Edit tour

Windows Analysis Report
https://links.twiliocdn.com/ls/click?upn=u001.s8B7Bdj-2BO6qOEbA-2BPKse2Z7fYxO9q1PAYKGQzEiFp-2FQBq-2BFpel8VkcfovM37GnWPMnODh7DjfGMugIPNcd8ltt5eAz3eLThOPRhxCnpkpwSoLZsid6F00t-2FjbyOU-2F93X804pv1CgFCLbmObbTHc4xs2oFf5JAweFiVi0KRXNOqc-3DGElV_ZsZNk9I-2BWKUMcOn-2FYMXK2VNILsetvczk0qkDBnt1Q-2Bg8MpLl8s0WAV-2B

Overview

General Information

Sample URL:	https://links.twiliocdn.com/ls/click?upn=u001.s8B7Bdj-2BO6qOEbA-2BPKse2Z7fYxO9q1PAYKGQzEiFp-2FQBq-2BFpel8VkcfovM37GnWPMnODh7DjfGMugIPNcd8ltt5eAz3eLThOPRhxCnpkpwSoLZsid6F00t-2FjbyOU-2F93X804pv1CgFCLbmO
Analysis ID:	1528319

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

HTML page contains hidden javascript code

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 2788 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 5896 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1968,i,1363267348518730008,15124184393528673531,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6640 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://links.twiliocdn.com/ls/click?upn=u001.s8B7Bdj-2BO6qOEbA-2BPKse2Z7fYxO9q1PAYKGQzEiFp-2FQBq-2BFpel8VkcfovM37GnWPMnODh7DjfGMugIPNcd8ltt5eAz3eLThOPRhxCnpkpwSoLZsid6F00t-2FjbyOU-2F93X804pv1CgFCLbmObbTHc4xs2oFf5JAweFiVi0KRXNOqc-3DGElV_ZsZNk9I-2BWKUMcOn-2FYMXK2VNILsetvczk0qkDBnt1Q-2Bg8MpLl8s0WAV-2BDTdcA1B04hx8sA-2BW0GxVYvh2qVpF6F65Gu9V4sDAY92xxVGKz5-2FPm7g3NnjmMHPLLko1n0yo8zXU96ib-2Fkd2UlSpKM7-2FtLOgBRnY6kYZKdEH0u7WVzj7SB1RusturLTNUo-2Fc2xD3-2Bue1X-2FXpLb7JXVjEC8KMHbkSDIFrk6iWY7B-2FVB2-2FJ2iI-3D" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://support.twilio.com/hc/en-us/articles/360022561474-How-to-Read-the-Twilio-Invoice-CSV-Supplement

HTTP Parser: Base64 decoded: 1728321416.000000

Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49775 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: links.twiliocdn.com
Source: global traffic	DNS traffic detected: DNS query: support.twilio.com
Source: global traffic	DNS traffic detected: DNS query: static.zdassets.com
Source: global traffic	DNS traffic detected: DNS query: cloud.typography.com
Source: global traffic	DNS traffic detected: DNS query: s3.amazonaws.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: assets.zendesk.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: d3hjue7omxs01q.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: p5.zdassets.com
Source: global traffic	DNS traffic detected: DNS query: twilio.zendesk.com
Source: global traffic	DNS traffic detected: DNS query: s.swiftypecdn.com
Source: global traffic	DNS traffic detected: DNS query: cdn.heapanalytics.com
Source: global traffic	DNS traffic detected: DNS query: heapanalytics.com
Source: global traffic	DNS traffic detected: DNS query: cc.swiftype.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49775 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@17/33@48/130

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1968,i,1363267348518730008,15124184393528673531,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://links.twiliocdn.com/ls/click?upn=u001.s8B7Bdj-2BO6qOEbA-2BPKse2Z7fYxO9q1PAYKGQzEiFp-2FQBq-2BFpel8VkcfovM37GnWPMnODh7DjfGMugIPNcd8ltt5eAz3eLThOPRhxCnpkpwSoLZsid6F00t-2FjbyOU-2F93X804pv1CgFCLbmObbTHc4xs2oFf5JAweFiVi0KRXNOqc-3DGElV_ZsZNk9I-2BWKUMcOn-2FYMXK2VNILsetvczk0qkDBnt1Q-2Bg8MpLl8s0WAV-2BDTdcA1B04hx8sA-2BW0GxVYvh2qVpF6F65Gu9V4sDAY92xxVGKz5-2FPm7g3NnjmMHPLLko1n0yo8zXU96ib-2Fkd2UlSpKM7-2FtLOgBRnY6kYZKdEH0u7WVzj7SB1RusturLTNUo-2Fc2xD3-2Bue1X-2FXpLb7JXVjEC8KMHbkSDIFrk6iWY7B-2FVB2-2FJ2iI-3D"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1968,i,1363267348518730008,15124184393528673531,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
cdn.heapanalytics.com	13.32.27.5	true	false	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	unknown
twilio.zendesk.com	216.198.54.1	true	false	unknown
external-svc-dal.swiftype.net	169.46.32.99	true	false	unknown
cf.zdassets.com	104.18.72.113	true	false	unknown
links.twiliocdn.com	104.22.58.219	true	false	unknown
heapanalytics.com	3.233.16.133	true	false	unknown
static.zdassets.com	104.18.72.113	true	false	unknown
d3hjue7omxs01q.cloudfront.net	18.66.92.169	true	false	unknown
s3.amazonaws.com	54.231.139.48	true	false	unknown
cdnjs.cloudflare.com	104.17.25.14	true	false	unknown
p5.zdassets.com	104.18.70.113	true	false	unknown
www.google.com	216.58.206.36	true	false	unknown
cloud.typography.com	unknown	unknown	false	unknown
s.swiftypecdn.com	unknown	unknown	false	unknown
assets.zendesk.com	unknown	unknown	false	unknown
cc.swiftype.com	unknown	unknown	false	unknown
support.twilio.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://support.twilio.com/hc/en-us/articles/360022561474-How-to-Read-the-Twilio-Invoice-CSV-Supplement	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.46	unknown	United States	15169	GOOGLEUS	false
23.201.250.36	unknown	United States	16625	AKAMAI-ASUS	false
34.239.64.171	unknown	United States	14618	AMAZON-AESUS	false
172.217.23.106	unknown	United States	15169	GOOGLEUS	false
169.46.32.99	external-svc-dal.swiftype.net	United States	36351	SOFTLAYERUS	false
216.58.206.36	www.google.com	United States	15169	GOOGLEUS	false
54.231.139.48	s3.amazonaws.com	United States	16509	AMAZON-02US	false
104.22.58.219	links.twiliocdn.com	United States	13335	CLOUDFLARENETUS	false
13.32.27.5	cdn.heapanalytics.com	United States	7018	ATT-INTERNET4US	false
104.18.72.113	cf.zdassets.com	United States	13335	CLOUDFLARENETUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
66.102.1.84	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
3.233.16.133	heapanalytics.com	United States	14618	AMAZON-AESUS	false
18.66.92.169	d3hjue7omxs01q.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
151.101.1.167	unknown	United States	54113	FASTLYUS	false
169.63.31.198	unknown	United States	36351	SOFTLAYERUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.18.70.113	p5.zdassets.com	United States	13335	CLOUDFLARENETUS	false
142.250.185.131	unknown	United States	15169	GOOGLEUS	false
216.198.54.1	twilio.zendesk.com	United States	7321	LNET-ASNUS	false
13.32.27.116	unknown	United States	7018	ATT-INTERNET4US	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.17
192.168.2.18

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1528319
Start date and time:	2024-10-07 19:16:19 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://links.twiliocdn.com/ls/click?upn=u001.s8B7Bdj-2BO6qOEbA-2BPKse2Z7fYxO9q1PAYKGQzEiFp-2FQBq-2BFpel8VkcfovM37GnWPMnODh7DjfGMugIPNcd8ltt5eAz3eLThOPRhxCnpkpwSoLZsid6F00t-2FjbyOU-2F93X804pv1CgFCLbmObbTHc4xs2oFf5JAweFiVi0KRXNOqc-3DGElV_ZsZNk9I-2BWKUMcOn-2FYMXK2VNILsetvczk0qkDBnt1Q-2Bg8MpLl8s0WAV-2BDTdcA1B04hx8sA-2BW0GxVYvh2qVpF6F65Gu9V4sDAY92xxVGKz5-2FPm7g3NnjmMHPLLko1n0yo8zXU96ib-2Fkd2UlSpKM7-2FtLOgBRnY6kYZKdEH0u7WVzj7SB1RusturLTNUo-2Fc2xD3-2Bue1X-2FXpLb7JXVjEC8KMHbkSDIFrk6iWY7B-2FVB2-2FJ2iI-3D
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@17/33@48/130

Warnings

Exclude process from analysis (whitelisted): TextInputHost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.131, 142.250.186.46, 66.102.1.84, 34.104.35.123, 23.201.250.36
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, e7100.g.akamaiedge.net, clients.l.google.com, wildcard.typography.com.edgekey.net
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://links.twiliocdn.com/ls/click?upn=u001.s8B7Bdj-2BO6qOEbA-2BPKse2Z7fYxO9q1PAYKGQzEiFp-2FQBq-2BFpel8VkcfovM37GnWPMnODh7DjfGMugIPNcd8ltt5eAz3eLThOPRhxCnpkpwSoLZsid6F00t-2FjbyOU-2F93X804pv1CgFCLbmObbTHc4xs2oFf5JAweFiVi0KRXNOqc-3DGElV_ZsZNk9I-2BWKUMcOn-2FYMXK2VNILsetvczk0qkDBnt1Q-2Bg8MpLl8s0WAV-2BDTdcA1B04hx8sA-2BW0GxVYvh2qVpF6F65Gu9V4sDAY92xxVGKz5-2FPm7g3NnjmMHPLLko1n0yo8zXU96ib-2Fkd2UlSpKM7-2FtLOgBRnY6kYZKdEH0u7WVzj7SB1RusturLTNUo-2Fc2xD3-2Bue1X-2FXpLb7JXVjEC8KMHbkSDIFrk6iWY7B-2FVB2-2FJ2iI-3D

LLM Input / Output

Input	Output
URL: https://support.twilio.com/hc/en-us/articles/360022561474-How-to-Read-the-Twilio-Invoice-CSV-Supplement Model: jbxai	{ "brand":["Twilio"], "contains_trigger_text":true, "trigger_text":"Access the Invoice CSV Supplement", "prominent_button_name":"click Download", "text_input_field_labels":["CURRENT BALANCE +$114.87615", "AUTO RECHARGE"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"SUPPORT.TWILIO.COM END OF LIFE NOTICE: This site, support.twilio.com, is scheduled to go End of Life on February 27, 2024. All Twilio Support content has been migrated to help.twilio.com, where you can continue to find helpful Support articles, API docs, and Twilio blog content, and escalate your issues to our Support team. We encourage you to update your bookmarks and begin using the new site today for all your Twilio Support needs.", "has_visible_qrcode":false}

URL: https://support.twilio.com/hc/en-us/articles/360022561474-How-to-Read-the-Twilio-Invoice-CSV-Supplement Model: jbxai	"{ \"brand\": [\"Twilio\"], \"contains_trigger_text\": true, \"trigger_text\": \"For more information, see When and Where Can I Find my Invoice.\", \"prominent_button_name\": \"click Download\", \"text_input_field_labels\": [\"Account names (Columns A - B)\", \"Itemized billing (Columns C - F)\", \"Quantity and amount (Columns G - I)\", \"Account identification (Columns J - L)\", \"Date and Invoice ID (Columns M - O)\"], \"pdf_icon_visible\": true, \"has_visible_captcha\": false, \"has_urgent_text\": false, \"text\": \"Billing Overview Invoiced and Pay as you Go customers can download the CSV supplemental invoice from the Billing Overview page in Console. Select CSV from the drop-down menu, and then click Download. For more information, see When and Where Can I Find my Invoice. The CSV supplement gives you the ability to sort, filter, and manipulate your invoicing data, allowing you to gain valuable insights into your Twilio product usage across different countries and time frames. Here are some examples of what's possible: * Analyze the total dollars spent in each country. * Find the variance in the number of SMS segments sent each month. * Analyze the usage of each item group across different accounts on the same invoice. * Analyze the usage across different subaccounts. * Combine CSVs from multiple months to see usage trends. The columns in the CSV supplement match the information in your PDF invoice. The difference is that in CSV format, you can manipulate this data as needed. Here's an overview of what all is included: * Account names (Columns A - B): The first two columns show the names of the accounts for each row. \"Project\" shows the project name for subaccounts, and \"Company Name\" shows the name as entered in the Console Invoicing Settings. * Itemized billing (Columns C - F): The next few columns show billing line items, categorized from high-level to more detailed. This starts with \"Item Category\" (services, credits, promos, taxes), then breaks down into \"Item Group\" (product), and \"Item Country\" (usage country, or non-geographic). * Quantity and amount (Columns G - I): After the line item breakdown, you'll find the \"Quantity\" for each line ite} "

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 16:16:54 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9877808564694894
Encrypted:	false
SSDEEP:
MD5:	B113288DC4142BBA440FB824F3E16EC6
SHA1:	3D490CB02A9745C4A4499B550F1D05C4E00A3DF8
SHA-256:	7BA0C3A28ACFD49827A9B3F59D12C8D8AAD00C20A9187E44169E927EB157C8EB
SHA-512:	DB6ECEC5BAB41B48816F0557F0C35C9E3120C0F27CBCE6228C767A9B060081420F85102D1CD8703D68E841883E0046C656159500D98F4651FE7628201CDD457B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,..... .........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IGY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VGY......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VGY.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VGY.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........X/Vf.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 16:16:54 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.0029818310690155
Encrypted:	false
SSDEEP:
MD5:	397F21AAFC313CF2F77A31C7C938AD69
SHA1:	23A7ADE15BF04CD001F78C48E96A78A378CD471D
SHA-256:	E43786CAF598C7EEC8D7643778760D76E1325A1B6133DDA660E617AC824FFADF
SHA-512:	83D19E4C63DC1F7BB7DA3ABB1B310A990A2A0748CB422520B6EB49AEFDDF42A58E7B41D57E215145D925F8D6FD974CF021B052091EC8693A1405C381AAC0E36B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,...............y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IGY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VGY......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VGY.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VGY.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........X/Vf.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.0125123703173236
Encrypted:	false
SSDEEP:
MD5:	B7CAF6DE783DEB9A778D506A7CA1EF1F
SHA1:	E91747226DFE956091DEE89463BCF33ACD9BAC1D
SHA-256:	C33056CEAB9B5859C54B58BCE548AA5055E1DD9E37AB56A020AD4F3D75DD753D
SHA-512:	A0AE4FE4479D29A2B038297A2192BD1E28EAC9729C8EEAD2980F83F2774710C57EAF95043C208C5ACB5E1EDC774FE74922AE784276697103126B7B62107A9CC9
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IGY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VGY......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VGY.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........X/Vf.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 16:16:54 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.002872811183472
Encrypted:	false
SSDEEP:
MD5:	386D2FC4A46CFE02BFF554D02163CADF
SHA1:	CF084CA5046585B06E95A389D480318C5267426E
SHA-256:	D32CF47543A2096A5B5C2A89659648FA6E1F6EBB6047C162A58A23A9E5BAC231
SHA-512:	69E8CCA54E63818549FD77827D3FD91986AA270AB590414A577A5E909C4EA3036A3C87F0872B3910DE49108BF6CE4334CAF21A6CFE4E9331867FFBB8A1A74BB1
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....[`.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IGY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VGY......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VGY.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VGY.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........X/Vf.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 16:16:54 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.991518716108777
Encrypted:	false
SSDEEP:
MD5:	C14C73E81664B1CC26BAFDF46C5F6F4D
SHA1:	5823DD8157440AB959F2B430C3F3ADC536B6378C
SHA-256:	54269AF1F2674F9699E1ADC5A59E1BD15EE65BAC586FCFA3B6DBDC958D9E5089
SHA-512:	5771F9E1846DD0459D0B66EB11A4072A4B58E5A3DB1953529DADCDFD19B11C7BEFE0F6FA8C6733F0C47DFF66D2B25EEE7069D69C07E9BFBBD724BAC15524FCB6
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....8..........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IGY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VGY......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VGY.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VGY.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........X/Vf.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 16:16:54 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.001523357589139
Encrypted:	false
SSDEEP:
MD5:	A7294768F7E016E2373C035EDE769E03
SHA1:	1AB00F16653CFE9CEF0E1451C65B5A49C20627D8
SHA-256:	0804CD0F02A87EC57BD49CA0939B740459480003B1AAA189EEBEFD60A41594A0
SHA-512:	C53023B2CA61CD75D79F1FAAC7CD64603548B15FA01803B3D06BFD531AF70180F0FD5213752F66281CE5BA4796F2AE25DEB67BF97DD3B2AC94DD4247D136ABAB
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....0'.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IGY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VGY......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VGY.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VGY.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........X/Vf.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	18646
Entropy (8bit):	5.218879860016171
Encrypted:	false
SSDEEP:
MD5:	05DA395012EE64A98551F993B952B0A1
SHA1:	FEA08D94698A947075549AC3E534A3C000AB431E
SHA-256:	2081A693C47F01DFF703B3757CBFE43B48F27936509B266D8E461D8D4B2128BD
SHA-512:	4237C8E0A4316E3B167230551DFF9460E0F61B2411C18154223FD74B327BA192C03EEF55E96EC0AF700684DD17A36B72EC7A8F74BCF13F8889798D91F917780D
Malicious:	false
Reputation:	unknown
Preview:	{"install":{"primary_doc_type":"articles","hooks":{"query_filter":null,"result_clicked_filter":null},"endpoints":{"search":"//search-api.swiftype.com/api/v1/public/installs/hkxfepiEy5bG65fz8d38/search.json","autocomplete":"//search-api.swiftype.com/api/v1/public/installs/hkxfepiEy5bG65fz8d38/suggest.json","track_and_redirect_to_result":"//search-api.swiftype.com/api/v1/public/installs/pc/hkxfepiEy5bG65fz8d38.json","constant_crawl":"//cc.swiftype.com/cc.js?engine_key=WMht-aW2d-X7sPzsjksC"},"web":{"analytics":{"autocomplete":true,"search":true},"dependent_resources":{"stylesheets":["//s.swiftypecdn.com/assets/new_embed-2552d8d62d9c60f59b3b11a5d083d1ebd090c72de809fc7c76fb339825302241.css"],"browser_stylesheets":{"ie7":"//s.swiftypecdn.com/assets/new_embed_ie7-5cad988962a7146c8f0d1dc8b92e995d9104d1152e29751446e17dacf8132320.css","ie8":"//s.swiftypecdn.com/assets/new_embed_ie8-03c400d04d4e8f473947670d38aadfca27d2cd401ea0960f6bc88c491b2e1a9a.css","ie9":"//s.swiftypecdn.com/assets/new_embed_i

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (8002), with no line terminators
Category:	downloaded
Size (bytes):	8002
Entropy (8bit):	5.77858662325019
Encrypted:	false
SSDEEP:
MD5:	F617A7C4E7F2E559FBE206AAFCFF9900
SHA1:	EBA1C6F3DB9D7BEAB5C1534FA3A9188BBA9082E9
SHA-256:	99309BF103CC43BC8BBABA0DF33FB86FD0DB00B6D7C6AA1BA778D8DC0D8DD271
SHA-512:	DB6EBC34418C02E8C26D7E282484168E6693B470752A51A665334AAF6DA2F1CF96002C3C9AAD9C563CD5771649568A615AFBA1841C8AF254F3D80BF2B4369C12
Malicious:	false
Reputation:	unknown
URL:	https://support.twilio.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js?
Preview:	window._cf_chl_opt={cFPWv:'g'};~function(V,f,g,h,m,n,x,y){V=b,function(c,d,U,B,C){for(U=b,B=c();!![];)try{if(C=-parseInt(U(445))/1+parseInt(U(407))/2(parseInt(U(459))/3)+parseInt(U(474))/4(parseInt(U(457))/5)+-parseInt(U(498))/6+parseInt(U(408))/7*(-parseInt(U(427))/8)+-parseInt(U(504))/9+parseInt(U(494))/10,C===d)break;else B.push(B.shift())}catch(D){B.push(B.shift())}}(a,816640),f=this\|\|self,g=f[V(456)],h=function(W,d,B,C){return W=V,d=String[W(412)],B={'h':function(D){return null==D?'':B.g(D,6,function(E,X){return X=b,X(449)[X(396)](E)})},'g':function(D,E,F,Y,G,H,I,J,K,L,M,N,O,P,Q,R,S,T){if(Y=W,null==D)return'';for(H={},I={},J='',K=2,L=3,M=2,N=[],O=0,P=0,Q=0;Q<D[Y(467)];Q+=1)if(R=D[Y(396)](Q),Object[Y(497)][Y(499)][Y(428)](H,R)\|\|(H[R]=L++,I[R]=!0),S=J+R,Object[Y(497)][Y(499)][Y(428)](H,S))J=S;else{if(Object[Y(497)][Y(499)][Y(428)](I,J)){if(256>J[Y(406)](0)){for(G=0;G<M;O<<=1,P==E-1?(P=0,N[Y(492)](F(O)),O=0):P++,G++);for(T=J[Y(406)](0),G=0;8>G;O=T&1\|O<<1.15,P==E-1?(P=0,N[Y(492)](F(

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	91625
Entropy (8bit):	5.924031002638035
Encrypted:	false
SSDEEP:
MD5:	5E7DE27995936EC339BD1781A6833A98
SHA1:	9DCD592D3F3B35E4FC77824CC638AA19374312D6
SHA-256:	2552D8D62D9C60F59B3B11A5D083D1EBD090C72DE809FC7C76FB339825302241
SHA-512:	79357D3364CBA534C42470ABBFEDA79BFC42EFA044D141432612CA3B27BB2520EBE1E72929057DA36809FAD37EA5F8FBC330B70DE40AECBEEDB3A103E117EF6E
Malicious:	false
Reputation:	unknown
URL:	https://s.swiftypecdn.com/assets/new_embed-2552d8d62d9c60f59b3b11a5d083d1ebd090c72de809fc7c76fb339825302241.css
Preview:	.irs{position:relative;display:block;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.irs-line{position:relative;display:block;overflow:hidden;outline:none !important}.irs-line-left,.irs-line-mid,.irs-line-right{position:absolute;display:block;top:0}.irs-line-left{left:0;width:11%}.irs-line-mid{left:9%;width:82%}.irs-line-right{right:0;width:11%}.irs-bar{position:absolute;display:block;left:0;width:0}.irs-bar-edge{position:absolute;display:block;top:0;left:0}.irs-shadow{position:absolute;display:none;left:0;width:0}.irs-slider{position:absolute;display:block;cursor:default;z-index:1}.irs-slider.type_last{z-index:2}.irs-min{position:absolute;display:block;left:0;cursor:default}.irs-max{position:absolute;display:block;right:0;cursor:default}.irs-from,.irs-to,.irs-single{position:absolute;display:block;top:0;left:0;cursor:default;white-space:nowrap}.irs-grid{position:absolute;display:none;bottom:0;left:0;width:100%;height:20px}.irs-with-grid .irs-grid{

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65435)
Category:	dropped
Size (bytes):	743814
Entropy (8bit):	5.563068942801893
Encrypted:	false
SSDEEP:
MD5:	A5F20A80CC9503739F2F3BA48D143823
SHA1:	49569E4E04FC05AB4EEBB4FD084594486C23411A
SHA-256:	80175912AD4D28A44BC64364196665A874161C901A14741808EC0548A32B1EAE
SHA-512:	EB6C8FB9867017B873F7AC37EE8A9E600F57B74FE771479C5E518695902301BDF4EEC6910E7577B59B1C5FCB39506C3346016E7C1A27CD42D5D68B45B152CEAD
Malicious:	false
Reputation:	unknown
Preview:	/! For license information please see hc_enduser-3dd4f93d9ab8c734ad133b7f68c729c1.js.LICENSE.txt /.!function(){var e,t,n,r,a={38016:function(e,t,n){e.exports=n(66341)},89682:function(e,t){"use strict";function n(e){return JSON.stringify(e.map((function(e){return e&&"object"==typeof e?(t=e,Object.keys(t).sort().map((function(e){var n;return(n={})[e]=t[e],n}))):e;var t})))}t.default=function(e,t){return void 0===t&&(t={}),function(){for(var r,a=[],o=0;o<arguments.length;o++)a[o]=arguments[o];var i=n(a),c=i&&t[i];return c\|\|(c=new((r=e).bind.apply(r,[void 0].concat(a))),i&&(t[i]=c)),c}}},97070:function(e,t,n){"use strict";(t=e.exports=n(89682).default).default=t},78701:function(e,t,n){const r=n(73216),a=n(37566);function o(){if(!(this instanceof o))return new o}function i(e,t){!function(e){const t=a.get().files.intl;t&&!window.Intl?r(t,(function(t){t\|\|Intl.Collator\|\|(Intl.Collator=o),e(t)})):e()}((function(){const n=a.get().files,o=e.split("-")[0],i=n["relative."+("no"===o?"nn":o)]\|\|n["r

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (64244)
Category:	downloaded
Size (bytes):	130095
Entropy (8bit):	5.4263372408401835
Encrypted:	false
SSDEEP:
MD5:	1BC100BCEA76E15203D4E112912277EC
SHA1:	B17B0C06A0A9C274E43105BE6825FA00C954710C
SHA-256:	E9B4501DB56AA8E7385C9328018EDB72A3BD77A4AE5AAB1130CD86F71DFA2831
SHA-512:	B744EDCC7DD0832FA30AE9D44200CB0D192CEDCF9994883623C36D9F2EB16E7AF17D7EB273EF74612615BF1DD8A19FFF0E433721A86CE80841AF63C7EF481D03
Malicious:	false
Reputation:	unknown
URL:	https://cdn.heapanalytics.com/js/heap-1541905715.js
Preview:	//@preserve v4.23.4+7ce87a6486953.!function(e){var t={};function r(n){if(t[n])return t[n].exports;var i=t[n]={i:n,l:!1,exports:{}};return e[n].call(i.exports,i,i.exports,r),i.l=!0,i.exports}r.m=e,r.c=t,r.d=function(e,t,n){r.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:n})},r.r=function(e){'undefined'!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:'Module'}),Object.defineProperty(e,'__esModule',{value:!0})},r.t=function(e,t){if(1&t&&(e=r(e)),8&t)return e;if(4&t&&'object'==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(r.r(n),Object.defineProperty(n,'default',{enumerable:!0,value:e}),2&t&&'string'!=typeof e)for(var i in e)r.d(n,i,function(t){return e[t]}.bind(null,i));return n},r.n=function(e){var t=e&&e.__esModule?function t(){return e.default}:function t(){return e};return r.d(t,'a',t),t},r.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},r.p="/js/",r(r.s=15)}([function(e,t,r){"use strict";var n,i,o;Object

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	dropped
Size (bytes):	43
Entropy (8bit):	3.0950611313667666
Encrypted:	false
SSDEEP:
MD5:	AD4B0F606E0F8465BC4C4C170B37E1A3
SHA1:	50B30FD5F87C85FE5CBA2635CB83316CA71250D7
SHA-256:	CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA
SHA-512:	EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0910
Malicious:	false
Reputation:	unknown
Preview:	GIF89a.............!.......,...........L..;

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:
MD5:	46DF3E5E2D15256CA16616EBFDA5427F
SHA1:	BE8F9B307E458075DA0D43585A05F1D451469182
SHA-256:	AF3248D0B278571EFF9A22F8ED1CEB54B70D202B44FD70ECA4CA13A5771CECC3
SHA-512:	88FBCC0A92317A0BADE7D4B72C023A16792F3728443075BF4B1767C8A55258836B54D56B24EABE36AE4EF240F796B58B8F1EA10C7E3C146BDE89882FC9ADE302
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSEAl5hinrXdfdrBIFDZFhlU4=?alt=proto
Preview:	CgkKBw2RYZVOGgA=

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (4627)
Category:	downloaded
Size (bytes):	36011
Entropy (8bit):	5.5259129452609494
Encrypted:	false
SSDEEP:
MD5:	FE8927D686FEA726B3E3F80E34DB6810
SHA1:	628BCF2E62822142382487DE1529741C9EA80A1E
SHA-256:	336625955040EE146AF1559D248A2BD4A28538259F400400CF85A3441A0D8922
SHA-512:	BB4A23C1624BC708FDE1C1309E123EA835EDF653327C23B043866C39B075CF1B70E0EB3DEB98596FAC2E2C3926633639A4BC0BB782274811D08F1A5F97FEFA2D
Malicious:	false
Reputation:	unknown
URL:	https://support.twilio.com/hc/en-us/articles/360022561474-How-to-Read-the-Twilio-Invoice-CSV-Supplement
Preview:	<!DOCTYPE html>.<html dir="ltr" lang="en-US">.<head>. <meta charset="utf-8" />. v25182 -->... <title>How to Read the Twilio Invoice CSV Supplement – Twilio Support</title>.. <meta name="csrf-param" content="authenticity_token">.<meta name="csrf-token" content="hc:meta:server:qnOznLtJzJMIh2XYDqQqEkuoXcs-DfV5Jx-LxMDnFOdJ3zX7E7MKg07si6OhlFYTMhY8MNy7VgYB2dCT6_qg6w">.. <meta name="description" content="Twilio provides a CSV supplement for our invoices to help users tabulate their monthly data, and analyze trends. Have you ever wondered..." /><meta property="og:image" content="https:/hc/theming_assets/01HZPBC4WS3T3BDFXKQDMP1J2Z" />.<meta property="og:type" content="website" />.<meta property="og:site_name" content="Twilio Support" />.<meta property="og:title" content="How to Read the Twilio Invoice CSV Supplement" />.<meta property="og:description" content="Twilio provides a CSV supplement for our invoices to help users tabulate their monthly data, and analyze trends..Have y

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (497)
Category:	dropped
Size (bytes):	64214
Entropy (8bit):	4.794941574340939
Encrypted:	false
SSDEEP:
MD5:	06DADC6C7364CF7662B03515664BE760
SHA1:	BC7A0B56485797E24E1B2DAE324EBAF6A388536F
SHA-256:	0C1A64732DE92FE691F38055F446C114CBA9DF7E63B2CCC35015E57C7513FC34
SHA-512:	9AC516A0B639306F3AA8239756B2D49E8990718DE42C63A333579D6404439D785EA1494F92ED626C7F56699F18B8CBB61AFF16A151761F45F5E120EC6B890228
Malicious:	false
Reputation:	unknown
Preview:	(function(){function r(e,n,t){function o(i,f){if(!n[i]){if(!e[i]){var c="function"==typeof require&&require;if(!f&&c)return c(i,!0);if(u)return u(i,!0);var a=new Error("Cannot find module '"+i+"'");throw a.code="MODULE_NOT_FOUND",a}var p=n[i]={exports:{}};e[i][0].call(p.exports,function(r){var n=e[i][1][r];return o(n\|\|r)},p,p.exports,r,e,n,t)}return n[i].exports}for(var u="function"==typeof require&&require,i=0;i<t.length;i++)o(t[i]);return o}return r})()({1:[function(require,module,exports){.// Underscore.js 1.8.3.// http://underscorejs.org.// (c) 2009-2015 Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors.// Underscore may be freely distributed under the MIT license...(function() {.. // Baseline setup. // --------------.. // Establish the root object, `window` in the browser, or `exports` on the server.. var root = this;.. // Save the previous value of the `_` variable.. var previousUnderscore = root._;.. // Save bytes in the minified (but no

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (24274), with no line terminators
Category:	dropped
Size (bytes):	24274
Entropy (8bit):	5.439783303384432
Encrypted:	false
SSDEEP:
MD5:	E1AE1E8E526E50AC4D8CE91396726097
SHA1:	B125326B96E78802A1AEC6AEBBD69C10266FA9FA
SHA-256:	BD03B0B6236CB66EB345EF4921D76C8D9BE436EA7CC7C89F9E62163C3E0A4A64
SHA-512:	39A15EBA25DF8FAC9053827E54908531B4916B55916528313692A80EC49BA6EB07064B0F1C5D4082491B0660037AA1A1505DCC02E42E65A21691DE3EB0389B3D
Malicious:	false
Reputation:	unknown
Preview:	(function(t){var e,n,s=Math.round,r={},i="undefined"!=typeof module&&module.exports,a=/^\/?Date$(\-?\d+)/i,o=/(\-)?(?:(\d)\.)?(\d+)\:(\d+)(?:\:(\d+)\.?(\d{3})?)?/,u=/^(-)?P(?:(?:([0-9,.])Y)?(?:([0-9,.])M)?(?:([0-9,.])D)?(?:T(?:([0-9,.])H)?(?:([0-9,.])M)?(?:([0-9,.])S)?)?\|([0-9,.])W)$/,h=/(\[[^\[]\])\|(\$?(Mo\|MM?M?M?\|Do\|DDDo\|DD?D?D?\|ddd?d?\|do?\|w[o\|w]?\|W[o\|W]?\|YYYYY\|YYYY\|YY\|gg(ggg?)?\|GG(GGG?)?\|e\|E\|a\|A\|hh?\|HH?\|mm?\|ss?\|S{1,4}\|X\|zz?\|ZZ?\|.)/g,d=/(\[[^\[]\])\|(\\)?(LT\|LL?L?L?\|l{1,4})/g,c=/\d\d?/,f=/\d{1,3}/,l=/\d{3}/,_=/\d{1,4}/,m=/[+\-]?\d{1,6}/,y=/\d+/,p=/[0-9]['a-z\u00A0-\u05FF\u0700-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]+\|[\u0600-\u06FF\/]+(\s?[\u0600-\u06FF]+){1,2}/i,g=/Z\|[\+\-]\d\d:?\d\d/i,w=/T/i,M=/[\+\-]?\d+(\.\d{1,3})?/,D=/^\s*\d{4}-(?:(\d\d-\d\d)\|(W\d\d$)\|(W\d\d-\d)\|(\d\d\d))((T\| )(\d\d(:\d\d(:\d\d(\.\d+)?)?)?)?([\+\-]\d\d:?\d\d\|Z)?)?$/,Y=["YYYY-MM-DD","GGGG-[W]WW","GGGG-[W]WW-E","YYYY-DDD"],k=[["HH:mm:ss.SSSS",/(T\| )\d\d:\d\d:\d\d\.\d{1,3}/],["HH:mm:ss",/(T\| )\d\d:\d\d:\d\d/

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Category:	downloaded
Size (bytes):	166288
Entropy (8bit):	4.773460436258221
Encrypted:	false
SSDEEP:
MD5:	553B32E798AFC77B355E724C531677F3
SHA1:	F967D2906E925284C08F36B818C2BE1CB7965054
SHA-256:	E96F7F04E74E6AAF512DEF015C423497311DB39F4324A3E960F713F406E1E709
SHA-512:	7852ED769FA43356244BAE12EEB8155FD31E6C7F320A4B9F656FE0C093F902917BCB946A22A18D962A60F738036D6CBD5EA61582812E69B7BDC1C0560E98673B
Malicious:	false
Reputation:	unknown
URL:	https://static.zdassets.com/hc/assets/en-us.99b0131b1f198c72c323.js
Preview:	!function(){window.I18N=window.I18N\|\|{};var e,t={locale:"en-us",direction:"ltr",translations:{"activemodel.attributes.request.anonymous_requester_email":"Anonymous requester email:","activemodel.attributes.request.recaptcha":"Recaptcha:","activemodel.errors.models.topic_form.attributes.base.topic_limit":"You have reached the maximum number of topics for your account: %{topic_limit}","activerecord.attributes.comment.body":"Comment:","activerecord.attributes.community_comment.body":"Comment:","activerecord.errors.format":"%{attribute} %{message}","activerecord.errors.full_messages.format":"%{attribute} %{message}","activerecord.errors.messages.could_not_save":"Could not save file","activerecord.errors.messages.not_an_integer":"must be an integer","activerecord.errors.models.access_policy.attributes.manageable_by.inclusion":"Must be `staff` or `managers`","activerecord.errors.models.access_policy.attributes.viewable_by.inclusion":"Must be `everybody`, `signed_in_users`, or `staff`","activ

Chrome Cache Entry: 118

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 450 x 178, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	43119
Entropy (8bit):	7.9657162310216805
Encrypted:	false
SSDEEP:
MD5:	6EB2ACF6E28197787326DEAB557F6D06
SHA1:	919B152C7B1061499346E5A8D75A85FBF083BD03
SHA-256:	C5A1DE55E7AECA0AA5EDBA2584CF38181BB4FE59E64A72A5ABDDD68EEE611811
SHA-512:	97E76EF5B6A0D0AFDB8AECF22EC48AE556911EF84F422DC86521E85F0EFA52329CB3D80C0725288619451F4B9F802F410A309EEFD9D83A0138F8C19F5F680957
Malicious:	false
Reputation:	unknown
URL:	https://support.twilio.com/hc/article_attachments/360034743793/invoiceCSV_05_450.png
Preview:	.PNG........IHDR.............^/Xg... iCCPDisplay..H..WwT....S.@ .G@J..... ..BH..B.!A...k....].u......XX.\|(.ee]\{..G.......93s.....9..=w.\.%..b.R........@...Np..K.II.........U..p.U .K..H\..$...Ra1@..hS.\.....l'+.J....X....0i...jl..8W...0V.&....@KW P...x..2a...J...D...]. XX ...........=-.N._...W....A..V...........8..+...k...[..I.`..;.J....D.,7!..!@......Y..I..{.....x... "...@.TEi...)P.j>. Q.jp..$Y..,.I..5y...c..FqidJ?'O...@. ....f.u.'.$.....y..(%N.{.. <...P%......y..d5.2-...r.."S...T.. 5F.Ke.K3..5....j..H,K.h..reX.&.B.M..bit.z.......JE.f...B..$M.WreR.Z.M".......B.......N..P .b.j<....@...HA9...b...A...(......+. ..e...Ex...is:.....`:...=i?.?..._...`.0..C.t.Q.)J..... ..( .............W....H..P@..(...J9.c...fb.~...@{.>t..D.....<....7.G...@....B............s..>....O&\|..u../f$B..fR..T.u.:M5S..SG.F..:L5\|.&......%C... ..........j.4....T).......T.$.@....b~.L.6......dfe....<......?.A.}}}.}.z..T.......p.....U.2.......1.`.[8....E B...HD.0.B....L.

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	downloaded
Size (bytes):	37
Entropy (8bit):	3.040403544317301
Encrypted:	false
SSDEEP:
MD5:	3EACD0132310EA44CAD756B378A3BC07
SHA1:	E2216A7E9B73F5CB0279351C78CE61C33475CEA7
SHA-256:	BB229A48BEE31F5D54CA12DC9BD960C63A671F0D4BE86A054C1D324A44499D96
SHA-512:	BD9AB35DDE3A5242B04C159187732E13B0A6DA50DDCFF7015DFB78CDD68743E191EAF5CDDEDD49BEF7D2D5A642C217272A40E5BA603FE24CA676A53F8C417C5D
Malicious:	false
Reputation:	unknown
URL:	https://heapanalytics.com/h?a=1541905715&u=6733930272142359&v=4105969782514982&s=4075732930733452&b=web&tv=4.0&z=0&h=%2Fhc%2Fen-us%2Farticles%2F360022561474-How-to-Read-the-Twilio-Invoice-CSV-Supplement&d=support.twilio.com&t=How%20to%20Read%20the%20Twilio%20Invoice%20CSV%20Supplement%20%E2%80%93%20Twilio%20Support&k=Device%20screen%20resolution&k=1280%20x%201024&k=Inner%20window%20dimensions&k=1280%20x%20907&ts=1728321421074&ubv=117.0.5938.149&upv=10.0.0&sch=907&scw=1280&st=1728321421077&lv=4.23.4&ld=cdn.heapanalytics.com
Preview:	GIF89a.......!.......,...........L..;

Chrome Cache Entry: 121

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (404)
Category:	downloaded
Size (bytes):	80026
Entropy (8bit):	5.077946433639107
Encrypted:	false
SSDEEP:
MD5:	D1C28FEC1443EEDCB309566F967437E6
SHA1:	15926A90307DABB620A59A3BB3C5757D69BBD3FA
SHA-256:	3449EA19736B89064A32BFDF0B75E2179D6EAB54FC7F43CDFB241F309BEBB1DA
SHA-512:	6A2A1B8E2110147855C18B67C3A593C582E1575575679E65AA230D6E0E0019CAF9AFFDF19371791D4C316A1E3D0B33E3DE463A01131D352F9723CE6C89C21524
Malicious:	false
Reputation:	unknown
URL:	https://s3.amazonaws.com/ahoy-assets.twilio.com/global/stylesheets/help-center-0.0.1.css
Preview:	@charset "UTF-8";./*. Twilio Zendesk Help Center. /./. UIKit Styles. /./ ========================================================================. Component: Base. ========================================================================== /./. * 1. Normalize default `font-family` and set `font-size` to support `rem` units. * 2. Prevents iOS text size adjust after orientation change, without disabling user zoom. * 3. Style. /.html {. / 1 /. font: normal 14px / 20px "Helvetica Neue", Helvetica, Arial, sans-serif;. / 2 /. -webkit-text-size-adjust: 100%;. -ms-text-size-adjust: 100%;. / 3 /. background: #fff;. color: #444; }../. * Removes default margin.. /.body {. margin: 0; }../ Links. ========================================================================== /./. * Remove the gray background color from active links in IE 10.. /.a {. background: transparent; }../. * Improve readability of focused elements when they are also in an active/hover state..

Chrome Cache Entry: 122

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	17113
Entropy (8bit):	5.591361744596875
Encrypted:	false
SSDEEP:
MD5:	60F65427AFC0E08CFAEE3F918CD2A17D
SHA1:	EF01B71C166F4161BB83815018F51D825DF19D72
SHA-256:	11952632312A6D8317261DD1639AF112391E9B6C83903BCD03D39C129AF4BA64
SHA-512:	F95A1324D6E8CF3E3E7C59A29FF9F80A144FD2D39BE56B94207FF904C1650CF80EC7EEB7CA981F19EC10CF856483FEB064ADEC5978362CFA61B9BB584656EC20
Malicious:	false
Reputation:	unknown
URL:	https://p5.zdassets.com/hc/theme_assets/831517/200175577/highlight.pack.js
Preview:	/! highlight.js v9.1.0 \| BSD3 License \| git.io/hljslicense /.!function(e){"undefined"!=typeof exports?e(exports):(self.hljs=e({}),"function"==typeof define&&define.amd&&define("hljs",[],function(){return self.hljs}))}(function(e){function n(e){return e.replace(/&/gm,"&").replace(/</gm,"<").replace(/>/gm,">")}function t(e){return e.nodeName.toLowerCase()}function r(e,n){var t=e&&e.exec(n);return t&&0==t.index}function a(e){return/^(no-?highlight\|plain\|text)$/i.test(e)}function i(e){var n,t,r,i=e.className+" ";if(i+=e.parentNode?e.parentNode.className:"",t=/\blang(?:uage)?-([\w-]+)\b/i.exec(i))return E(t[1])?t[1]:"no-highlight";for(i=i.split(/\s+/),n=0,r=i.length;r>n;n++)if(E(i[n])\|\|a(i[n]))return i[n]}function o(e,n){var t,r={};for(t in e)r[t]=e[t];if(n)for(t in n)r[t]=n[t];return r}function u(e){var n=[];return function r(e,a){for(var i=e.firstChild;i;i=i.nextSibling)3==i.nodeType?a+=i.nodeValue.length:1==i.nodeType&&(n.push({event:"start",offset:a,node:i}),a=r(i,a),t(i).ma

Chrome Cache Entry: 123

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 450 x 248, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	34745
Entropy (8bit):	7.960140962049641
Encrypted:	false
SSDEEP:
MD5:	2724B5A57E24C9D8724D1F0A1594AFD8
SHA1:	AD889143F808111170E0C595B4DF95C769D795CB
SHA-256:	8D02A5BFA48823416D16D890FE95D56EAF6B869F6B1E5901E313C94AE13C5784
SHA-512:	18C65FC693AD41AB09AE66CA9594E2EE1B5808AD624CF36E5DD20AE1E867BD4B157DF556D1071A54D029BD162506BDE9EF10234C8D5F01EDB29AEAB8D0D6F1FE
Malicious:	false
Reputation:	unknown
URL:	https://support.twilio.com/hc/article_attachments/360033920854/invoiceCSV_06_450.png
Preview:	.PNG........IHDR...............qm... iCCPDisplay..H..WwT....S.@ .G@J..... ..BH..B.!A...k....].u......XX.\|(.ee]\{..G.......93s.....9..=w.\.%..b.R........@...Np..K.II.........U..p.U .K..H\..$...Ra1@..hS.\.....l'+.J....X....0i...jl..8W...0V.&....@KW P...x..2a...J...D...]. XX ...........=-.N._...W....A..V...........8..+...k...[..I.`..;.J....D.,7!..!@......Y..I..{.....x... "...@.TEi...)P.j>. Q.jp..$Y..,.I..5y...c..FqidJ?'O...@. ....f.u.'.$.....y..(%N.{.. <...P%......y..d5.2-...r.."S...T.. 5F.Ke.K3..5....j..H,K.h..reX.&.B.M..bit.z.......JE.f...B..$M.WreR.Z.M".......B.......N..P .b.j<....@...HA9...b...A...(......+. ..e...Ex...is:.....`:...=i?.?..._...`.0..C.t.Q.)J..... ..( .............W....H..P@..(...J9.c...fb.~...@{.>t..D.....<....7.G...@....B............s..>....O&\|..u../f$B..fR..T.u.:M5S..SG.F..:L5\|.&......%C... ..........j.4....T).......T.$.@....b~.L.6......dfe....<......?.A.}}}.}.z..T.......p.....U.2.......1.`.[8....E B...HD.0.B....L.

Chrome Cache Entry: 125

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (64729)
Category:	downloaded
Size (bytes):	383893
Entropy (8bit):	6.0168429172321405
Encrypted:	false
SSDEEP:
MD5:	437A0BCFB58A915A3E9FCF993961F7B4
SHA1:	B6763F250811DE02BE1F0D9552834DE0AF2CFA22
SHA-256:	2DEBFB6BD7DA1CCB2C865AF501102EF51DF07B523A54A36995E26A076B86981C
SHA-512:	8B75624BD354B80BEB8595482387E68877F8161B96ABC8B17F3C9509955C5C2D38F543E5DA2E90612033A30C55D54941DB023479E2DB1B030A84201251396979
Malicious:	false
Reputation:	unknown
URL:	https://d3hjue7omxs01q.cloudfront.net/global/fonts/780758/86335F6D1AD0509B2.css
Preview:	./..Copyright (C) 2011-2020 Hoefler & Co...This software is the property of Hoefler & Co. (H&Co)...Your right to access and use this software is subject to the..applicable License Agreement, or Terms of Service, that exists..between you and H&Co. If no such agreement exists, you may not..access or use this software for any purpose...This software may only be hosted at the locations specified in..the applicable License Agreement or Terms of Service, and only..for the purposes expressly set forth therein. You may not copy,..modify, convert, create derivative works from or distribute this..software in any way, or make it accessible to any third party,..without first obtaining the written permission of H&Co...For more information, please visit us at http://typography.com...170211-75037-20200511./..@font-face{ font-family: "Knockout 27 A"; src: url(data:application/x-font-woff2;base64,d09GMk9UVE8AAB8EAA0AAAAAOHAAAB6xAAEzdQAAAAAAAAAAAAAAAAAAAAAAAAAADbNvGh4blx4cgQAGYACHLBEIATYCJAODWAQGBZVyB

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 450 x 278, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	45330
Entropy (8bit):	7.970147817620487
Encrypted:	false
SSDEEP:
MD5:	2D4B60F636222CD7FAEC8A324BAAF47C
SHA1:	91CC6374286E75326EC3F3740F7E2B0D03459327
SHA-256:	200D84504418FED22D0C8A3362A2AF49F5545C92327D96967448A9F81A963538
SHA-512:	70B0D6B99B9E28D5831CBB6AEA001FE157B22770924097003FEAA3CB914E934ED2DA74A0DCF5058214C1FCB3AF4C2ED3F83C438073AFD956F8BEC708F455E388
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............z..+... iCCPDisplay..H..WwT....S.@ .G@J..... ..BH..B.!A...k....].u......XX.\|(.ee]\{..G.......93s.....9..=w.\.%..b.R........@...Np..K.II.........U..p.U .K..H\..$...Ra1@..hS.\.....l'+.J....X....0i...jl..8W...0V.&....@KW P...x..2a...J...D...]. XX ...........=-.N._...W....A..V...........8..+...k...[..I.`..;.J....D.,7!..!@......Y..I..{.....x... "...@.TEi...)P.j>. Q.jp..$Y..,.I..5y...c..FqidJ?'O...@. ....f.u.'.$.....y..(%N.{.. <...P%......y..d5.2-...r.."S...T.. 5F.Ke.K3..5....j..H,K.h..reX.&.B.M..bit.z.......JE.f...B..$M.WreR.Z.M".......B.......N..P .b.j<....@...HA9...b...A...(......+. ..e...Ex...is:.....`:...=i?.?..._...`.0..C.t.Q.)J..... ..( .............W....H..P@..(...J9.c...fb.~...@{.>t..D.....<....7.G...@....B............s..>....O&\|..u../f$B..fR..T.u.:M5S..SG.F..:L5\|.&......%C... ..........j.4....T).......T.$.@....b~.L.6......dfe....<......?.A.}}}.}.z..T.......p.....U.2.......1.`.[8....E B...HD.0.B....L.

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1026 x 594, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	69226
Entropy (8bit):	7.780715872156057
Encrypted:	false
SSDEEP:
MD5:	8D7737E8BA738BCE8504E5B0C6A40A96
SHA1:	AFEE3FA40C4095F1CB5F748337CD8756259248CF
SHA-256:	A516A65D97CA056E25AD5CB1EDE499693D3DC95741606218DE804290BA283A53
SHA-512:	47B0476E8A60A1C708817B41DBC406F78391D893566C0D0F7D6776B80804742FE847009E5D18EC80188B8A8CD0AB176DCD82BE735FED8D527340413D569314C2
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......R.....Y~gx...kiCCPICC Profile..H..W.TS...[........z..W)!...R..!.$......]V...(VtU.EWW@....E........E.M.X....s..o..[f..@..+..:........qi.LR' .:.......$.....e..V.^.........z\|....2..L....q...z.DZ..Q.[M+.(.\...0@.W)p...T.L.nV.$%.!......f..u...B^6....bW1_$.@{..A<!..."....S...b{./....\|3.......!.\n..V...0.L.......K~.\|.-lT.4A.?...)..L..[.....5.}".......<Y....dlX?...........q^l.....Ep ...-..p. 6.x.@.....,......gI.,5..+U.U..'.Mf....8j..V.0).b.....X.. v..&F.uF....:Ry."~k.....P.}.0K..../...m..8.j..@.....v..U..s.....A;....\...pU..S.89Qm.OR.....S$y.j}.R....-!...&...).pq...Y...$U.xq.wt..\|...l...@.[&..r.......R.D....l ..jfpF.rD...........*G....X...d)G..3r.c..A4....Y.!o)..dD.......M1...A...L....zdj.j..a.(b...7...<.>C`s.}q..<.........W.....E%....:...u-2...n.mz.x ..-....8........ .V....;..d....#..Q.0r.....Z.Z^CV....>.X3.......?....a...&.....bg.f..0.#X#v.;..C..ru.zKP..............j.@PT..x.)..RQ...._...#.`........^_...o..8......Q/...

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (633), with no line terminators
Category:	downloaded
Size (bytes):	633
Entropy (8bit):	4.8150819489572685
Encrypted:	false
SSDEEP:
MD5:	B3B7672B48FEC21AD76A8CB595294861
SHA1:	AF08974D1915EFA02C76D863850131BC63449128
SHA-256:	653772EB570825033EF90744634D85DFC0A796F598E8BF1615D1F4952E3B7364
SHA-512:	6DE4BFB4351144E1925883BC552D4A679E0679AE18A584647B48D4F10FCB5A3878BCA18C799D509BB3AE592B876A54889E47291D94E2DBF13C6A6577C973772E
Malicious:	false
Reputation:	unknown
URL:	https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.6.0/styles/ocean.min.css
Preview:	.hljs-comment,.hljs-quote{color:#65737e}.hljs-variable,.hljs-template-variable,.hljs-tag,.hljs-name,.hljs-selector-id,.hljs-selector-class,.hljs-regexp,.hljs-deletion{color:#bf616a}.hljs-number,.hljs-built_in,.hljs-builtin-name,.hljs-literal,.hljs-type,.hljs-params,.hljs-meta,.hljs-link{color:#d08770}.hljs-attribute{color:#ebcb8b}.hljs-string,.hljs-symbol,.hljs-bullet,.hljs-addition{color:#a3be8c}.hljs-title,.hljs-section{color:#8fa1b3}.hljs-keyword,.hljs-selector-tag{color:#b48ead}.hljs{display:block;overflow-x:auto;background:#2b303b;color:#c0c5ce;padding:0.5em}.hljs-emphasis{font-style:italic}.hljs-strong{font-weight:bold}

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (8002), with no line terminators
Category:	dropped
Size (bytes):	8002
Entropy (8bit):	5.754981024960478
Encrypted:	false
SSDEEP:
MD5:	1CC636418187A6BE43D1ED4F75A19513
SHA1:	47DB7C53B4FD9937F3AE78A4512A0C86D027B77A
SHA-256:	D8C14081EEA252A75129DE6CB71C94112067786273C6DFAA27992BE272FAB98D
SHA-512:	024F67D02A5B435F8763C6F89A268B512F68B873D57F9A713EA9C166DF18B45CDDE66110BF7FEA80BE139EBEFC452D1A63BF57593D8221BF86564BE9765FCFF0
Malicious:	false
Reputation:	unknown
Preview:	window._cf_chl_opt={cFPWv:'g'};~function(V,g,h,i,j,n,o,A){V=b,function(d,e,U,f,C){for(U=b,f=d();!![];)try{if(C=-parseInt(U(452))/1+parseInt(U(529))/2+parseInt(U(496))/3(parseInt(U(459))/4)+parseInt(U(528))/5+-parseInt(U(487))/6+parseInt(U(506))/7(parseInt(U(513))/8)+parseInt(U(495))/9,C===e)break;else f.push(f.shift())}catch(D){f.push(f.shift())}}(a,471212),g=this\|\|self,h=g[V(510)],i={},i[V(500)]='o',i[V(469)]='s',i[V(449)]='u',i[V(456)]='z',i[V(429)]='n',i[V(516)]='I',j=i,g[V(489)]=function(C,D,E,F,a0,H,I,J,K,L,M){if(a0=V,null===D\|\|D===void 0)return F;for(H=m(D),C[a0(507)][a0(479)]&&(H=H[a0(430)](C[a0(507)][a0(479)](D))),H=C[a0(490)][a0(445)]&&C[a0(481)]?C[a0(490)][a0(445)](new C[(a0(481))](H)):function(N,a1,O){for(a1=a0,N[a1(464)](),O=0;O<N[a1(451)];N[O+1]===N[O]?N[a1(519)](O+1,1):O+=1);return N}(H),I='nAsAaAb'.split('A'),I=I[a0(437)][a0(520)](I),J=0;J<H[a0(451)];K=H[J],L=l(C,D,K),I(L)?(M=L==='s'&&!C[a0(424)](D[K]),a0(422)===E+K?G(E+K,L):M\|\|G(E+K,D[K])):G(E+K,L),J++);return F;funct

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32746)
Category:	downloaded
Size (bytes):	426145
Entropy (8bit):	5.3291577416350755
Encrypted:	false
SSDEEP:
MD5:	A526F166335BDF1ED44ECABE7C215FD2
SHA1:	8FE650BDAA560366CE9E618648F45F7363D53E64
SHA-256:	7BC234EB5FAA5F6BC8094E69C8D86C1437B0CE10731B7B4F7A2C9DB308469FF4
SHA-512:	9F6FA3BF8C2B854D6F35BB93707D8AB116EBF05DC25CC28E74A48662634B9750B2F0965CF460F8527B3FD123BE430CBF622C567DADE85DB9EE4445AB7718307A
Malicious:	false
Reputation:	unknown
URL:	https://s.swiftypecdn.com/install/v2/st.js
Preview:	!function(){"use strict";window.__st_moment=window.moment,window.__st_rome=window.rome}(),/!. jQuery JavaScript Library v3.5.1. * https://jquery.com/. . Includes Sizzle.js. * https://sizzlejs.com/. . Copyright JS Foundation and other contributors. * Released under the MIT license. * https://jquery.org/license. . Date: 2020-05-04T22:49Z. */.function(t,e){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=t.document?e(t,!0):function(t){if(!t.document)throw new Error("jQuery requires a window with a document");return e(t)}:e(t)}("undefined"!=typeof window?window:this,function(t,e){"use strict";function n(t,e,n){n=n\|\|St;var i,r,o=n.createElement("script");if(o.text=t,e)for(i in bt)(r=e[i]\|\|e.getAttribute&&e.getAttribute(i))&&o.setAttribute(i,r);n.head.appendChild(o).parentNode.removeChild(o)}function i(t){return null==t?t+"":"object"==typeof t\|\|"function"==typeof t?ft[dt.call(t)]\|\|"object":typeof t}function r(t){var e=!!t&&"length"in t&&t.lengt

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (52402)
Category:	downloaded
Size (bytes):	56029
Entropy (8bit):	5.069639809499417
Encrypted:	false
SSDEEP:
MD5:	5191D4EA06BCC144E6774B0FE859528E
SHA1:	7A01E3DB400832724EA275F32BD2936DA83BA8F5
SHA-256:	BA2D68818246F93903142003B5D0DCF14C8536960078ACCD08F1D5813C61A485
SHA-512:	A8CF2CDC62F938013A055A3C56AC245D79B8EB8B04C4EE0B35BB9D3277BC5A9F434664FC09CAD1B134DEC5DFC543D7CA2C52F499EC04284E6A3FCEB212BD9091
Malicious:	false
Reputation:	unknown
URL:	https://static.zdassets.com/hc/assets/application-a42a464885a505c24ac3b0ab35047489.css
Preview:	:root{--zd-color-black: #000;--zd-color-green-100: #edf8f4;--zd-color-green-200: #d1e8df;--zd-color-green-300: #aecfc2;--zd-color-green-400: #5eae91;--zd-color-green-500: #228f67;--zd-color-green-600: #038153;--zd-color-green-700: #186146;--zd-color-green-800: #0b3b29;--zd-color-grey-100: #f8f9f9;--zd-color-grey-200: #e9ebed;--zd-color-grey-300: #d8dcde;--zd-color-grey-400: #c2c8cc;--zd-color-grey-500: #87929d;--zd-color-grey-600: #68737d;--zd-color-grey-700: #49545c;--zd-color-grey-800: #2f3941;--zd-color-blue-100: #edf7ff;--zd-color-blue-200: #cee2f2;--zd-color-blue-300: #adcce4;--zd-color-blue-400: #5293c7;--zd-color-blue-500: #337fbd;--zd-color-blue-600: #1f73b7;--zd-color-blue-700: #144a75;--zd-color-blue-800: #0f3554;--zd-color-kale-100: #f5fcfc;--zd-color-kale-200: #daeded;--zd-color-kale-300: #bdd9d7;--zd-color-kale-400: #90bbbb;--zd-color-kale-500: #467b7c;--zd-color-kale-600: #17494d;--zd-color-kale-700: #03363d;--zd-color-kale-800: #012b30;--zd-color-red-100: #fff0f1;--zd-co

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (9369)
Category:	downloaded
Size (bytes):	9380
Entropy (8bit):	5.246192322737003
Encrypted:	false
SSDEEP:
MD5:	359C3FCE9769020F14763E4E3615597D
SHA1:	A286AE2741ADCF0274D0129F8704C382B8E47E81
SHA-256:	836316444E9CEDE5CE83CFE98734B9C8AB27192A9634A59B82C118A8E6792037
SHA-512:	4E24FE8D51EA331F73157791CD98361A65C0AAC7C1B2751E792C797D0C4F196E2B200AF11CAF5A8195894819A98DF7AA3559C95C76DB9BB8280A8CCF84E45454
Malicious:	false
Reputation:	unknown
URL:	https://static.zdassets.com/hc/assets/theming_v1_support-e05586b61178dcde2a13a3d323525a18.css
Preview:	/! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css /html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}button,input,optgroup,select,textarea{color:inheri

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	1048
Entropy (8bit):	6.616207743795483
Encrypted:	false
SSDEEP:
MD5:	C1662F4109C5D5FCAA59F15E1CE69570
SHA1:	D1B303A0CBC2C2B58CFC1C204DF7DB3AA71D721E
SHA-256:	ED2F558F594604161F2B2A37F5A5A3B198F48FB707F64CFA5C83E5E48A1DA131
SHA-512:	044CF7EC86CC6F2E2D91DEB9CB45DCB9EB25251FCDFA984729B64B51C29B907F8A1FAECA00A218F5AFCC086562CEA2E8923EAE614D53BE3B0424A6A98C0A06B2
Malicious:	false
Reputation:	unknown
URL:	https://support.twilio.com/hc/theming_assets/01HZPBC50YEDHX0JDBHPJWPVPX
Preview:	.PNG........IHDR... ... .....D.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....PLTE..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&..&......P...TtRNS..c.........+.8.._I.-.A................=&!B......[.FD.$ok.jp%"g.fXZ...,/.........L......bKGDU...3....pHYs...H...H.F.k>....tIME.....57......yIDAT8.Si[.0......66.....B../......-&-...O.ai.dI.-.4M7..c1..5X...`..V\|)l;I.`I..Si.b..<...,.z..9..f.."..f@.....6....=.!.".ph],-N]..p~4.......$...b..Z%\..l..f..]..P?.'..[.l..o @.&4.i..>..=....y..........G......uqWn.~...6.rqa....h....g...c...0....9...+N.zp3.O.H.hp;&?..."...=....?..{.....H...y&..!.h.Wh.z.BiS.^.PR...?.....).<.zm....P..L~...R.........................=.,...%tEXtdate:create.2018-06-20T15:53:55+00:00.B.....%tEXtdate:modify.2018-06-20T15:53:55+00:00..>@.

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3712), with no line terminators
Category:	dropped
Size (bytes):	3712
Entropy (8bit):	5.212709096750888
Encrypted:	false
SSDEEP:
MD5:	C3B6AEBB4BB6348BDBC97877D611B398
SHA1:	0BF1D1278DE8F728F01878C5B1C9EBCB8B63F341
SHA-256:	B0A5EDA93203F5017626940664FF4C6885F1989B4DF80EF250567F0808C5CD2D
SHA-512:	533684A7CB43C0D7E5CF6E14584B9402C7283C028C62296EFFD6B476DADC2D723A8031843BD84A433B591B378C32C11CDFCDE8486FCC9F80CD77A7AB890A76EE
Malicious:	false
Reputation:	unknown
Preview:	(()=>{var t={78:(t,e,r)=>{var n=r(427);t.exports=function(t,e){if(!t)throw new Error("Missing elm");var r={};return(e\|\|[]).forEach((function(e){var o="data-"+n(e),i=t.getAttribute(o);/^(true\|false)$/.test(i)&&(i="true"===i),/^\d+$/.test(i)&&(i=parseInt(i,10)),null!==i&&(r[e]=i)})),r}},427:t=>{t.exports=function(t){return(t\|\|"").replace(/([A-Z])/g,(function(t){return"-".concat(t.toLowerCase())}))}},462:t=>{t.exports=function(t){return(t\|\|"").replace(/([A-Z])/g,(function(t){return"_".concat(t.toLowerCase())}))}},54:(t,e,r)=>{function n(t,e){var r=Object.keys(t);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(t);e&&(n=n.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),r.push.apply(r,n)}return r}function o(t){for(var e=1;e<arguments.length;e++){var r=null!=arguments[e]?arguments[e]:{};e%2?n(Object(r),!0).forEach((function(e){i(t,e,r[e])})):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(r)):n(Obje

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Category:	downloaded
Size (bytes):	76995
Entropy (8bit):	5.309548700197668
Encrypted:	false
SSDEEP:
MD5:	83BF6A8F4730E09AF882DE79A36CF340
SHA1:	8C8293FC4D12665AA9E3FF675521C53927D8E165
SHA-256:	87EC6E18534F2C5F676C478BE1331AEB19FB997FED06490041FC1C1191F8FF46
SHA-512:	BF81C2915E4B136D011E63825FCE1F4C158920A7AB75882857A677F45B1417EDE49D03497E8BCC345487D8ED6347F5B8CCF580DC248EF632DECA1C24A1B4AB5B
Malicious:	false
Reputation:	unknown
URL:	https://static.zdassets.com/hc/assets/jquery-09d07e20ce042ef10e301661ad1f316c.js
Preview:	!function(e,t){function n(e,t){return t.toUpperCase()}function r(e){!s.addEventListener&&"load"!==e.type&&"complete"!==s.readyState\|\|(q(),w.ready())}var i,o,a=typeof t,s=e.document,u=e.location,l=e.jQuery,c=e.$,f={},p=[],d="1.9.1",h=p.concat,g=p.push,m=p.slice,y=p.indexOf,v=f.toString,b=f.hasOwnProperty,x=d.trim,w=function(e,t){return new w.fn.init(e,t,o)},T=/[+-]?(?:\d\.\|)\d+(?:[eE][+-]?\d+\|)/.source,N=/\S+/g,C=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,k=/^(?:(<[\w\W]+>)[^>]\|#([\w-]))$/,E=/^<(\w+)\s\/?>(?:<\/\1>\|)$/,S=/^[\],:{}\s]$/,A=/(?:^\|:\|,)(?:\s\[)+/g,j=/\\(?:["\\\/bfnrt]\|u[\da-fA-F]{4})/g,D=/"[^"\\\r\n]*"\|true\|false\|null\|-?(?:\d+\.\|)\d+(?:[eE][+-]?\d+\|)/g,L=/^-ms-/,H=/-([\da-z])/gi,q=function(){s.addEventListener?(s.removeEventListener("DOMContentLoaded",r,!1),e.removeEventListener("load",r,!1)):(s.detachEvent("onreadystatechange",r),e.detachEvent("onload",r))};function M(e){var t=e.length,n=w.type(e);return!w.isWindow(e)&&(!(1!==e.nodeType\|\|!t)\|\|"array"===n\|\|"function"!==n&&(0

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 115

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 125

Chrome Cache Entry: 127

Chrome Cache Entry: 87

Chrome Cache Entry: 89

Chrome Cache Entry: 91

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 95

Chrome Cache Entry: 96

Chrome Cache Entry: 97

Static File Info