4784067795B25917EB0B8086F138D93
SHA1:	E5608866AFB4D52FD8FA319D32E9F33542D58170
SHA-256:	F1B4E9CD289F9C857FE73D485968338B29E75607439F3B8AA974E949894D7FAA
SHA-512:	0512DCACF1DEC0C9AFD188E2923DC63FD6153A1A9AE0A2DED6C2F97974861BA5B7F7755A13ECF5C2D0F22CD6407E233ABF701FD2D0AB94C370AFA94AF87C82B9
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....?.4 ?.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.XK\|....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XS\|....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.XS\|....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.XS\|...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.R.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............$.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:34:39 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9894243539804752
Encrypted:	false
SSDEEP:
MD5:	FA887054253BDCD363ABCB103EF7F6CC
SHA1:	BB88FDD20094F5F38B624F428E8B8F935A052CFD
SHA-256:	5E5BAD633AAD1C434711A571889F92CDA061281AD73A55B0B88EC2A3F7493190
SHA-512:	472314058D8A5E7335327402BB3FFD7CB83F803840E95656478D33A26B822053B39779B06BAEF57E62336AEBD8EF814EE61D13BBD268D06280FE6A4D49FBAE32
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....t)@.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.XK\|....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XS\|....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.XS\|....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.XS\|...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.XT\|.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............$.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:34:39 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.980426627793892
Encrypted:	false
SSDEEP:
MD5:	3ABAE8891AEEC398D89E7DD08B4ECDA9
SHA1:	BA709CE131CDF8AA5AA86A5F48F7C7C451C521D9
SHA-256:	87C395900DBDE58CB0AD71A7DB00A9B035CDE21EEEFE1D400C890801D4612A70
SHA-512:	D5F83B0C9FC544FEB0CA6DED9D15185B9EE3F355D861DF1B8B2F7F923D1FD5D7B417FD247E28923A52419F9ABDB83D2300C4E7C0974CAF8E815A839E0186C2D2
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......<@.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.XK\|....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XS\|....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.XS\|....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.XS\|...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.XT\|.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............$.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:34:38 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.992289564163142
Encrypted:	false
SSDEEP:
MD5:	0CBECFACDAEC81C2A0BB98D0DCDE2B01
SHA1:	00A61E5438F368017B8A614343CFEF5EEA7FBA6C
SHA-256:	12D2DF47FBF49FE9DA5BC0BFE54A8DA141F50EDA15DA31DE94FAFF3BADEA9FDC
SHA-512:	99E489C2B92F769A59193EA63E310014D1046E8B6A26EDCC8E5D7040E8D9E57C10C07ED340B2592C41AFAC6E1411C2B3DA00E60ADCDD0A91C0E00101C5D7228C
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......@.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.XK\|....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XS\|....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.XS\|....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.XS\|...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.XT\|.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............$.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\Downloads\75ff2734-d7c5-43d9-b1cd-c1b3dadcf477.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PDF document, version 1.7, 0 pages (zip deflate encoded)
Category:	dropped
Size (bytes):	17985
Entropy (8bit):	6.703660887586337
Encrypted:	false
SSDEEP:
MD5:	9C5F7491571A09AB1EFE0033B169DE36
SHA1:	1B32FF08FF8DBB49E4F8585275E16377E727308D
SHA-256:	C6F8255D4E7F511A08CACA587E1379E033A957854422F3170D783A10D81521BE
SHA-512:	0C870C94B9035E1AC1C5803CF30B1627E1765CADD5126620593EB69ADCD0085137AF8BC33CE8F34B642573631BED05DDD4143856E526372C265611A1331F126B
Malicious:	false
Reputation:	unknown
Preview:	%PDF-1.7.%........1 0 obj.<</Version/1.7/Names 8 0 R/Outlines 2 0 R/Pages 3 0 R/Type/Catalog/Metadata 23 0 R>>.endobj.2 0 obj.<</Type/Outlines/Count 0>>.endobj.3 0 obj.<</Type/Pages/Count 1/Kids[9 0 R]>>.endobj.4 0 obj.<</ModDate(D:20240426153528+00'00)/Author()/CreationDate(D:20240426153528+00'00)/Title()/Creator(Aspose Ltd.)/Subject()/Producer(Aspose.Pdf for .NET 6.6)>>.endobj.6 0 obj.<</Filter/FlateDecode/Length 12>>stream.x..*.........endstream.endobj.7 0 obj.[/PDF].endobj.8 0 obj.<<>>.endobj.9 0 obj.<</Type/Pages/Count 1/Parent 3 0 R/Kids[10 0 R]>>.endobj.10 0 obj.<</Type/Pages/Count 1/Parent 9 0 R/Kids[11 0 R]>>.endobj.11 0 obj.<</Parent 10 0 R/Resources<</Font<</F-0 14 0 R>>/ColorSpace<</DefaultRGB 12 0 R>>/XObject<</im52615 19 0 R/im52616 20 0 R/tg52617 21 0 R>>/ProcSet[/PDF/Text/ImageC/ImageB/ImageI]>>/Type/Page/Contents 22 0 R/MediaBox[0 0 612 792]/Group<</S/Transparency/K false/CS 12 0 R/I true>>>>.endobj.12 0 obj.[/ICCBased 13 0 R].endobj.13 0 obj.<</Filter/FlateDecode/N 3/

C:\Users\user\Downloads\Invoice INV-0003.pdf (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PDF document, version 1.7, 0 pages (zip deflate encoded)
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	98A43C5F782B63E79F28218C3FD4F9AA
SHA1:	09B0368742E7C8C5130F13CE7B4945BC664E4A24
SHA-256:	55FBF41BD779E5A4C5BABE1E713C722978CC9DC92F408B873976E86092F77C46
SHA-512:	C86684D3E98B61140D6A864F3C434E77411711BB25FDC8468FE7F54F28ADD1B182BB04B1E760CFE5442E29678D0449C0A00A9219FF160C41619A93D416D31C79
Malicious:	false
Reputation:	unknown
Preview:	%PDF-1.7.%........1 0 obj.<</Version/1.7/Names 8 0 R/Outlines 2 0 R/Pages 3 0 R/Type/Catalog/Metadata 23 0 R>>.endobj.2 0 obj.<</Type/Outlines/Count 0>>.endobj.3 0 obj.<</Type/Pages/Count 1/Kids[9 0 R]>>.endobj.4 0 obj.<</ModDate(D:20240426153528+00'00)/Author()/CreationDate(D:20240426153528+00'00)/Title()/Creator(Aspose Ltd.)/Subject()/Producer(Aspose.Pdf for .NET 6.6)>>.endobj.6 0 obj.<</Filter/FlateDecode/Length 12>>stream.x..*.........endstream.endobj.7 0 obj.[/PDF].endobj.8 0 obj.<<>>.endobj.9 0 obj.<</Type/Pages/Count 1/Parent 3 0 R/Kids[10 0 R]>>.endobj.10 0 obj.<</Type/Pages/Count 1/Parent 9 0 R/Kids[11 0 R]>>.endobj.11 0 obj.<</Parent 10 0 R/Resources<</Font<</F-0 14 0 R>>/ColorSpace<</DefaultRGB 12 0 R>>/XObject<</im52615 19 0 R/im52616 20 0 R/tg52617 21 0 R>>/ProcSet[/PDF/Text/ImageC/ImageB/ImageI]>>/Type/Page/Contents 22 0 R/MediaBox[0 0 612 792]/Group<</S/Transparency/K false/CS 12 0 R/I true>>>>.endobj.12 0 obj.[/ICCBased 13 0 R].endobj.13 0 obj.<</Filter/FlateDecode/N 3/

C:\Users\user\Downloads\Invoice INV-0003.pdf.crdownload

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PDF document, version 1.7, 0 pages (zip deflate encoded)
Category:	dropped
Size (bytes):	41427
Entropy (8bit):	7.122476406561948
Encrypted:	false
SSDEEP:
MD5:	98A43C5F782B63E79F28218C3FD4F9AA
SHA1:	09B0368742E7C8C5130F13CE7B4945BC664E4A24
SHA-256:	55FBF41BD779E5A4C5BABE1E713C722978CC9DC92F408B873976E86092F77C46
SHA-512:	C86684D3E98B61140D6A864F3C434E77411711BB25FDC8468FE7F54F28ADD1B182BB04B1E760CFE5442E29678D0449C0A00A9219FF160C41619A93D416D31C79
Malicious:	false
Reputation:	unknown
Preview:	%PDF-1.7.%........1 0 obj.<</Version/1.7/Names 8 0 R/Outlines 2 0 R/Pages 3 0 R/Type/Catalog/Metadata 23 0 R>>.endobj.2 0 obj.<</Type/Outlines/Count 0>>.endobj.3 0 obj.<</Type/Pages/Count 1/Kids[9 0 R]>>.endobj.4 0 obj.<</ModDate(D:20240426153528+00'00)/Author()/CreationDate(D:20240426153528+00'00)/Title()/Creator(Aspose Ltd.)/Subject()/Producer(Aspose.Pdf for .NET 6.6)>>.endobj.6 0 obj.<</Filter/FlateDecode/Length 12>>stream.x..*.........endstream.endobj.7 0 obj.[/PDF].endobj.8 0 obj.<<>>.endobj.9 0 obj.<</Type/Pages/Count 1/Parent 3 0 R/Kids[10 0 R]>>.endobj.10 0 obj.<</Type/Pages/Count 1/Parent 9 0 R/Kids[11 0 R]>>.endobj.11 0 obj.<</Parent 10 0 R/Resources<</Font<</F-0 14 0 R>>/ColorSpace<</DefaultRGB 12 0 R>>/XObject<</im52615 19 0 R/im52616 20 0 R/tg52617 21 0 R>>/ProcSet[/PDF/Text/ImageC/ImageB/ImageI]>>/Type/Page/Contents 22 0 R/MediaBox[0 0 612 792]/Group<</S/Transparency/K false/CS 12 0 R/I true>>>>.endobj.12 0 obj.[/ICCBased 13 0 R].endobj.13 0 obj.<</Filter/FlateDecode/N 3/

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 6952
Category:	downloaded
Size (bytes):	2705
Entropy (8bit):	7.918057698959248
Encrypted:	false
SSDEEP:
MD5:	639100358138073092E32069F4CC78A8
SHA1:	3D232C0EEA72AA8397AAFC8AED2A92A8DD805B4A
SHA-256:	C4342CEFDCAC64B85B860D16B96941B207B635E3EE9A1CEDC2BB04B998C9984D
SHA-512:	8C3B177488232159A7DFF5A60AD4287EBDE5C492B5292CC4DE4BC6F17CFE30E1FA3D155C8A61C046F57928B9F0DA88A2D96319A58D05505EE4BC5BC73058BDE5
Malicious:	false
Reputation:	unknown
URL:	https://widget.intercom.io/widget/
Preview:	...........Y.s.:..+.w'...IJK...R........i...V..c..J..$.}?..;I.e..Z..tt..Lc4.\|.Ed..{..-O^t..nIg..9.!.R%.2.3....9.A..VFj.d.....&..J..n...t..H1..<...a..AL.d..-).. r.m.d.J.....-......Uv..H..^..\|^ZkI.w.q.#....=8.5.M.D.0.LE.v..o..... .6\...x.S...==.G/..._...;...0..V3..l......6...K.b.-y2\U.6M..K...l.I."d?.+.K.Q.... aT.....#.39...........~0K.....(o.>+r.,.......u/x`t..'l..LF.(..Ls..[.4w.^.....'..'..yY7.n..f$Jr_.gY.y<..[...!.....gV...L..J.LRc.#..l.<dm.=..d..x..L.l!.....I.T.rbk$.a.../"Ey.%P..F...#.S....o.+u."...h.b...9.Z..<..n.o.e.[./......W......bS.,M.(..1m... .}.6it.5<.'...z].(..-.gpC.V..pj.NH^.Q..V...<.9ie~.Y.E......].#.]..h...7..nYl...1U....-}.r<..j.....w..2%...N.u..y.{..u}....r...ndawnz=%..n\..Wr-.>.l.b^%.q...@...(X,;.4..O=..........+^N.7!...#.u..n.&H.:.0..Zm....Zu..z].5.Z.....z.=..I...^.x...4...<..b].ne..B......?g:..4n6.9W.K.0...a.."67..k....O.......P2fXa4.T......Nj...;..G...+.......f.B..\|.........fV.f..{.d...?.T.G.)v.2.f.TK.

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	368
Entropy (8bit):	7.12063513642207
Encrypted:	false
SSDEEP:
MD5:	032A0E2CAC13DFCA4A5AB55BDA676D7D
SHA1:	BAA4EAE01777B7EF91ECBE4DF00CE211976E8FCB
SHA-256:	7BCE0A5C00B7A985D2D4DDDE3578D9D03F521DE9176D63DD6C5338428E7F7D8D
SHA-512:	069CD41E52FEA3FD380C83CCC2AE3F3873D833D0EB417886C2067FCC70BF8EB87DDB44622293A2D37DBD4875E5FFD016F7E489078F74425683ACC5C38B58C6DE
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/business/mybills/production/favicon.png
Preview:	RIFFh...WEBPVP8X..............ALPHb....O.4.$5z`O.f.D>".l>j=...$[....>`......P@a.J......!..j.a...y.......U =$9...x...\|........?....VP8 ....p...........%..t........x...X..g..37.G.7...1...1........z"je ..)'...7.f0].:y.9...i..~.\Vk..t.l..?U..1.."........}x.x.k./.0.........>..RV....9q".B..4-.Ab.......H.ICDo...i...q........)...t...F.p.....+...so.H..F..3....

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.459147917027245
Encrypted:	false
SSDEEP:
MD5:	BC32ED98D624ACB4008F986349A20D26
SHA1:	2D3DF8C11D2168CE2C27E0937421D11D85016361
SHA-256:	0C9CF152A0AD00D4F102C93C613C104914BE5517AC8F8E0831727F8BFBE8B300
SHA-512:	71ACC6DA78D5D5BF0EEA30E2EE0AC5C992B00EFEC959077DFE0AB769F1DBBD9AF12D5C5C155046283D5416BEB606A9EF323FB410E903768B1569B69F37075B4E
Malicious:	false
Reputation:	unknown
Preview:	GIF89a.......,..........

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 209926
Category:	downloaded
Size (bytes):	53858
Entropy (8bit):	7.995253199071009
Encrypted:	true
SSDEEP:
MD5:	BAECEFD335B4E7FCE271D6E3489A58A4
SHA1:	3E5D1AEAE080AC213A8ACC44475EB70908B8F0C1
SHA-256:	3E5216C5C1ECD3EF1DF3F84A9D6E32B7FC14C80B577B0BE14D426462A9B3C798
SHA-512:	18EA0B72094F41A590C749800F8E39AF221CF69AE68A1CAECE69A925D3D0B302825A99233E3053FB1A3D31E846A6FBA932359DF5A45DB049ACF584CCEEAD6080
Malicious:	false
Reputation:	unknown
URL:	https://js.intercomcdn.com/app~tooltips-modern.99a3541c.js
Preview:	...........b.F.(.+.6...&.7).V...3~m...DS...4.Jb(..o._v.............@..]]].2V..Eq.Nc.~....{7w#.O....b..o\?..4X\}....<<..`Z.U4...?.....f..v..:g1.....r.1..........0X-.c..d..yzk..p..O..n.d.<v.e2......lx....."x..O...y.....'..4.6..,...f.Pw...vx...[.E..n.4..y.o]..<.....Qky_...uj..F.P.V...... 4Lf@..4:...FK.^.\.s}.x...ti;.._...m{y.:]..4..h.....(.d#t.....\|~:....Uk.P;..q...k.4...2.....Q.=;vo...h.Q..f.x....d.,......4'?M....uk0.....E...gF....;.....4.7.s.s6.Y...iC....+\|..`qX....+\|......]r.Oc.......-..~\|,..[..,........M.yp......;.\|k...5.I4.Yd.....#..hO<.;`.@B.@.X.X.1..q..`.l.....@.......1..&..[9....LW.f....P..4...k$.;..S...SQ.n...@.WbL.5H.k.....W......1@.)l.o..}o.S.......+/>.._.\|.......M8.(.g..C..,q...q.\|......h.o.Af.&s.+$Z.e.H./....ad......`Q..x4..6r............p...j@.S.h.....w'.....[C\.E.Ow.\....;..M7^.Z.0.S.]5..}.....p.j.u.,.p....p5...nY.77.j..3....s.w<~..1^...%..m.....g......j/.`.....u....nC......)...9.p...M.e.m......g.5.9..3.@..u

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 4 icons, 64x64, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	24838
Entropy (8bit):	3.496915319918756
Encrypted:	false
SSDEEP:
MD5:	C169AEE3C6F710672AE66CDB0AE20879
SHA1:	CAA44FB392A6427C7E5C22437137CB771E717C53
SHA-256:	B5107D80D618E1824D266984E1673710D3A6D766E8B3997C52E1E271FB57FA49
SHA-512:	EAE8E4EF77CF5DDCA93303DAD6B1E23E6256426EE82D0E2E20F8869D4EBCDD88E3EDF3DA9755485C3B3857F286B32CCA5F60D609FC4ED5099A82714FB51CDE8D
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/business/mybills/production/favicon.ico
Preview:	......@@.... .(B..F... .... .....nB........ ......S........ .h....\..(...@......... ..........................................................................................................................+..Y......................................].......................................................................................................................................................................................@..............................................................F................................................................................................................................................................v.............................................................................#...................................................................................................................................................................................

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.378783493486176
Encrypted:	false
SSDEEP:
MD5:	0FD044E0690466346D751E4995808B9C
SHA1:	F4AFB109DC3333A95E8D6A2E48619217E65E7880
SHA-256:	132444277310C4E22412CB4DAA9F9083D838B90227FDAC830BF6E1D4960B4083
SHA-512:	30171B5D3269970251FA5517D2760B189E8B4B8E9AA050216778D65D177D2C2CF92AC28D95C62DF46E1908B72CC1DFC60EBF1D3B0AC3D4D5AFD3BCE8408B6F8E
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSFwkc9_ctOD_y_RIFDXmZQ2kSBQ2nJtZ8?alt=proto
Preview:	ChIKBw15mUNpGgAKBw2nJtZ8GgA=

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 493458
Category:	downloaded
Size (bytes):	150799
Entropy (8bit):	7.998173297503546
Encrypted:	true
SSDEEP:
MD5:	B27B573E6B04DAED0B4144A6E206BA93
SHA1:	026B3BC8B3F967D7096191718F9B999C06A090AF
SHA-256:	70371467412BCA4624E5589F75D4A2BB10581E6C4C9CE9F2520AC9DA5A60DECF
SHA-512:	E1787EE13F039FA01B01EF018B70FF38C5BC179EF3AEEA19E013C4DFD308D628FE9BDF91AD9B5BD47489BA1C061E68DFC9A03BA10CE28534516DB2FEFF9C4756
Malicious:	false
Reputation:	unknown
URL:	https://js.intercomcdn.com/vendor-modern.07772018.js
Preview:	...........i{.8.(....6'.!#Z..2...T.v.gb...**=..I,S.BR^.....9X..r......X.....8...oo....0..(e[A4.....q.....Q)c[.,..dw..,......N.}..#m..x}....g[...?s..#/...i......l...Q.q<......Z..Vs.Lgf...........c2;.#.}.h,.oY..3.{9......&A.>&.%....p.......a?.z.9.........<>.o.Xv.....O;.-...1b..p..a...V.qP...3#...^..A'.B.N..........=.^.^.X...2..HS.Y.lg'l..I......d..Zc..}..N...=vey>z.:n........ ...1.W...Ys<..0g/3.......e.$.t"k.]....+j.8..<=q..z]...U..z.0...`..d....u....g...V......^E...Q...e....9...k..8Y3].Af..&.....z...\|i..o....Z`VL.>...0..y..V+c..F...\|.E.hv..3...;2Rb........B."<......Q...&.....s..y>.K.b..Y.p.B@.8y....f.!..^..y...5.Q...V.e.x..8.._..c.JNlS.2kNY.2...-3f...-.@c..AX.a.g....a.....@......5......Y....s%M.V.5q.A.1\Nar-sl.i..c...E.(.ys.U....c..........K....K. .0wNd.3..`6.......S...p<;..1..._;]0.?@....R.l.Y....)...<.E.....I...&.C.._...h.b...&C...W.m7.n1..J~.3.....8K....Q.r... .$!2K..X.F........h.jJ.H..P#0..........\....).@..".1......C.v.N

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	227671
Entropy (8bit):	5.425847817481241
Encrypted:	false
SSDEEP:
MD5:	1105FE9D55F7B1FFA83FE443D17E50A5
SHA1:	381D1FCC886D3E2913716EC2DF8234EE2B6F7C9A
SHA-256:	F3AAFCDD874FFCEB23AAE3F737353CD9D1E419908A7D4096586200D483805854
SHA-512:	7548571448C511431C8285583066CFE6646D3313F801D28FCB203CF5636BB4D4E7BB537682685F7F33F04F20E13117786D460C6F331674F9CB7E82F504848F47
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/business/mybills/production/837.d2b589355baf3fb3dfc5.chunk.js
Preview:	(self.webpackChunkmy_bills=self.webpackChunkmy_bills\|\|[]).push([[837],{82248:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.default={width:11,height:7,path:"M5.5 4.2L9.625 0 11 1.4 5.5 7 0 1.4 1.375 0z"}},10966:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.default={width:14,height:13,path:"M4 5.5l4-4L6.5 0 0 6.5 6.5 13 8 11.5l-4-4h10v-2z"}},44630:(e,t)=>{"use strict";t.A={width:20,height:20,path:"M10 20C15.5228 20 20 15.5228 20 10C20 4.47715 15.5228 0 10 0C4.47715 0 0 4.47715 0 10C0 15.5228 4.47715 20 10 20ZM5.8313 9.51435L4.54565 10.8L8.4026 14.6569L16.1165 6.94305L14.8308 5.65741L8.4026 12.0856L5.8313 9.51435Z"}},22664:(e,t)=>{"use strict";t.A={width:15,height:15,path:"M4 3h10c.5 0 1 .5 1 1.09v9.82c0 .545-.5 1.09-1 1.09H4c-.5 0-1-.545-1-1.09l.01-9.82C3 3.546 3.5 3 4 3zm0 11h10V4H4v10zM1 0h10c.5 0 1 .5 1 1.09V2h-1v-.91H1V11l1 .018V12H1c-.5 0-1-.5-1-.982V1.09C-.01.545.77 0 1 0z"}},81890:(e,t)=>{"use strict";t.A={width:15,height:15,path

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	144
Entropy (8bit):	4.54178832719941
Encrypted:	false
SSDEEP:
MD5:	F447C440ABF2B8AF203938329FE494F8
SHA1:	3E071AE6400D84FB2EBE38EAEE60E1161D9F4556
SHA-256:	11BBA994684E05187E8CB291F03254CE7810FB3EABBC900299F078F2E584550F
SHA-512:	BC05CEC72D8512A1CE483156BDCD963199EBFFD224D991AABAD638D3FA075CD7C96E20B20B85C7224925B8263143772174B3BC824EA258C0B196C83E03007C9F
Malicious:	false
Reputation:	unknown
Preview:	{"errors":[{"code":"media_type_not_acceptable","message":"The Accept header should send a media type of application/json"}],"type":"error.list"}

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (36028), with no line terminators
Category:	downloaded
Size (bytes):	36028
Entropy (8bit):	5.13737983213806
Encrypted:	false
SSDEEP:
MD5:	7682536729AD9EA1A4DC8E24F4C7568A
SHA1:	52E6D0BBA139CEAF735A3A328F3A458B1450DFC9
SHA-256:	40F537631A8EA71038827C57D604891F13938A49F5208B495D587FCB48AE6B4E
SHA-512:	4D9BA1EC61B84F0417E57BA180F3692D625C4F8E86F2BE2F9B0FD1E4D416837BD18A4A8A0C2150653BF95F8A667C3A0161AEE7CD4CB920B47B3FB713F024BB3E
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/business/mybills/production/IndexRoute.5869f81b5c3105141012.css
Preview:	.my-bills-DeletedQuote .content-wrapper{height:409px;max-height:330px;padding:40px 21px;width:358px}.my-bills-DeletedQuote .subheading{font-size:15px;line-height:24px}.my-bills-DeletedQuote--copy-container{display:flex;flex-direction:column;height:100%;margin-top:19px}.my-bills-DeletedQuote--illustration{padding:0}.my-bills-Footer{width:100%}.my-bills-Footer--logo-text{color:#59606d;font-size:.8125rem}@media screen and (min-width:600px){.my-bills-Footer{padding:0 20px}}.my-bills-AcceptQuoteAction{margin-right:4px}@media screen and (min-width:600px){.my-bills-AcceptQuoteAction{margin-right:6px}}.my-bills-ActionStatus{font-weight:700;width:-moz-fit-content;width:fit-content}.my-bills-ActionStatus h1{font-size:21px}@media screen and (min-width:1000px){.my-bills-ActionStatus{margin-top:4px;padding-bottom:4px}}@media screen and (min-width:600px){.my-bills-ActionStatus{margin-right:12px}}.my-bills-ActionStatus--accepted{color:#00823c}.my-bills-ActionStatus--declined,.my-bills-ActionStatus--d

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Category:	downloaded
Size (bytes):	210623
Entropy (8bit):	5.2657612513849426
Encrypted:	false
SSDEEP:
MD5:	F1293D9665CF5713B80B2FB0FAB4A84E
SHA1:	A8C21E2D2531F842F02B75A141B2123DF17C6A9D
SHA-256:	573C961FFC4C9ED4FFD7693640512ABCD9A31736CFD49B3EAE812DFBDB3060DB
SHA-512:	4545174F1495ED729AB956F9CFC5C67FC1549A2AA9E8D0F2D3841300F989781A51337769C2B5FB3C5E5B14B9F7A185D4CECF56D15D72AAA5EA6287B05450E826
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/identity/client/1.1.13/identity.js
Preview:	!function(){"use strict";function o(t,e){var r,n=Object.keys(t);return Object.getOwnPropertySymbols&&(r=Object.getOwnPropertySymbols(t),e&&(r=r.filter(function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable})),n.push.apply(n,r)),n}function c(n){for(var e=1;e<arguments.length;e++){var i=null!=arguments[e]?arguments[e]:{};e%2?o(Object(i),!0).forEach(function(e){var t,r;t=n,r=i[e=e],e in t?Object.defineProperty(t,e,{value:r,enumerable:!0,configurable:!0,writable:!0}):t[e]=r}):Object.getOwnPropertyDescriptors?Object.defineProperties(n,Object.getOwnPropertyDescriptors(i)):o(Object(i)).forEach(function(e){Object.defineProperty(n,e,Object.getOwnPropertyDescriptor(i,e))})}return n}function M(e){return(M="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e})(e)}function I(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 35428
Category:	downloaded
Size (bytes):	11457
Entropy (8bit):	7.9808081927848935
Encrypted:	false
SSDEEP:
MD5:	549D63DC73C5770CA6C7ACD1ABDEAAA1
SHA1:	FB9655A72C0F8CEA5DAB9693F1BF14048023AAE2
SHA-256:	53BCEF9ED6F1D7D241585FF81D0B45E4251C7962EAE0E847088C21F9FA1C24CD
SHA-512:	5A61A05E8B7474A36DCE1D0AE3AA307D720D476503498921E99617621BBACBDF942D24C7EA4E3CD6786FF1E45847A2BD50C29D6AFE841947DAE7869C06B420EC
Malicious:	false
Reputation:	unknown
URL:	https://js.intercomcdn.com/vendors~tooltips-modern.8e0f853f.js
Preview:	...........}ms.6.._.y:....9I..ql.IO..q.&..NJS.."U...Z..ww.. E9Io.9..3..I.c..X..u._y..4H;..j..7..Et.D.H.x..S.?_d.....\|.N....G.....GO.>vm.2..\|g-R..fI.gVo.%{.KX........g.,...1.\|8..U.?.-..:..w?.......~........._..x..&...8..s'..3..LD..x..S..q..b1,t)VE.C(Q~Z..Q.M.......5...l.8.2/.Rl..5.d..q-V.!...t...;.Ycw/.H.7zS....#{.7h..C.....y...5./...q..c9Z..3.B..F[~...i...#.^..W.R..V_......x.6`.w.q.....f+.~.V...[........d3..DN._.......dll.2.S+.Tp.H.rY.U&?.3..6._...0....o....,X...'..............i..DYt0.....VqX..jQ..#..n5.="]..Pp.\..]....E...\..s.....S.&zU.3xqI=.._^^..8G\|.5.pH..>.8...H.F@o.....i..F...`J.N..,..R....O..w..G.v...ut18.....~..^......../1.../.......z......tp.u...N...#.h...k.....q...vp...z~...y..8#............t...[......Y.,H$.Q.O..<.^l.....T.Zd..m..L.`.m..S.l.3W.....,.2q.v.\|......n".E..ye..5&G...#....7../.0..Q....Z..>...&.....y.o..p._7..YU....................l...m..~" .i..!i.3...RHGV+......g{.u-...$:i.........p..7..y..Da...U..$..0.2n.(.t..[....

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (407), with no line terminators
Category:	downloaded
Size (bytes):	407
Entropy (8bit):	4.875613820666447
Encrypted:	false
SSDEEP:
MD5:	F1177CF4443D3D19831B79C13D365B61
SHA1:	4518B7E08C72FB43F4BE7D171DF77C7D57D5AB92
SHA-256:	32D732F37F9992244ED9C68825B52E26EF70378ADA1B95D954D73B6688004F0F
SHA-512:	1E8AF7DA7BD843AFE59CBAAE7055BE4D4773818EFF9A97B34E4EA4AA9E7C563205F79E441B9CDE694CCA6433D956433B6B21424D04D5ADCC06D25CFEBE831163
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/business/mybills/production/ActionModal.3d6e3565f6ea35558b24.css
Preview:	.my-bills-ActionModal--mask{padding:0;z-index:5000}.my-bills-ActionModal--mask .xui-modal{max-width:100%;width:100%}.my-bills-ActionModal--mask .xui-modal--footer{padding-top:0}.my-bills-ActionModal--mask .xui-modal--body{padding:0 20px}@media screen and (min-width:600px){.my-bills-ActionModal--mask .xui-modal{max-width:calc(100vw - 2.5rem);width:400px}}.my-bills-ActionModal--input-label{font-weight:400}

Chrome Cache Entry: 116

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65453)
Category:	downloaded
Size (bytes):	703335
Entropy (8bit):	5.473769441557876
Encrypted:	false
SSDEEP:
MD5:	ABA8FC826404DB533BF4C65631596F3B
SHA1:	258161C0490B0E1283F364C1F6ABAF166363F4D3
SHA-256:	B04BB5BE3BDD535A6B73CDD01C3EBF491CA36E8081CCB36062B6D3195ACFD7A9
SHA-512:	C31AF6850FC14E84730FFB8F7378C2150F3D6A6509540D1177BECAA63B5F8FB5B06EAD76959996E2EBA469A0A7B4596485AFBDB7F70EF2F7CD47BAFFCB695121
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/business/mybills/production/main.0534d31874f9c55071ed.js
Preview:	/! For license information please see main.0534d31874f9c55071ed.js.LICENSE.txt /.(()=>{var e,t,r,n,o={14147:(e,t)=>{"use strict";function r(e){if(void 0===e)return NaN;if(null===e)return 0;if("boolean"==typeof e)return e?1:0;if("number"==typeof e)return e;if("symbol"==typeof e\|\|"bigint"==typeof e)throw new TypeError("Cannot convert symbol/bigint to number");return Number(e)}function n(e,t){return Object.is?Object.is(e,t):e===t?0!==e\|\|1/e==1/t:e!=e&&t!=t}Object.defineProperty(t,"__esModule",{value:!0}),t.msFromTime=t.OrdinaryHasInstance=t.SecFromTime=t.MinFromTime=t.HourFromTime=t.DateFromTime=t.MonthFromTime=t.InLeapYear=t.DayWithinYear=t.DaysInYear=t.YearFromTime=t.TimeFromYear=t.DayFromYear=t.WeekDay=t.Day=t.Type=t.HasOwnProperty=t.ArrayCreate=t.SameValue=t.ToObject=t.TimeClip=t.ToNumber=t.ToString=void 0,t.ToString=function(e){if("symbol"==typeof e)throw TypeError("Cannot convert a Symbol value to a string");return String(e)},t.ToNumber=r,t.TimeClip=function(e){return isFinite(e)?

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (30711)
Category:	downloaded
Size (bytes):	32780
Entropy (8bit):	5.286151905711605
Encrypted:	false
SSDEEP:
MD5:	D88FA49A30FCCA22BFCE8C8BCC3EF6CE
SHA1:	7DE11E785E49A3CE3F9CD60D9E6FEE1A126ED8FC
SHA-256:	1BA494196E649E05B9DA7D822EBB09919BCECA8870EB2E1D0DF23A72706AAA52
SHA-512:	2867C351C1CEEEB68F6C63E54FF48767769D67D8CFF6BA7886CF4D43611BEA35217C0E0BA1769AC74B934471DEB9C087B3BCC9450CC13326E50F3F21EF8C2006
Malicious:	false
Reputation:	unknown
URL:	https://in.xero.com/m/Kw5EivBbP7cI8mUewaIbiEH2de2DrArU8XaI2H1t
Preview:	<!doctype html><html lang="en-NZ" class="xui-html"><head><title>Xero</title><meta name="robots" content="noindex,nofollow"/><meta charset="UTF-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link crossorigin href="https://edge.xero.com" rel="preconnect"/><script>;window.NREUM\|\|(NREUM={});NREUM.init={distributed_tracing:{enabled:true},privacy:{cookies_enabled:true},ajax:{deny_list:["bam.nr-data.net"]}};. window.NREUM\|\|(NREUM={}),__nr_require=function(t,e,n){function r(n){if(!e[n]){var o=e[n]={exports:{}};t[n][0].call(o.exports,function(e){var o=t[n][1][e];return r(o\|\|e)},o,o.exports)}return e[n].exports}if("function"==typeof __nr_require)return __nr_require;for(var o=0;o<n.length;o++)r(n[o]);return r}({1:[function(t,e,n){function r(t){try{s.console&&console.log(t)}catch(e){}}var o,i=t("ee"),a=t(31),s={};try{o=localStorage.getItem("__nr_flags").split(","),console&&"function"==typeof console.log&&(s.console=!0,o.indexOf("dev")!==-1&&(s.dev=!0),o.indexOf("nr_dev")

Chrome Cache Entry: 118

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (20730), with no line terminators
Category:	downloaded
Size (bytes):	20730
Entropy (8bit):	5.462366852867757
Encrypted:	false
SSDEEP:
MD5:	3303CAC12217337505CEB26EE9C5E199
SHA1:	B06CC32E27FF5FAB33A0AFE4D39FDEAE09ED6627
SHA-256:	4E05E1D81B72C19B8310BCF3CC1EAACA9EF09CA8BB5DE3777A801724A02DB6C1
SHA-512:	3877AC9DD72564B12B38A54A77FEC45809A25C25DADF3A994E23278DD7433D52DF40559029589DA69BD3CDF4EAB2A6939BB75669BCAA40FDD04AA22EFB11DD1E
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/business/mybills/production/638.106605aeaa4ef14523af.chunk.js
Preview:	(self.webpackChunkmy_bills=self.webpackChunkmy_bills\|\|[]).push([[638],{50193:(e,t,n)=>{"use strict";var a=n(41594);var r,o,i,l=function(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}(a);t.rs=void 0,(r=t.rs\|\|(t.rs={})).INITIAL="initial",r.PENDING="pending",r.REJECTED="rejected",r.RESOLVED="resolved",t.oY=void 0,(o=t.oY\|\|(t.oY={})).LOADING_STATUS="setLoadingStatus",o.RESET_OPTIONS="resetOptions",o.SET_BRAINTREE_INSTANCE="braintreeInstance",t.ul=void 0,(i=t.ul\|\|(t.ul={})).NUMBER="number",i.CVV="cvv",i.EXPIRATION_DATE="expirationDate",i.EXPIRATION_MONTH="expirationMonth",i.EXPIRATION_YEAR="expirationYear",i.POSTAL_CODE="postalCode";var c=function(){return(c=Object.assign\|\|function(e){for(var t,n=1,a=arguments.length;n<a;n++)for(var r in t=arguments[n])Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r]);return e}).apply(this,arguments)};function s(e,t){var n={};for(var a in e)Object.prototype.hasOwnProperty.call(e,a)&&t.indexOf(a)<0&&(n[a]=e[a]);if(null!=e&&"function"==typ

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	79
Entropy (8bit):	3.9905520344529988
Encrypted:	false
SSDEEP:
MD5:	708FD37768AAAC4FAC6B11B43BC538A3
SHA1:	A47D5B07394D4447EAFE830DBC6A4ACBCB40CF33
SHA-256:	F2205C30AB0D0A86CD0D715CF483BAFD550C0EA9D4DDB24E2C182F1D7F024144
SHA-512:	6BED68D78AC26DA769975B5C20D389173B36A1301CA1F118D8EF362DD548DDFF696AC84ABF774882982C4CC61B9F0D337A57BB4FA4E1C4C776F0D901152F3116
Malicious:	false
Reputation:	unknown
URL:	"https://bam.nr-data.net/1/bd61b676be?a=1134228971&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=5683&ck=1&ref=https://in.xero.com/m/Kw5EivBbP7cI8mUewaIbiEH2de2DrArU8XaI2H1t&be=1576&fe=4660&dc=4645&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1714145676612,%22n%22:0,%22r%22:19,%22re%22:1187,%22f%22:1187,%22dn%22:1187,%22dne%22:1187,%22c%22:1187,%22ce%22:1187,%22rq%22:1188,%22rp%22:1413,%22rpe%22:1563,%22dl%22:1419,%22di%22:3386,%22ds%22:4645,%22de%22:4645,%22dc%22:4660,%22l%22:4660,%22le%22:4662%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fp=3908&jsonp=NREUM.setToken"
Preview:	NREUM.setToken({'stn':0,'err':1,'ins':1,'spa':1,'sr':0,'srs':0,'st':0,'sts':0})

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	369
Entropy (8bit):	6.872823617470407
Encrypted:	false
SSDEEP:
MD5:	B42CB6EDE27D2B5BE4F43C79AB30B9F3
SHA1:	152DE95E673E17E835D94B714555C76F91FD8F16
SHA-256:	6F59F3FEDCC6D879B48025E6ABCCCCC0934818DBE3148419DBD8D62C7C744E75
SHA-512:	A8AF5ABB91BBBF1F6A54FEC64CE40F8D8403EA5143FA61645031DF1C09B07C59FF25CDD063E2B9D8171037809C1654A30069A941E6EF166E86DE2EDA9C7155F1
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............(-.S....PLTE<..<..<..<..<..<..<..<..<..<.....h..o...........R.......~..o.................u.....r.....p....................q.....=.......S.....E.......j....tRNS.F... ....^....orNT..w.....IDAT..e....0.E..6:.).... *....s&..........Rp.?...U....._.p.ry=........U...fk..C...l.g.....s}..[..;/\...W...>B....1.:)..?.....g~.....IEND.B`.

Chrome Cache Entry: 124

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	294433
Entropy (8bit):	4.919897960135226
Encrypted:	false
SSDEEP:
MD5:	2D6E56E859C536646B2F1A76684E2227
SHA1:	374864AE4D33D9F9CA6941DF489A4CEDC4A572F4
SHA-256:	BAFADF9C618FB3D866385426D8AABCBDE2E9983CDC3961CCC2A676A7D1EE438A
SHA-512:	A16B9A803D4BB71B59BC517EAE889472AC87E6536BC9E8B7A5807CD32D34164DE53F6AE4C075E08A633A81146D92BF9FBC2F3EB3B6D7B13FECE5CD6DFA98A417
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/style/xui/22.0.0/xui.min.css
Preview:	html{font-size:100%;-webkit-text-size-adjust:100%}*,:after,:before{box-sizing:inherit}body,form{margin:0;padding:0}label:hover{cursor:pointer}input[type=number]{-moz-appearance:textfield}input::-moz-focus-inner{border:0;padding:0}input[type=number]::-webkit-inner-spin-button,input[type=number]::-webkit-outer-spin-button{-webkit-appearance:none;margin:0}input[type=search]::-webkit-search-cancel-button,input[type=search]::-webkit-search-decoration{-webkit-appearance:none}input:-webkit-autofill{-webkit-animation-fill-mode:both;-webkit-animation-name:xui-animation-autofill}textarea{overflow-x:hidden}table{border-collapse:collapse}button::-moz-focus-inner{border:0;padding:0}a{color:#0078c8;cursor:pointer}a:hover{color:#003c64}a:active{color:#002a46}a:focus-visible{color:#003c64}.xui-html{height:100%;min-height:100%}.xui-body{font-smooth:antialiased;-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;font-size:var(--x-font-size-medium, .9375rem);line-height:var(--x-line-heig

Chrome Cache Entry: 125

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 729 x 733, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	11377
Entropy (8bit):	7.890567209099171
Encrypted:	false
SSDEEP:
MD5:	4B2AB93362B5F9558F994FDF12E3CA7C
SHA1:	F74E8BE1B8F85457ECDB8BDD8C9646D497257D4E
SHA-256:	786ECD2A5D662201E7F7C7F829763E5B39166453C1C33B253CBF9FE306EE24D9
SHA-512:	5869117D8F4E6C909B2CD74EDA12CCA055A733031E1E21667101C03E1D35FF9457E447A40D9A7777A2709F26D5D03E79C0EEBABFA8AC880368661F3C5243AF4D
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................fPLTE......................................................0..@.......p....... ........P..........`.............tRNS...@.p0...` P...n.m.....orNT..w...+.IDATx...b*;.E.y...!!...Ov.3e(.-Y.........P.........................................S....>.71....\|.JX.w.....h2......t.o..r<^.Fkk..........f<...............F......I.7..~.c...A.....c....Te9ie.b...A.........".l2.Z...]R.W..30.g7.oZ.....?.u.t53......Cn..7..Q...{rb...!.w...R.C....q......z[..Q.b..n............=.^.Zd..n..k.a.....-..@2.O<MYZ.w.Hv.p......M..........+..z.u.....K...n&.CJ.......tMk'r[.w.h\|..6.A.!.u.....sI.+....?\|{..q..-.......>.N%....h.....3.l.U..nY}........^vx...fR7+......W..ZWdVsK.u.......,..n..............K._.0...Q.Y.x.......Z&g....8...l.!M.'%.v..!..s....n..jH......]6{..:.n....5{....n.4..6..f.k::n[..M..5....M......v.lx.....v.lx.....v.lx]....v..)..f)V.6.;fc^F....kS.b.pi.Dg..'.6.#f..>D...^wkS;a.......ou.6..f. ...4.6..fc..n..-A..GY.mmj...!.Ve^

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (583), with no line terminators
Category:	downloaded
Size (bytes):	583
Entropy (8bit):	4.922866901699429
Encrypted:	false
SSDEEP:
MD5:	A8CCD32EEAE2573B015B4AAC7604ED0E
SHA1:	8C9C97BEF485EDEA6E7752BEFFD4F3D8D51AA19E
SHA-256:	29108B508F3E3A2258B5FF26CD876D31B87D7861DCD999190E083D25228C8AB7
SHA-512:	B50319539ED61BB6FE3C7D1B4B838F2DDA2C5FD3A6D861F06D76F2F532BCB1CD6BC45A235B43EEA912666E9A2E5115A261D243F9ED5898743433023E22B81A0A
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/business/mybills/production/main.3cf9c16495486cc66bcb.css
Preview:	.sbt-ErrorComponent{align-items:center;display:flex;height:100%;justify-content:center}.sbt-ErrorComponent--heading{font-size:1.0625rem;line-height:1.75rem}.sbt-ErrorComponent--description{font-size:1.0625rem;margin-bottom:20px}.sbt-ErrorComponent--illustration{padding:0}@media screen and (min-width:600px){.sbt-ErrorComponent--heading{font-size:1.3125rem;line-height:2rem}.sbt-ErrorComponent--illustration{height:400px;padding:56px}}@media screen and (min-width:800px){.sbt-ErrorComponent--heading{font-size:1.875rem;line-height:2.75rem}}.my-bills-SharedLayout--loader{flex-grow:1}

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (34055), with no line terminators
Category:	downloaded
Size (bytes):	34055
Entropy (8bit):	5.382034135784619
Encrypted:	false
SSDEEP:
MD5:	ED99E2C2B7E432BF1B01B17E26FEA4F1
SHA1:	31B19A9F34FEF2D8C779585F4477CD05A6784FAA
SHA-256:	C64B612E535BAE0B630160E4B0054682C16C475EE18FB18CB2ACF0E92ED99A84
SHA-512:	48E524BD8721D7DDFCEBB9EDFF0D980AA1789193001A61AD53D6A5A5C1EBF09906E4E2591311D8F831A3E83BBCDC3348D5877BE7ED88C475288A6CE4ECBE804F
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/business/mybills/production/locale.en-NZ.4a8119cde29ca710e9f3.chunk.js
Preview:	"use strict";(self.webpackChunkmy_bills=self.webpackChunkmy_bills\|\|[]).push([[229],{8301:e=>{e.exports=JSON.parse('{"ACCEPT":"Accept","ACCEPT_MODAL_HEADER_MOBILE":"Are you sure?","ACCEPT_QUOTE_ERROR":"Sorry! An error has occurred and your quote has not been accepted. Please try again.","ACCOUNT_NUMBER":"Account number","ACTIVATED_YOUR_ACCOUNT":"Activated your account?","ACTIVATED_YOUR_ACCOUNT_MESSAGE":"You should have received an email with a link to activate your Xero account.<p>Have you activated your account?</p>","ADDRESS":"Address","AMOUNT_DUE":"Amount due","APP_NAME":"My Bills","AT":"@ ","ATTACHMENTS":"Attachments ({totalCount})","DOWNLOAD_ATTACHMENTS":"Download attachments ({totalCount})","AUSTRALIA_BUSINESS_NUMBER":"ABN","BANNER_COMMENT_SUCCESS":"Your message has been sent","BANNER_ERROR":"Sorry! An error has occurred and your quote has not been {action}. Please try again later","BANNER_MESSAGE":"Thanks! Your quote has been {action} and {orgName} has been notified","BILLING_ADD

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 13268
Category:	downloaded
Size (bytes):	5172
Entropy (8bit):	7.959217412926552
Encrypted:	false
SSDEEP:
MD5:	C0A0EB66756DE21372EDD5E5F99F5DF9
SHA1:	258572978DE82EDAB428A2714B1553DA021089F1
SHA-256:	22012BC0428674906B0B13E482EDD437CC4B755A28D11F5FB304BABB4499453C
SHA-512:	E83C076AACCEB50615F151710F0A2F09F9EEF7AA61F223F4D21260560A47C93249196B0E25AEB56714A028091F3F0854F470119D12B06FD03EAD7A2C1B332CEF
Malicious:	false
Reputation:	unknown
URL:	https://js.intercomcdn.com/tooltips-modern.41f34148.js
Preview:	...........[.s.6..4..s.J."%..f.7n..q..M<.."!..E.$d...owAR?....w..mk.....b..]P...JY$....4....().L.&a..d4.$..E..?~..o.,.7.&.L.qs......].m.!.d...<.yaH..<6$..b.NS..0./V.T..cq.S..L.y..Z..K..>,.,...v,.%..X}.6Y.M...&K..s..4#h...,.f..v...f...8.m...M..g..d1...=.d#\..Z0<.....!4.^..l.i..dw8...{.k:^....]..yO.zf.EyVJm..m..i..$..a..!.E.e<D(.T.E&........8.J_.I9...i6......eY?..,....mOg#...j.'b.2...fi....K..%J.(..(.....\|...&i....Wy..y.4w...r..+..X.].O..&.../l.m....vd...y....Gm......{N..ux...q...:m..w`..:.ZO..y..Tm..;4..{-.kC.8Tm..v5....i.&...D,..C...`B.&..q..QW.K...s..F.{..[n..-..v.F.....n$k...=[...3v.N.F.#Y8t(....^O...V...:.].....U.](<.....;....pu.h..w.>.*,..:.u..E+..wx..qH..y...pk.12@.7..#..o)R...k.C.....6.3...j.A..5#p.NO}...wI.H...jwp...r,<4\.o.pf .\|:pr..{].h...h.-"U...=.i%..5...?...........j.a..A.zx...[....s:.[...q...N..u...i.Y...._@....m......~....:.........f.._......c.9:Qk4...>.5....X}......a.1..h.S...rB...B.R8..'.X.Q0......l0

Chrome Cache Entry: 131

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (26008), with no line terminators
Category:	downloaded
Size (bytes):	26008
Entropy (8bit):	5.400205313818421
Encrypted:	false
SSDEEP:
MD5:	83C0A3AE20BDB338DE5F1C32594E8A28
SHA1:	1BB16A48E3C00715C03F6DCCFDF886543F8C28AD
SHA-256:	24C6667BF50AF02C957012F598C561091A1C690B70C154762B8116BA887081B4
SHA-512:	6B3EDC6C1BC06C8DD4EEF2D1640F609F2CF3D7601FC92AA6E4E42686EAAE512D6BBB0F7B94394DBB1E8DDF69F9D9BD2172F9D8CCBE26A933E10BA4B38FFEEDD7
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/business/mybills/production/680.6aaa81dd750ad656b318.chunk.js
Preview:	(self.webpackChunkmy_bills=self.webpackChunkmy_bills\|\|[]).push([[680],{53233:(e,t,a)=>{"use strict";Object.defineProperty(t,"Ay",{enumerable:!0,get:function(){return s.default}});var l,s=(l=a(31806))&&l.__esModule?l:{default:l}},84278:(e,t,a)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.default=void 0;var l=p(a(71508)),s=p(a(5556)),r=p(a(41594)),i=p(a(7129)),n=a(34900),o=p(a(94238)),d=p(a(83668)),u=a(74848);function p(e){return e&&e.__esModule?e:{default:e}}const f=r.default.forwardRef(((e,t)=>{let{characterCounter:a,children:s,fieldClassName:r,hintMessage:p,isFieldLayout:f,isGroup:c,isInvalid:h,isLabelHidden:g,label:b,labelClassName:x,labelRef:m,labelTagType:v,onBlur:y,onClick:C,onKeyDown:w,qaHook:k,validationMessage:M,wrapperIds:I,wrapperProps:E}=e;const P=(0,l.default)(r,f&&`${n.ns}-field-layout`),j=(p\|\|M)&&(0,u.jsx)(o.default,{isInvalid:h,validationMessage:M,hintMessage:p,qaHook:k,wrapperIds:I})\|\|void 0;return(0,u.jsx)(i.default.Consumer,{children:e=>{let{useFl

Chrome Cache Entry: 133

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65441)
Category:	downloaded
Size (bytes):	947126
Entropy (8bit):	5.4290204215532665
Encrypted:	false
SSDEEP:
MD5:	AC5D2DD78C2C706051D4EA4C996067E6
SHA1:	DE2BAA3F5D167696C2EF23022CB8E4F494587608
SHA-256:	7B105BBD4F52B5AB66D2C0745B07D532DA2CCBB201827DD5FAB66FBCFFFD6588
SHA-512:	F2F9EBD0A7873B98FADF8849544B09E5E8FAA5E893DB76125F7B21EB6B50C0D9AD11BD9FF355378D4EDEADFC1FA566173B3AFF9EA0EEE118621B4B27798C5721
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/business/mybills/production/IndexRoute.3ac4aebaaa085ad55ebc.chunk.js
Preview:	/! For license information please see IndexRoute.3ac4aebaaa085ad55ebc.chunk.js.LICENSE.txt /.(self.webpackChunkmy_bills=self.webpackChunkmy_bills\|\|[]).push([[952],{8009:(e,t)=>{"use strict";function r(e){return r="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},r(e)}var n,a="https://js.stripe.com/v3",i=/^https:\/\/js\.stripe\.com\/v3\/?(\?.*)?$/,o=null,u=function(e){return null!==o\|\|(o=new Promise((function(t,r){if("undefined"!=typeof window&&"undefined"!=typeof document)if(window.Stripe,window.Stripe)t(window.Stripe);else try{var n=function(){for(var e=document.querySelectorAll('script[src^="'.concat(a,'"]')),t=0;t<e.length;t++){var r=e[t];if(i.test(r.src))return r}return null}();n&&e\|\|n\|\|(n=function(e){var t=e&&!e.advancedFraudSignals?"?advancedFraudSignals=false":"",r=document.createElement("script");r.src="".concat(a).concat(t);v

Chrome Cache Entry: 134

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (27878), with no line terminators
Category:	downloaded
Size (bytes):	27878
Entropy (8bit):	5.47855986761635
Encrypted:	false
SSDEEP:
MD5:	538BC8521EA5CAFCEB050579168EB232
SHA1:	5DEA89313A89AA9D67362E17A0B2E07247A8539F
SHA-256:	C63B42C8BFA3C682C648D0F26D20373CB994B1A80503D4CED076383452440D2D
SHA-512:	E97ED033FAB8797A702AD0C9F6099B08B2BE16A5AC7504D5A78542FCE8A7706A39BF3E94E0A95B0C7095A98EB6EB334FBEC33E8FB4B314DEFF8319DCB168C95B
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/business/mybills/production/360.862fcca8518a9068f07c.chunk.js
Preview:	(self.webpackChunkmy_bills=self.webpackChunkmy_bills\|\|[]).push([[360],{22926:function(e,t,n){!function(e,t){"use strict";function n(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function a(e){for(var t=1;t<arguments.length;t++){var a=null!=arguments[t]?arguments[t]:{};t%2?n(Object(a),!0).forEach((function(t){i(e,t,a[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(a)):n(Object(a)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(a,t))}))}return e}function r(e){return r="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},r(e)}function i(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumera

Chrome Cache Entry: 135

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 528370
Category:	downloaded
Size (bytes):	145072
Entropy (8bit):	7.997872437493743
Encrypted:	true
SSDEEP:
MD5:	D8BF3AF29257E33695B238D38EC1FBA0
SHA1:	32C53F91F004E0FE480884E3DEEEC8B72604FB8F
SHA-256:	DF99DBA4E58104F8E3978F48BF4A4FDF0DF1D75860BA60563D0A6BEB3C7496AB
SHA-512:	4D3D4BF1C36E82E484EE2B25202FFC205ADB505559E8D6A9D7C551686E7E0E14DB04A6C08AF29B62A7223B8C5213A93F3D6DD50FBA7213BC7F53F67D10561F03
Malicious:	false
Reputation:	unknown
URL:	https://js.intercomcdn.com/frame-modern.e1eb984e.js
Preview:	............{.H. .W(^?]`..1)...V.l%+..^.$.",....4-..9...B...{w...7.2.P....0....S;(q...y.a~.q.^.WZ..S/x...>......^n.k.u.7=?r.N.......z....1.......F.o......F......L..6Pr.nR.Q...G..+.Fd....30V..7<.M...g.. ...\|`{0.............?....,.;.0.g....}...]...u./n:./n...,Z.~./.....<l....Q>..~.....`....w...3n.c?.....~..u.j...f....=..r.K..Q.b.J....{...6.MV.77..O=.o7..Y.R...B....Y.......g.....v..aK.....Fe.mm..A?.b...l.ZC.....~0RO.j...jV....v....j.=.n<.j..h.^.s..\j.[..^<.z..Ua.[..<.......ld`..\..l7.X=~..#...-. ^.j.^o.M.lz0..P..`..X.a...vms......jlW`5.[..I....J.m.j.s..7U..........\..8...{.....b....\|....X.zS...-mU.........T.......Q.....j.mV.....l.X.!....c...`.y?..j...U.....{..y...,....g.\|.l.g.b..hm..$..NS.)..cn4..v.)z..UiT.[[..-.7...^...mn.=.]...l.V.....n.....).0.&]4..#.M.`..vc..`...~4........m....o28.b%'..j...5..OcP...W.......p..<Y.-8...fM=.....&,q.p..,.NaX......\!:..!..#&%.N$l.;.I@..iG__w2..]...uz............X..j.4M...v.{.$M.Y...@.....a.'!/.Q...

Chrome Cache Entry: 136

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32010)
Category:	downloaded
Size (bytes):	50049
Entropy (8bit):	5.315307632257224
Encrypted:	false
SSDEEP:
MD5:	63E2DF852D15AB21D7FF8FC4363222E8
SHA1:	7EE401BA652DB0A4EC960350E17216CDA01E22FB
SHA-256:	545156ADEAE44DADC82B98D504F805EBE77FB79C928EF34EED1057BB9D4CB8FE
SHA-512:	BAAD17C762461527B270B57EF294E28BEFF92B3A66829B8DDD8788A791AEBB0A40BE849BFC79FCFC5CB0D7FFC7FD709CA6CD6A61CAC878CE60F585D40F214970
Malicious:	false
Reputation:	unknown
URL:	https://js-agent.newrelic.com/nr-spa-1216.min.js
Preview:	!function(t,n,e){function r(e,o){if(!n[e]){if(!t[e]){var a="function"==typeof __nr_require&&__nr_require;if(!o&&a)return a(e,!0);if(i)return i(e,!0);throw new Error("Cannot find module '"+e+"'")}var s=n[e]={exports:{}};t[e][0].call(s.exports,function(n){var i=t[e][1][n];return r(i\|\|n)},s,s.exports)}return n[e].exports}for(var i="function"==typeof __nr_require&&__nr_require,o=0;o<e.length;o++)r(e[o]);return r}({1:[function(t,n,e){var r=t(46);n.exports=function(t,n){return"addEventListener"in window?window.addEventListener(t,n,r(!1)):"attachEvent"in window?window.attachEvent("on"+t,n):void 0}},{}],2:[function(t,n,e){function r(t,n,e,r){var i=d(t,n,e);return i.stats=a(r,i.stats),i}function i(t,n,e,r,i){var a=d(t,n,e,i);return a.metrics=o(r,a.metrics),a}function o(t,n){return n\|\|(n={count:0}),n.count+=1,v(t,function(t,e){n[t]=a(e,n[t])}),n}function a(t,n){return null==t?s(n):n?(n.c\|\|(n=f(n.t)),n.c+=1,n.t+=t,n.sos+=t*t,t>n.max&&(n.max=t),t<n.min&&(n.min=t),n):{t:t}}function s(t){return t?t.

Chrome Cache Entry: 137

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 705897
Category:	downloaded
Size (bytes):	166299
Entropy (8bit):	7.99719957204128
Encrypted:	true
SSDEEP:
MD5:	D625DB79DB383FDAEF04243566C4AFCE
SHA1:	602DD72D8ACE3CAF67935FADFA7DBB2F8124AC80
SHA-256:	7F3046C46346778BB29417C58A123A51E6B192997660E5AA4315B84D5ECBC5C6
SHA-512:	50B47A9E4605FDEDDF18D54BA7B01EDB8797EEF02F480475CABF8665908D7669440708CAD92DC6BB4E34924EC613BD630668D9BFBE2780CA17233024F248E2CE
Malicious:	false
Reputation:	unknown
URL:	https://js.intercomcdn.com/vendors~app~tooltips-modern.7e0e68e9.js
Preview:	............s.G./....../......6(H..)K6..D.n..N.(.e.(.P E............S.e[^..v..^...\|x......B..<=..>..k.U.Y...<..df.N..k........G..,Qrs. z.....$..G....(....z.C.E.,x}.n..K..W.x...kq...Ro\M.u/%N~$G.......39WZ.....3..#.j..+xd^r...\|..:Ka..8..c~.....g.Z..v....lf.Xe...c..).%.!...8.Y.>N...XdI..(...8.cf...S....z..ror.D....'J.$[..Yf!...A.>..y..j.<..G>\|d.-V....z....l<.G.K..,.`G...Ex..sg..h?N..v.{....g....$zyI..~.22x.M..w.&+....S.E.+..y.Y.../..B..[of..j...gT<.Y...7..K......{\..sH.W.tr2W...b...*.OG..9=?.b.......H4....B..$.......t.<.....kx}......3......R.]{...V....c..F;D..I..T...).d5.6=L4v..e.~...<..c.5N-..)>4_z.....e7sv...I...9x.d5.,zL..C...hSu.f...%..9.t.x.,X.,.PQOXE.Z(.6[..&W$....v5.?N.8.G........K..Ef............1.X........j.)..O6;,....\...^;..?...S.%.OM.z............d.<./CI.f.DG...9)...0...1=.&\|........=.T.%qn..1-)-...q.....w..uy....L......".e...v.fFJj..[i..n%......e..WsxG.-.l.0...... ..w!T.D..'..!...N.d..[N[)yW.>Yt..:....\|...>.......&.Y_=

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (945)
Category:	downloaded
Size (bytes):	131882
Entropy (8bit):	5.376896897488642
Encrypted:	false
SSDEEP:
MD5:	64141792105EA4861F9F33294D65AB81
SHA1:	506D9100CAA070005A890BD496DE64C437D6D008
SHA-256:	21758ED084CD0E37E735722EE4F3957EA960628A29DFA6C3CE1A1D47A2D6E4F7
SHA-512:	30E0A9AA84688AC093C09F2F41089C899BF4A9CA5138289D7A4DC64C54BA293936FB2EE6BA724894A09590509863EA7712B6055C28E61639DF4D34520B538759
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/common/react-dom/18.2.0/react-dom.min.js
Preview:	/*. @license React. * react-dom.production.min.js. . Copyright (c) Facebook, Inc. and its affiliates.. . This source code is licensed under the MIT license found in the. * LICENSE file in the root directory of this source tree.. /.(function(){/. Modernizr 3.0.0pre (Custom Build) \| MIT.*/.'use strict';(function(Q,mb){"object"===typeof exports&&"undefined"!==typeof module?mb(exports,require("react")):"function"===typeof define&&define.amd?define(["exports","react"],mb):(Q=Q\|\|self,mb(Q.ReactDOM={},Q.React))})(this,function(Q,mb){function n(a){for(var b="https://reactjs.org/docs/error-decoder.html?invariant="+a,c=1;c<arguments.length;c++)b+="&args[]="+encodeURIComponent(arguments[c]);return"Minified React error #"+a+"; visit "+b+" for the full message or use the non-minified dev environment for full errors and additional helpful warnings."}.function nb(a,b){Ab(a,b);Ab(a+"Capture",b)}function Ab(a,b){$b[a]=b;for(a=0;a<b.length;a++)cg.add(b[a])}function cj(a){if(Zd.call(dg,a))retu

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2256
Entropy (8bit):	4.986030081204596
Encrypted:	false
SSDEEP:
MD5:	DBF59B15D4A5DA125703BB0B4DEAE4CB
SHA1:	E477DAEF93864DF9755235EEE88D9A03334478A7
SHA-256:	6CED787E68E91549ABCC12B7BE268D4CF5270F4F923BA92D665A4D67BD8F87FF
SHA-512:	FB904E6BE46957476B70C198C0B9A6CE80ABA1B27E8C055DAA42C08379E4F83705C39C5449FF1DD030A2F7A223ED23D48FC07F4536DC201C15C65A9435389425
Malicious:	false
Reputation:	unknown
Preview:	{"status":"AUTHORISED","organisationId":"6fc41906-3c44-4113-aa38-72a354c3bc5f","orgLegalName":"Cybersafe Solutions","orgName":"Cybersafe Solutions","organisationAddress":"Cybersafe Solutions","orgCountryCode":"US","documentType":"INVOICE","documentTitle":"INVOICE","isPdfPreview":false,"isX4XDocument":false,"isRepeatingDocument":false,"showLogo":false,"logoAlignment":"Right","contact":{"id":"d13f30d3-7ddf-4453-9bac-29cb195a368f","name":"bill 1","emailAddress":"noreply@yeryer957.onmicrosoft.com","address":""},"documentNumber":"INV-0003","dateString":"2024-04-26","expiryDateString":"2024-04-26","showLineItemsHeaders":true,"taxUnitName":"Tax","lineItems":[{"description":"Antivirus Subscription","unitAmount":399.9900,"lineAmount":399.99,"quantity":1.0000,"taxAmount":"Tax Exempt"}],"taxLines":[{"id":"TOTAL","taxString":"Tax","lineAmount":0.0}],"subTotal":399.99,"total":399.99,"navTotal":399.99,"currency":"USD","outstandingBills":1199.97,"outstandingBillsCurrency":"USD","enteredByUserId":"04d

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4706)
Category:	downloaded
Size (bytes):	4707
Entropy (8bit):	5.209342867580516
Encrypted:	false
SSDEEP:
MD5:	8F464F6B465E1BD7C723319B980B0A94
SHA1:	485EA8FC56E26ECFF4BB20354C3998CEB64D6766
SHA-256:	462EC91DA5F13557F7035D0BEB94E88EA21E41DD1576F1A5E1CA66CCE7FC6989
SHA-512:	2A62AFE2A43D00FA57830DDBE37E0002A99FC8006D44A8C2339888E173DC84F96B293D50E01EA0F09173A05EC9BF9DC6FF6B2E9E04CF20F4565B03BAE6F59CE4
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/i6m-wrapper/1.x/i6m-wrapper.js
Preview:	!function(){"use strict";const e=new Event("intercom-wrapper:script-loaded"),t=(e,t,n)=>{var o;null===(o=window.newrelic)\|\|void 0===o\|\|o.addPageAction(e,{kotahiId:t,deploymentEnvironment:"production",...n})},n=function(e){let t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:"";return Object.keys(e).filter((t=>null!=e[t])).reduce(((o,i)=>"object"==typeof e[i]&&null!==e[i]?[...o,...n(e[i],t+i+".")]:[...o,t+i]),[])},o=e=>e?{intercomWorkspaceId:e.app_id,intercomSettingsAttributes:n(e)}:{},i=async(e,t)=>{var n,o,i,a,s,r,d;const c=null===(n=e.user)\|\|void 0===n?void 0:n.user_id,w=null===(o=e.company)\|\|void 0===o?void 0:o.company_id,l=null!==(i=null===(a=e.user)\|\|void 0===a?void 0:a.custom_attributes)&&void 0!==i?i:{},u=null!==(s=null===(r=e.company)\|\|void 0===r?void 0:r.custom_attributes)&&void 0!==s?s:{},m={...l,...null!==(d=e.messenger)&&void 0!==d?d:{},app_id:t};return c?(m.user_id=c,m.user_hash=await(async(e,t)=>{var n,o;const i=sessionStorage.getItem(`intercom-user-hash-${e}-${t}

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (630)
Category:	downloaded
Size (bytes):	10737
Entropy (8bit):	5.327237293204141
Encrypted:	false
SSDEEP:
MD5:	D86DCDBFED4C273C4742744941259902
SHA1:	98089A33D0CF2FA4B3E1BA9B7EEB9B8BA0AC82A7
SHA-256:	4B4969FA4EF3594324DA2C6D78CE8766FBBC2FD121FFF395AEDF997DB0A99A06
SHA-512:	F10E98F579D36CE13E24DBE3050C09D87F12F94578B80EA1891CA485DB48C83619D93A6B74D99639468A746CCE872AF8742CA4DBCECE7A36CFBF097B96B7EAAD
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/common/react/18.2.0/react.min.js
Preview:	/*. @license React. * react.production.min.js. . Copyright (c) Facebook, Inc. and its affiliates.. . This source code is licensed under the MIT license found in the. * LICENSE file in the root directory of this source tree.. */.(function(){'use strict';(function(c,x){"object"===typeof exports&&"undefined"!==typeof module?x(exports):"function"===typeof define&&define.amd?define(["exports"],x):(c=c\|\|self,x(c.React={}))})(this,function(c){function x(a){if(null===a\|\|"object"!==typeof a)return null;a=V&&a[V]\|\|a["@@iterator"];return"function"===typeof a?a:null}function w(a,b,e){this.props=a;this.context=b;this.refs=W;this.updater=e\|\|X}function Y(){}function K(a,b,e){this.props=a;this.context=b;this.refs=W;this.updater=e\|\|X}function Z(a,b,.e){var m,d={},c=null,h=null;if(null!=b)for(m in void 0!==b.ref&&(h=b.ref),void 0!==b.key&&(c=""+b.key),b)aa.call(b,m)&&!ba.hasOwnProperty(m)&&(d[m]=b[m]);var l=arguments.length-2;if(1===l)d.children=e;else if(1<l){for(var f=Array(l),k=0;k<l;k++)f[k

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4310), with no line terminators
Category:	downloaded
Size (bytes):	4310
Entropy (8bit):	5.513163125491022
Encrypted:	false
SSDEEP:
MD5:	2782DE9EC7FDCFE821022097AC9E6D6F
SHA1:	0F59E00EAB261F0EF58853B7A84ABE6A95793E0D
SHA-256:	9645F1A52935F4190AD95FEB58CB7FC31D29C7D949ABEB772EDF5C8BFEA1A397
SHA-512:	ABF76FD8C922445AF8324731A2E271039E9FCA18509F2AB0EC2FBC9C9BF1F24E8BF539CB32AEA08ABD65949A9FDB3BA8415A6EE7E40998124A0ADA45500F53AD
Malicious:	false
Reputation:	unknown
URL:	https://edge.xero.com/business/mybills/production/ActionModal.4499830df21821d57209.chunk.js
Preview:	"use strict";(self.webpackChunkmy_bills=self.webpackChunkmy_bills\|\|[]).push([[136],{8431:(e,t,a)=>{Object.defineProperty(t,"J9",{enumerable:!0,get:function(){return l.default}}),Object.defineProperty(t,"Ay",{enumerable:!0,get:function(){return n.default}});var n=r(a(53274)),l=r(a(94373));function r(e){return e&&e.__esModule?e:{default:e}}},75862:(e,t,a)=>{a.r(t),a.d(t,{createClass:()=>v,default:()=>M});var n=a(41594),l=a.n(n),r=a(81070),i=a(71468),o=a(38760),s=a(53233),c=a(86174),u=a(22264),d=a(83347),E=a(8431),m=a(76028),C=a(77051),A=a(55312),S=a(96839),g=a(59813),h=a(28477),N=a(29988);const v=(0,A.Zn)("ActionModal"),M=()=>{const{formatMessage:e}=(0,r.useIntl)(),t=(0,i.wA)(),a=(0,i.d4)(h.documentSelectors.contact).emailAddress,A=(0,i.d4)(h.documentSelectors.orgName),M=(0,i.d4)(h.statementSelectors.orgName),O=(0,i.d4)(h.invoiceCommentedEvent),T=(0,i.d4)(h.quoteCommentedEvent),_=(0,i.d4)(h.quoteAcceptedEvent),L=(0,i.d4)(h.quoteDeclinedEvent),I=(0,i.d4)(h.statementSelectors.contactEmail)

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://in.xero.com/Kw5EivBbP7cI8mUewaIbiEH2de2DrArU8XaI2H1t

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

C:\Users\user\Downloads\75ff2734-d7c5-43d9-b1cd-c1b3dadcf477.tmp

C:\Users\user\Downloads\Invoice INV-0003.pdf (copy)

C:\Users\user\Downloads\Invoice INV-0003.pdf.crdownload

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 124

Chrome Cache Entry: 125

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 131

Chrome Cache Entry: 133

Chrome Cache Entry: 134

Chrome Cache Entry: 135

Chrome Cache Entry: 136

Chrome Cache Entry: 137

Chrome Cache Entry: 94

Windows Analysis Report
https://in.xero.com/Kw5EivBbP7cI8mUewaIbiEH2de2DrArU8XaI2H1t