Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://zohoinvoicepay.com/invoice/fabiomadeira/secure?CInvoiceID=2-10fe63d8f4ea881832bdb201bcbb401b09368b448d5ffe83bcea3bf8639fc3eb3c56d4f653ed8669f4551644d82911b13dd52dce89617e5718eb62800c59473c98e1fb71080bbb7a

Overview

General Information

Sample URL:https://zohoinvoicepay.com/invoice/fabiomadeira/secure?CInvoiceID=2-10fe63d8f4ea881832bdb201bcbb401b09368b448d5ffe83bcea3bf8639fc3eb3c56d4f653ed8669f4551644d82911b13dd52dce89617e5718eb62800c59473c98e1
Analysis ID:1559002

Detection

Score:21
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

AI detected suspicious URL
Detected non-DNS traffic on DNS port
Stores files to the Windows start menu directory

Classification

  • System is w10x64_ra
  • chrome.exe (PID: 5992 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6856 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1992,i,2299189150562884862,9207125014017148512,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6472 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://zohoinvoicepay.com/invoice/fabiomadeira/secure?CInvoiceID=2-10fe63d8f4ea881832bdb201bcbb401b09368b448d5ffe83bcea3bf8639fc3eb3c56d4f653ed8669f4551644d82911b13dd52dce89617e5718eb62800c59473c98e1fb71080bbb7a" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: EmailJoe Sandbox AI: AI detected Brand spoofing attempt in URL: https://zohoinvoicepay.com
Source: EmailJoe Sandbox AI: AI detected Typosquatting in URL: https://zohoinvoicepay.com
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.206:443 -> 192.168.2.16:52743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:52744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:52745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:52746 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 18MB later: 40MB
Source: global trafficTCP traffic: 192.168.2.16:52742 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.16:52742 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.16:52742 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.16:52742 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.16:52742 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.16:52742 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.16:52742 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.16:52742 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.16:52742 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.16:52742 -> 162.159.36.2:53
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: global trafficDNS traffic detected: DNS query: zohoinvoicepay.com
Source: global trafficDNS traffic detected: DNS query: webfonts.zoho.com
Source: global trafficDNS traffic detected: DNS query: static.zohocdn.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: invoice.zoho.com
Source: global trafficDNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52750
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 52744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52745
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52746
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 52745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.206:443 -> 192.168.2.16:52743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:52744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:52745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:52746 version: TLS 1.2
Source: classification engineClassification label: sus21.win@17/19@18/158
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1992,i,2299189150562884862,9207125014017148512,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://zohoinvoicepay.com/invoice/fabiomadeira/secure?CInvoiceID=2-10fe63d8f4ea881832bdb201bcbb401b09368b448d5ffe83bcea3bf8639fc3eb3c56d4f653ed8669f4551644d82911b13dd52dce89617e5718eb62800c59473c98e1fb71080bbb7a"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1992,i,2299189150562884862,9207125014017148512,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions
1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder
1
Registry Run Keys / Startup Folder
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection
1
Extra Window Memory Injection
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://zohoinvoicepay.com/invoice/fabiomadeira/secure?CInvoiceID=2-10fe63d8f4ea881832bdb201bcbb401b09368b448d5ffe83bcea3bf8639fc3eb3c56d4f653ed8669f4551644d82911b13dd52dce89617e5718eb62800c59473c98e1fb71080bbb7a0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
zs-lc1-25-h2.zoho.com0%VirustotalBrowse
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
zohoinvoicepay.com
136.143.191.224
truefalse
    high
    invoice.zoho.com
    136.143.190.145
    truefalse
      high
      h2-stratus.zohocdn.com
      89.36.170.147
      truefalse
        high
        www.google.com
        172.217.16.132
        truefalse
          high
          zs-lc1-25-h2.zoho.com
          136.143.191.104
          truefalseunknown
          webfonts.zoho.com
          unknown
          unknownfalse
            high
            206.23.85.13.in-addr.arpa
            unknown
            unknownfalse
              high
              static.zohocdn.com
              unknown
              unknownfalse
                high
                NameMaliciousAntivirus DetectionReputation
                https://zohoinvoicepay.com/invoice/fabiomadeira/secure?CInvoiceID=2-10fe63d8f4ea881832bdb201bcbb401b09368b448d5ffe83bcea3bf8639fc3eb3c56d4f653ed8669f4551644d82911b13dd52dce89617e5718eb62800c59473c98e1fb71080bbb7a#/securepaymentfalse
                  unknown
                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs
                  IPDomainCountryFlagASNASN NameMalicious
                  136.143.190.145
                  invoice.zoho.comUnited States
                  2639ZOHO-ASUSfalse
                  1.1.1.1
                  unknownAustralia
                  13335CLOUDFLARENETUSfalse
                  108.177.15.84
                  unknownUnited States
                  15169GOOGLEUSfalse
                  142.250.74.206
                  unknownUnited States
                  15169GOOGLEUSfalse
                  216.58.206.78
                  unknownUnited States
                  15169GOOGLEUSfalse
                  216.58.206.67
                  unknownUnited States
                  15169GOOGLEUSfalse
                  172.217.18.3
                  unknownUnited States
                  15169GOOGLEUSfalse
                  142.250.185.138
                  unknownUnited States
                  15169GOOGLEUSfalse
                  142.250.185.227
                  unknownUnited States
                  15169GOOGLEUSfalse
                  89.36.170.147
                  h2-stratus.zohocdn.comSwitzerland
                  41913COMPUTERLINEComputerlineSchlierbachSwitzerlandCHfalse
                  136.143.191.224
                  zohoinvoicepay.comUnited States
                  2639ZOHO-ASUSfalse
                  239.255.255.250
                  unknownReserved
                  unknownunknownfalse
                  142.250.186.164
                  unknownUnited States
                  15169GOOGLEUSfalse
                  136.143.191.104
                  zs-lc1-25-h2.zoho.comUnited States
                  2639ZOHO-ASUSfalse
                  172.217.16.132
                  www.google.comUnited States
                  15169GOOGLEUSfalse
                  IP
                  192.168.2.16
                  Joe Sandbox version:41.0.0 Charoite
                  Analysis ID:1559002
                  Start date and time:2024-11-20 02:57:29 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:defaultwindowsinteractivecookbook.jbs
                  Sample URL:https://zohoinvoicepay.com/invoice/fabiomadeira/secure?CInvoiceID=2-10fe63d8f4ea881832bdb201bcbb401b09368b448d5ffe83bcea3bf8639fc3eb3c56d4f653ed8669f4551644d82911b13dd52dce89617e5718eb62800c59473c98e1fb71080bbb7a
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:14
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • EGA enabled
                  Analysis Mode:stream
                  Analysis stop reason:Timeout
                  Detection:SUS
                  Classification:sus21.win@17/19@18/158
                  • Exclude process from analysis (whitelisted): svchost.exe
                  • Excluded IPs from analysis (whitelisted): 142.250.185.227, 216.58.206.78, 108.177.15.84, 34.104.35.123, 142.250.185.138, 172.217.18.3, 199.232.210.172
                  • Excluded domains from analysis (whitelisted): fonts.googleapis.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
                  • Not all processes where analyzed, report is missing behavior information
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 00:57:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2673
                  Entropy (8bit):3.9835670888925443
                  Encrypted:false
                  SSDEEP:
                  MD5:E66EF6A58458C2DC8C602405E45D5B94
                  SHA1:872A0EDCB9BC3F38246BA59C6115B157A256A58E
                  SHA-256:49EDADE76A1C0F024FD975BD5EDD208B6E05176054D9425D1DC23E75430700E7
                  SHA-512:B7425330634CCD3C2320B2E42DA98BC3B009F5A67ADC4925725F5C56717F232DAD63F438ACBC9212E5D8B58F9734B3C4FF1530A757C678D9C5F565650B7E4D42
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,.....P..:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ItY5.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY=.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY=.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY=............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY@............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........t........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 00:57:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2675
                  Entropy (8bit):4.000069265753576
                  Encrypted:false
                  SSDEEP:
                  MD5:9428D25B86169C87AB11679C10C9D1A4
                  SHA1:B920BAF147FB23EC3CFAAAB54B0B69E7596F3321
                  SHA-256:4D37572751522F69D214563ED3B2CC7BCA57B926106DD002C457E6395D069F55
                  SHA-512:3888321A514E8B815EAA257AB6C3492F94A040EA55F5E43B937632C9ED2A2ABC8A3DA4019F74A339818C8D14124F8736806D55C257C84C859CB0585FD98CC654
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,....Y...:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ItY5.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY=.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY=.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY=............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY@............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........t........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2689
                  Entropy (8bit):4.009266068465454
                  Encrypted:false
                  SSDEEP:
                  MD5:A89882CA7B4D6098068E6511E7C7DAD6
                  SHA1:01A6661C5B64A387A9C4B01EA9CAC23B06078AF7
                  SHA-256:5C9CE11A3F582D2B0DCDA0A707170030EE3E3AFE89BCCB9879722ED92EB95C21
                  SHA-512:FA71BFEE0FBD78FBAB72460FE0F14F6FA46C4A8F6CC9473AA828538E665111D3636F406767C910C9F49C2D90410F8F588F226DAF3553915246E7ED427BB620D9
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ItY5.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY=.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY=.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY=............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........t........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 00:57:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2677
                  Entropy (8bit):3.9965833820002925
                  Encrypted:false
                  SSDEEP:
                  MD5:E3F8274D8A6CDBDB7D43E643C675460D
                  SHA1:6BA1D2E0E622F991FD17A84041106329D51AD908
                  SHA-256:32CA96F28252F5830125415C7033245B454294155EC113FF44D9043B3CC4509A
                  SHA-512:620031B08CDDC8DEA2AC4D6AD963787BCDF677E422AA19DC1D3820FC3BE67BDA468527C3E83EBF7DF120762AF7C34DF7423A29E788EC1D4AF252AB30AB9D3B22
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,....0K..:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ItY5.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY=.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY=.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY=............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY@............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........t........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 00:57:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2677
                  Entropy (8bit):3.987225505425826
                  Encrypted:false
                  SSDEEP:
                  MD5:87DCB06C207CEA5DF9A93DC404EF2507
                  SHA1:A26ABF075065DDF43FB757C11B98C846F8B6A850
                  SHA-256:EBD50136FB504E64533F8A20F72EC699BB61FB205D1E3600409015EC1D502A5D
                  SHA-512:1B4F3167F4C5656038280AD3E5245AAC3EA6AEB2F00CB7EE9F4A1D49D3B9E475EFB6D1AFC534EF4A7752F1BD20014DF8A8167815197955927BA3E904EA1AB443
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,.....G..:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ItY5.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY=.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY=.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY=............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY@............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........t........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 00:57:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2679
                  Entropy (8bit):3.9963327903876347
                  Encrypted:false
                  SSDEEP:
                  MD5:0289852890714A23676F09DD1D478A81
                  SHA1:B9861107F86B9851479A0DCF53FCC259ED53F79D
                  SHA-256:DECB6383BC7BE5902B3E1D7276609B50132ED3454488D15265F075E93B8B10C7
                  SHA-512:F78EBD6BF8A39662B682F057EE80FBC4C5CFEB1E03767100DD9175E95713495AE34D5D1C6DDA6EBF40AFEB86D6DF456A67CFB05CD028F5F9AF2AF791C08A7683
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,.....q..:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ItY5.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY=.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY=.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY=............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY@............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........t........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:Web Open Font Format (Version 2), TrueType, length 20692, version 3.1245
                  Category:downloaded
                  Size (bytes):20692
                  Entropy (8bit):7.987080439150793
                  Encrypted:false
                  SSDEEP:
                  MD5:9F5621C6D1F0EA9F75D764BC1A1F5AE2
                  SHA1:0FC9B81097BED708090BA96878629C64D283D3B2
                  SHA-256:44B0C043656308DCA9B5645163EC4637D8B6C966D93B485DD3525420B6129E7D
                  SHA-512:7AA10E21B8A26759368887736A4B2FF062DEA7A920E10422163A7C0E48658B0C93BA8E981CAEEDC2F757C40FD20B061971AA060E8DCB8FC1984D85D4EF082EB3
                  Malicious:false
                  Reputation:unknown
                  URL:https://static.zohocdn.com/webfonts/interregular/font_latin.woff2
                  Preview:wOF2......P...........P{.........................j..0..x.`..x........6.$..(..... ..h. .!..P.v;....z.:.......V....f.... ......g$'c....V.{,.i%...n.w$.MJ.]".}L.A....E...o$.@.%N$2X.p...a..h..a.X.GNx..W~...1.6...m(k..n.n......J.M...N..i.9.&\..u.o.=.Y..?II......[..h...^a.....=...9;....O~..B....`....M[V.B......l}.h....*Fv..]..?....gf..Qix3..:&...Q.^....P....24D.RiS.r..9.13.0c...0...8....#r.T...k6.v.i.~......W......v....{e.4.....g..^.Y..,.)>....fi>...x.a..^.*.C......,..Q*qE..s...N]#..W.uC-.........<..V.t..&....K.o. .@..K..n.`..F....$(....Xim.7..o...R Q..D..........YH .;.....o.......bf...H..c..J.........$.Lxd..-d.....(......^.c.#N...0.-<.7.}....h.t{..C.].....^].....H.B.BE.....#..[..}..)...Zx.6~.wR.|.0.5)b~.u.1.VN0...Z.d..,..s.m".".WQ....23..d.$..rH.+Y..X..%.E...d...9Y..1WD._y.)W).T....r....... .e.n.?I.{.@....#..|.mRj.r.C^BN.apq.)).ph...|..&.G......0...(*.F....?V9..e...^m.y.....G........L.g.@S..R_...fY.....:[....(9...<?ku`.6...:[p...u9cP.....e......P...
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:Unicode text, UTF-8 text, with very long lines (39202), with NEL line terminators
                  Category:downloaded
                  Size (bytes):1669426
                  Entropy (8bit):5.6706612985900415
                  Encrypted:false
                  SSDEEP:
                  MD5:77F511A31E7523EEFA5A6E408ADEC355
                  SHA1:F034139E258CA871707132FDAF20A4E4D4A5EED2
                  SHA-256:F9FA75137CCC162D3AB8312B634CB01E5638132AB608A6A68C3B48AB7D2F8698
                  SHA-512:1F30D268ECA4994E71093F19AC344062562CC315A5DC574462586FBDD4BA056E97BDF1AF3A07A1676C6F5012958F9A26436BE0B76E466F688ED209BBC6216E49
                  Malicious:false
                  Reputation:unknown
                  URL:https://static.zohocdn.com/zfbooksportal/zbportal/assets/vendor-ee262d642a8e7db41ca4ed8b05e8422b.js
                  Preview:window.EmberENV={FEATURES:{},EXTEND_PROTOTYPES:{Date:!1}};var loader,define,requireModule,require,requirejs,dbits,runningTests=!1;function parseBigInt(e,t){return new BigInteger(e,t)}function linebrk(e,t){for(var r="",n=0;n+t<e.length;)r+=e.substring(n,n+t)+"\n",n+=t;return r+e.substring(n,e.length)}function byte2Hex(e){return e<16?"0"+e.toString(16):e.toString(16)}function pkcs1pad2(e,t){if(t<e.length+11)return alert("Message too long for RSA"),null;for(var r=new Array,n=e.length-1;n>=0&&t>0;){var i=e.charCodeAt(n--);i<128?r[--t]=i:i>127&&i<2048?(r[--t]=63&i|128,r[--t]=i>>6|192):(r[--t]=63&i|128,r[--t]=i>>6&63|128,r[--t]=i>>12|224)}r[--t]=0;for(var a=new SecureRandom,o=new Array;t>2;){for(o[0]=0;0==o[0];)a.nextBytes(o);r[--t]=o[0]}return r[--t]=2,r[--t]=0,new BigInteger(r)}function RSAKey(){this.n=null,this.e=0,this.d=null,this.p=null,this.q=null,this.dmp1=null,this.dmq1=null,this.coeff=null}function RSASetPublic(e,t){null!=e&&null!=t&&e.length>0&&t.length>0?(this.n=parseBigInt(e,16),
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (1219)
                  Category:downloaded
                  Size (bytes):21757
                  Entropy (8bit):5.255446259732923
                  Encrypted:false
                  SSDEEP:
                  MD5:C3CB5066947AC58DDAC7046BFAC6EB21
                  SHA1:1E1DDC69E0A23494E864D41EA17DBF2A3BE41132
                  SHA-256:26B80BE2BCC2F17C9BB6F3646AE9EFE3DB7426A53007D65F1DE00D500A62D4CF
                  SHA-512:9404AE4C139A49E12B722AE60772711D3CB1BA9C8BDAD9CC892AE42FAA113B55929FB46811E92C5E2DDC002FE96652ADF9645B80693B9C8FF328C7C290BCE30F
                  Malicious:false
                  Reputation:unknown
                  URL:"https://webfonts.zoho.com/css?display=swap&family=Inter:400,500,600,700/Source+Sans+Pro:400/Open+Sans:400,600,700"
                  Preview:@font-face {. font-family:"Inter";. font-weight:400;. font-style:normal;. font-display:swap;. src:url("//static.zohocdn.com/webfonts/interregular/font_greek.woff2") format("woff2");. unicode-range: U+370-377, U+37A-37F, U+384-38A, U+38C, U+38E-393, U+395-3A1, U+3A3-3A8, U+3AA-3E1, U+3F0-3FF;}.@font-face {. font-family:"Inter";. font-weight:400;. font-style:normal;. font-display:swap;. src:url("//static.zohocdn.com/webfonts/interregular/font_cyrillic_ext.woff2") format("woff2");. unicode-range: U+460-48F, U+492-49D, U+4A0-4AF, U+4B2-4FF, U+52F, U+2DFF, U+A69F;}.@font-face {. font-family:"Inter";. font-weight:400;. font-style:normal;. font-display:swap;. src:url("//static.zohocdn.com/webfonts/interregular/font_latin.woff2") format("woff2");. unicode-range: U+20-7E, U+A0-FF, U+131, U+152-153, U+2C6, U+2DA, U+2DC, U+2000-200B, U+2010-2027, U+202F-205F, U+2074, U+20AC, U+2212, U+E0FF;}.@font-face {. font-family:"Inter";. font-weight:400;. font-style
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text
                  Category:downloaded
                  Size (bytes):444
                  Entropy (8bit):5.343562898239662
                  Encrypted:false
                  SSDEEP:
                  MD5:3E0403187D2B6477C484D5B403858737
                  SHA1:70B4DBEC38D378DD9F04A0CEB09C38D1B132D651
                  SHA-256:1F9A68DC3941B4C0783AA489329CE41201CD84A0B95C59B874D9104A35DBC8D7
                  SHA-512:C64E599BE19271CB7E41FF6C78FEE6B0532E1D7C2D4238D50A7512A897DFD61DED71278ECD3F3250B68F17C3D5FB2DD73A74F5D7FE3F80B5C03C160BE2FA3D1A
                  Malicious:false
                  Reputation:unknown
                  URL:https://fonts.googleapis.com/css2?family=Nothing+You+Could+Do&display=swap
                  Preview:/* latin */.@font-face {. font-family: 'Nothing You Could Do';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/nothingyoucoulddo/v19/oY1B8fbBpaP5OX3DtrRYf_Q2BPB1SnfZb3OOnVs.woff2) format('woff2');. unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;.}.
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:Unicode text, UTF-8 text, with very long lines (65521), with no line terminators
                  Category:dropped
                  Size (bytes):73580
                  Entropy (8bit):4.858970935087949
                  Encrypted:false
                  SSDEEP:
                  MD5:021571E3BF6BF2B63F3B04E2E6606A71
                  SHA1:E01272362A50B4F5894852857455F8C0FC92ABE9
                  SHA-256:231D47EF36A8375B2CD17D91FE24D271A9CB12A6D01EAFBA7E8BA8C87040EDA0
                  SHA-512:53A3624BE8162D29CAED3A8F0AB1B8E571CB85BFF37A43F415B70A07448FA8029E868768D7E202FC490EC2E546EEE87E30FCAEA69C13055AC43136C172536C9D
                  Malicious:false
                  Reputation:unknown
                  Preview:Ember.STRINGS={"zb.bills.lastpaid":"Last Payment Received","zb.common.documents":"Documents","zb.common.uploaded.doc":"Uploaded Documents","zb.common.drag.receipt":"Drag and Drop Documents","zb.doc.all":"All Documents","zb.doc.pending":"Pending Documents","zb.doc.accepted":"Accepted Documents","zb.doc.rejected":"Rejected Documents","zb.doc.pendingandrejected":"Pending and Rejected","zb.doc.associated.bill":"Associated transactions","zb.docs.list.rejected.empty":"There are no rejected documents","zb.docs.list.accepted.empty":"There are no accepted documents","zb.docs.list.pending.empty":"There are no pending documents","zb.doc.list.pendingandrejected.empty":"There are no pending and rejected documents","zb.upload.on":"Uploaded on.","zb.upload.doc":"Upload Document","zb.upload.docs":"Upload Documents","zb.billing.cycle":"The Billing Cycle","zb.doc.upload.point":"or upload images and PDFs.that are less than 5MB each","zb.common.close":"Close","zb.common.preview":"Preview","zb.common.addf
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
                  Category:downloaded
                  Size (bytes):176047
                  Entropy (8bit):5.06955737885969
                  Encrypted:false
                  SSDEEP:
                  MD5:81BB36F572E0D5AAA3AD5524966E1546
                  SHA1:627F571F107868BB8EF5CCBED98DC540D064812D
                  SHA-256:709611ECB6B2F61E33E246B1F421DD25C75AE1F3FEDE5E5EAA8B50C211E2D58A
                  SHA-512:7443A26EF56D2543E4E959B7A5371173F75C8AE305AED470B0D9C72C92753152CE6AF5004351D80F15CC415EEECCF1339E765FFF6D9CA4BDB936152476E1CA08
                  Malicious:false
                  Reputation:unknown
                  URL:https://static.zohocdn.com/zfbooksportal/zbportal/assets/styles/vendor-81bb36f572e0d5aaa3ad5524966e1546.css
                  Preview:@charset "UTF-8";.accessibility-result-popover>.arrow:after,.dropdown-toggle::after,.dropleft .dropdown-toggle::after,.dropleft .dropdown-toggle::before,.dropright .dropdown-toggle::after,.dropup .dropdown-toggle::after{content:""}*,.signature-container *,::after,::before,input[type=checkbox],input[type=radio]{box-sizing:border-box}pre,textarea{overflow:auto}.accessibility-result-popover,.popover,.tooltip,legend{white-space:normal}button,hr,input{overflow:visible}.accessibility-loading-overlay{position:fixed;height:100vh;width:100vw;left:0;top:0;background:rgba(0,0,0,.3);z-index:2147483635}.toggle-accessibility-result{display:inline-block;width:25px;height:25px;border-radius:100%;z-index:2147483637;transition:.2s all linear}.toggle-accessibility-result:active,.toggle-accessibility-result:focus{outline:0;transform:scale(1.2)}.accessibility-result-popover{visibility:hidden;position:absolute;max-width:500px;padding:10px;text-align:left;background-color:#fff;-webkit-background-clip:padding
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (65536), with no line terminators
                  Category:downloaded
                  Size (bytes):1780209
                  Entropy (8bit):5.218269820142036
                  Encrypted:false
                  SSDEEP:
                  MD5:336403A2C5BC11F2BA374B4E719FB2CD
                  SHA1:E092BB601E70FB0C8092CF25B90A9FE48BAD5E47
                  SHA-256:740D1AC5D1B2E17A7BEC025CB305CCC4B5FCFB0ECFBCD32185203F2E0CA367EF
                  SHA-512:371087D9E5F18317CEA593B80078BC36F723EEE7079DECBAE11C5D6796535B6F1F803DA9BACCC134095489EAD6F492AED4F3756762D202FE672F03A10BFE6583
                  Malicious:false
                  Reputation:unknown
                  URL:https://static.zohocdn.com/zfbooksportal/zbportal/assets/cp-31fda43d3b84be9ac07276c091d65384.js
                  Preview:"use strict";define("cp/adapters/application",["exports","cp/utils/ajax"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0;var n=Ember.Object.extend({buildURL(e,t){let n=e.proto().resourceUrl;return t&&(n+=`/${t}`),n},patch(e,t){let n=this.buildURL(e);t.op&&(n+=`/${t.op}`,delete t.op);let a={type:"POST",dataType:"json"};return Ember.assign(a,t),this.ajax(n,a)},findByID(e,t,n){let a=this.buildURL(e,t);return this.ajax(a,{data:n}).then((t=>e.create().deserialize(t)),(e=>{throw e}))},findAll(e,t){let n=this.buildURL(e);return this.ajax(n,{data:t}).then((t=>(e.injectDependencies(t),this.deserializeMany(e,t))))},deserializeMany(e,t){if(!e.responsePath)throw new Ember.Error("Please define `responsePath` on Model. eg. Contact.responsePath = 'contacts'. This is required to deserialize JSON payload");let n=Ember.A(t[e.responsePath]),a=Ember.A();return n.forEach((t=>{a.pushObject(e.create().deserialize(t))})),a},ajax:t.default});e.default=n})),define("cp/app",["ex
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                  Category:dropped
                  Size (bytes):15086
                  Entropy (8bit):4.425130317047926
                  Encrypted:false
                  SSDEEP:
                  MD5:A14127B9F9EFD6E514747A5D71D45CCE
                  SHA1:5FC6829133736C56C6356FC88119E89B399FBAE2
                  SHA-256:05B7469CF3B84581156C6FFD1AB613454026305097EB4D3DAC6DAB4531ECEAC6
                  SHA-512:EDC8D5C744FF8DEE0A09FA032DAF5487CDFE346476CBDC9B8C7894DE6A4D0C124F0F5B5DF6F6CA2FC953E8F21C91B8E27133EA8B007DE2FBF1FB3B8EA47E362A
                  Malicious:false
                  Reputation:unknown
                  Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......$.............................................@...........................................................................................................................J...........................................................5...........................................................................................................................................x...............................................c.......................................................................................................................................................T...................................k...........................x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..w..y..............................................................C....................}:..l!..j...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...j
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:Web Open Font Format (Version 2), TrueType, length 21320, version 3.1245
                  Category:downloaded
                  Size (bytes):21320
                  Entropy (8bit):7.98794492759438
                  Encrypted:false
                  SSDEEP:
                  MD5:56010365F3ED3D7D743796877F3C47C1
                  SHA1:2F899431ABC687B3D16FE01CA4C38BCF60B2A9A2
                  SHA-256:69EB0494D55402351D6C0BC16F8A6890C05BD65B9F908B51C90FEF3E17CC3ADD
                  SHA-512:57025102CDC8A0771A5638234CF4BAB2D46E5976DCE6245F55B08EC7815649D182EBE73ED45C071827AC37E442D4B5CCF49CE591D38E04CB3A58D60DE4CD7F4E
                  Malicious:false
                  Reputation:unknown
                  URL:https://static.zohocdn.com/webfonts/intersemibold/font_latin.woff2
                  Preview:wOF2......SH.......H..R..........................j..x..x.`..x...l....6.$..(..... ..p. .....6.~v;@....Wd0.8.....(......?'......fUP...HF.....$.J...*$.r R.ra.B.....p....W.0..1..x..o...}......~.X..l..{....._.KAn..7..K...S...(..x*.I..E.#N...Z.NM...y.5~.....G.j..$<2d*...X($HxJ`.|..9....lK..#$d}..]z.Y.u...gm.B.|.._.&.$iC.m../m......?...gf.O.o....X...O,..B..Y./%..4.dI.`n..E.6..#.,`..E...m......R.....b...[..o%_v.....EJ.u..i.5........)+...X...0X..E.`'........Y...3.[...pS.*....(.C...y....!V..../A.............&.l.n1.\....'~..6..FD.Ar.m...b...B"......h....Tv}8mLg.f.s.}.....U_<U..M.l...T.{..4...w..;.7).......t...c.N'D.5.#.F%z2.....3.r.+...-.o.1zc$...\.S.\...v)...C`.ZQ.(..p...i....pd8.....2.rQ^.....F;..,.G...Z.}.!...H..>.....I...C..@..U...../.7.t{.R.).\..Rt]^....7...rB...D..m.f\[m.iy,........M....+.GU.......n...@[f.*d.-.H._.H.zY..fM..=...&-.i.S8.v\...bp.......z.+.....a4.,.R.Wnc..7...(...D....""..D....6M.>.........m_<d...Q.00.C...{.{....DE....L$"Z,"^:b.,..7..CLt
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:Web Open Font Format (Version 2), TrueType, length 16832, version 1.6554
                  Category:downloaded
                  Size (bytes):16832
                  Entropy (8bit):7.98680923863861
                  Encrypted:false
                  SSDEEP:
                  MD5:472CFE0F002A296A76A18B4FEB1FEEAB
                  SHA1:D0DE4C75E4CFA7C355BA391FFA9F8D5A09AFE870
                  SHA-256:3A187761967861DAE1C14CA8D1C57D967DB1567AED9FCB6ECDBC4B0E645D01BC
                  SHA-512:A1C12D66014134AED2B3B7A7E44E6FB17DF6823B5D8AFB46D11C4E7679EC186A8B69EEE13BAD80D0DA3AAC7A7A8CB449C699F836AE820C9C6C4C7B38F15A8C9B
                  Malicious:false
                  Reputation:unknown
                  URL:https://static.zohocdn.com/webfonts/opensanssemibold/font_latin.woff2
                  Preview:wOF2......A........h..AV........................?FFTM........0.`..b..&..4........g.6.$..B..d.. ..O..i.....q'pgO0.V.SR..(!.....:.5........@..4..BL!fG....P.H.....4..j=.2.e,..B|.u...n..._...E..x......p..G=....-.:o.../.5uN...bw..jw..<.PL|.,.Z....".$..jW.3 .x(...`..p.Wd......ht..g....zf.....P.....{.....Z.=/'^O........{.&.1.....y.=.xU.5[.....m...$....j..})}.H.BL.:.J..l.q...e...i.h..W~.G.C..Q..K...%.U...].......r.*z..2..C.^..`..F.pj...?U.?.g.......H."W....v.N.:....\.....u.]N{..R}n../?.N.X..I.4A,[.\.P.m.r..?.....Og.l.....?.m^..J..Vg.3..6L.J..P....I."p...E.Hd..\ ....>..E..A....Nx...vP.(..n......%r92,$.......E?....D.f.k#..B'.........!....3<66&..m\Y&w.A..Z{.y.;.&+##db..}.ApQ...$L..,..t..i]%@......m.9.{..M..I..#l..X....N...$.I0..d..V.L1.!.*.Z....V.m!.l."..]'N......g.{fzYY."J..(.....l...Oe..(.......p.vr....*.%..Kw...`.._9..7.|..........2.e.~.2......8...q.w.@... ......$K`.6...>].3N....e....V...I....3A... .8....r.TU...z...\~.3......:.....$.C.F.,z|hD.P]......).
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:PNG image data, 593 x 585, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):116385
                  Entropy (8bit):7.993315415840242
                  Encrypted:true
                  SSDEEP:
                  MD5:670B15E6A4AA68089C2D2339CA07F560
                  SHA1:F0D1F49C975175D1919327378D3BD64AA63D6188
                  SHA-256:256D711A0B61630407BF76787BCD209E5F0B18D0C1EB3515EB4474FD7D68EAC7
                  SHA-512:401EE723AFDD8C9F434558313FD2A0B0A9DBDAE5C488A3BF61E557231EC233C8890D4B2E6E9004E7DCECC224E4C51BFDCE20E718B35266923E409EACCF4B5ABD
                  Malicious:false
                  Reputation:unknown
                  Preview:.PNG........IHDR...Q...I.......b(....sRGB....... .IDATx..k.eIV......[......k.......!..Q."..aP..V`,.XC...0 c..s-.x...#.FxP.......XB...................G=.gg........;....j}.'..s......Z.[.B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.h...P(n."..e....a...._.._.+..X.....`w....,..,..[K.....z$...w..h.}y.h:...C....r.H..2.x.2...,mkf..../....../.c..w....,.~..^B.....f.G.8}.wq.X...........q..W....._:..p`D.L.W[7...d...?..`".z.*.J....(.Z.`.........?.gqE.*L.N....#B... F`..0#.-...h e..n.y...}.....}W.>..h..F..;...+7p..[?..o..;...d.n ...._[.%....9Pw.c..r..W .:..3`..........}.g.8s........@ ...d..d..-.......P(.D)...*.............o.......{.gU..@.G....?.:!.(..dF.b.!.4.:].t.k......a.t..K.....I..0...o..H..p.6..o...-...o......a.`...].." ..w..........?.y.Cx..>.|.g...8..A.@$z.*.J....6.z.|;d..x...`a.......".ND. WR.......Q..*....:.,..#G...(S-.......(....gIb.d...dY".j...*..x/.h.]..9.w............K0.)
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (65536), with no line terminators
                  Category:downloaded
                  Size (bytes):103122
                  Entropy (8bit):5.0182243597048135
                  Encrypted:false
                  SSDEEP:
                  MD5:7545DFF833E14FEAC2DEDA030FFC19AD
                  SHA1:E341711253CDAA36EF75B83B1C6357466946D093
                  SHA-256:346E0743DFB14EF00EE3027D0E8315E8594B6AB424887ED771AE4A041D31CE9B
                  SHA-512:1ADBF772F25DD3FFBA5F479057ACBC0406DD0B537EFDF86D0C61B4D73319E510D22C9633C7458E3F8E90790874D3C3E94E0756106FB421FD99B2C6654D0FD956
                  Malicious:false
                  Reputation:unknown
                  URL:https://static.zohocdn.com/zfbooksportal/zbportal/assets/styles/cp-7545dff833e14feac2deda030ffc19ad.css
                  Preview:@import url(https://fonts.googleapis.com/css2?family=Nothing+You+Could+Do&display=swap);.cursor-pointer,a{cursor:pointer}.attachment-files,.text-ellipsis,.txn-list .btn-text{text-overflow:ellipsis}.disable-element,.masked,.toggle-button.disabled{pointer-events:none}a :not([href]):not([tabindex]):focus,a:not([href]):not([tabindex]),a:not([href]):not([tabindex]):hover{color:#428bca}a:hover{outline:0}.btn-outline-secondary{background-color:#fff;border-color:#ddd;color:#333}.btn-outline-secondary :not(:disabled):not(.disabled):active:focus{box-shadow:0 1px 1px rgba(0,0,0,.1)}.btn-outline-secondary:focus,.btn-outline-secondary:hover,.btn-outline-secondary:not(:disabled):not(.disabled):active{color:#333!important;background-color:#f8f8f8;border-color:#c6c6c6;background-repeat:repeat-x;background-image:-webkit-linear-gradient(top,#f8f8f8,#f1f1f1);background-image:-o-linear-gradient(top,#f8f8f8,#f1f1f1);background-image:linear-gradient(top,#f8f8f8,#f1f1f1);-webkit-box-shadow:0 1px 1px rgba(0,0
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:Web Open Font Format (Version 2), TrueType, length 16292, version 1.6554
                  Category:downloaded
                  Size (bytes):16292
                  Entropy (8bit):7.986629591984845
                  Encrypted:false
                  SSDEEP:
                  MD5:B1ADC32F8FF56E59C7C7B8F2D90AC332
                  SHA1:D110058D172BD3DC5FB622B1225B13AAE6A4FD77
                  SHA-256:F4271FB7CE599A61119B6D6BD5082D52728D4E65EDD4DE6B8B2814F7D93503F4
                  SHA-512:1458227DA1841C62E3D13BC33DA3DDE4C10B56A31C32D827B15C0C904D37E18D588ECE606F33E67D88BE246E600E0844BD59015A2EEDB655B92761BBB0153BEA
                  Malicious:false
                  Reputation:unknown
                  URL:https://static.zohocdn.com/webfonts/opensans/font_latin.woff2
                  Preview:wOF2......?.......{T..?:........................?FFTM........0.`..b.."..4.....P..".6.$..B..d.. .....i.....l......>V[?,...j#.y.`.7......2.....z...a.2........_..Q.B.X...}.4.N.....u...).?B.Y.Ea.fo...o..Y.......l|.I.D.o....l<6E...DS....m6=.j`..>p....|...Rh$..d.....H4...... ...D7....A..7em...,...?...htZ....u+... ...,.............j.o...w.1..$J..Pld...?..z.J...G......D.......L..a.f.>.>.?........K.....l`7?,..:..2..].#..T.%...O..e.>eR.^.4..A......K..;..%^...#...E..s..~.t..R...'.......X.Q....a).{..*...A...QjY....J.v....$B2h.#d...j._...F.e.l..7.l....^.wE.........t....?.,..3.&{.9......^..OuCuC...x.Z.?4.......&.=A.P.T...L~....8I....c:.i7&.r..&....].t.....WDI.l<8o5P.....".C."'."#p.....7..A..:Q.@.....,m...ZY-*$.x....h\L<..e_;..t.n%@...;iu...tR.2...{...F......3.i.*..#.N. mJM...)...b.j....d..*.}..2<.O..G....$.%..g):sB....Ua.........zO...vqSQ.w.>}I{...>.e.....D.y.cZ..[Z.<M...!..../..6....E.VG..4Ip'.......u.`....'o.xQ.......I.$Oo...?B...q...^/.{:.{9.4z/x.....<.w..
                  No static file info