Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
(0119)SOA___pay,ment.htm

Overview

General Information

Sample name:(0119)SOA___pay,ment.htm
Analysis ID:1514672
MD5:3847b59ed6840a5c0e25152df4ed5df7
SHA1:fd2b7a5850b1054b13d38f496ec7beaf2d8bb255
SHA256:aacb178426254d904e0363a0675f84dd8898b10a69fe4c279e2cf74a2ff437cb

Detection

HTMLPhisher
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Yara detected HtmlPhish54
AI detected phishing page (advanced reasoning)
Detected javascript redirector / loader
Phishing site detected (based on favicon image match)
Phishing site detected (based on image similarity)
Suspicious Javascript code found in HTML file
Detected hidden input values containing email addresses (often used in phishing pages)
Found iframes
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML page contains obfuscated script src
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 5528 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\(0119)SOA___pay,ment.htm MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6876 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1948,i,17906471861068635082,894494503509890784,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
1.1.id.script.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
    1.1.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
      3.6.id.script.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
        3.4.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
          3.2.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            Phishing

            barindex
            AI detected phishing page
            Source: https://icl-indias.com/?yd5622oj7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1pbW9udGVqbyU0MGNmZi1pbmMuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTY0ZWNkZmRhLWRkZGYtMzI2MC0yOWQ5LTVkZjNiZDdhMzVjNSZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg2MjQ1NTkzODU3MDY0OTYuODJkZTkwMTktZDRlNS00Yzc0LWFiNzUtOGFmOGJhZjcwNzRlJnN0YXRlPURjdEJEc0lnRUVCUjBMTVlWN1JqTzhNTUM5T2pOSlNDWWl5emFlTDFaZkgtN2x0anpMVzdkQlo2RFB0Wl9JUkVZUlppOEJqOElOT2VBenlDMnpHVHc4VG80c2JrSkJiWlltRmd6TGFfOTFGX2NWeS0tcXB0ZmRkMlB1dWg3Y3dmdlNHa1VseHRhVWg2X0FF&sso_reload=trueLLM: Score: 8 Reasons: The domain name 'icl-indias.com' does not fully match the legitimate domain name 'outlook.com' associated with the identified brand 'Outlook'. The presence of 'icl-indias' in the domain name suggests a partial domain match, which is a common indicator of phishing sites. Additionally, the brand 'Outlook' does not match the associated domain 'icl-indias.com', which further supports the likelihood of a phishing site. DOM: 3.4.pages.csv
            Source: https://icl-indias.com/common/loginLLM: Score: 8 Reasons: The domain name 'icl-indias.com' does not match the brand name or the expected domain for Microsoft Outlook, which is 'outlook.com'. The presence of a hyphen in the domain name and the discrepancy between the brand name and the domain name suggest a phishing attempt. DOM: 9.7.pages.csv
            Yara detected HtmlPhish54
            Source: Yara matchFile source: 1.1.id.script.csv, type: HTML
            Source: Yara matchFile source: 1.1.pages.csv, type: HTML
            Source: Yara matchFile source: 3.6.id.script.csv, type: HTML
            Source: Yara matchFile source: 3.4.pages.csv, type: HTML
            Source: Yara matchFile source: 3.2.pages.csv, type: HTML
            AI detected phishing page (advanced reasoning)
            Source: https://icl-indias.com/?yd5622oj7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cLLM: Score: 9 DOM: 3.4.pages.csv
            Source: https://icl-indias.com/common/loginLLM: Score: 10 DOM: 9.7.pages.csv
            Detected javascript redirector / loader
            Source: (0119)SOA___pay,ment.htmHTTP Parser: Low number of body elements: 2
            Phishing site detected (based on favicon image match)
            Source: https://icl-indias.com/?yd5622oj7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1pbW9udGVqbyU0MGNmZi1pbmMuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTY0ZWNkZmRhLWRkZGYtMzI2MC0yOWQ5LTVkZjNiZDdhMzVjNSZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg2MjQ1NTkzODU3MDY0OTYuODJkZTkwMTktZDRlNS00Yzc0LWFiNzUtOGFmOGJhZjcwNzRlJnN0YXRlPURjdEJEc0lnRUVCUjBMTVlWN1JqTzhNTUM5T2pOSlNDWWl5emFlTDFaZkgtN2x0anpMVzdkQlo2RFB0Wl9JUkVZUlppOEJqOElOT2VBenlDMnpHVHc4VG80c2JrSkJiWlltRmd6TGFfOTFGX2NWeS0tcXB0ZmRkMlB1dWg3Y3dmdlNHa1VseHRhVWg2X0FF&sso_reload=trueMatcher: Template: microsoft matched with high similarity
            Source: https://icl-indias.com/common/loginMatcher: Template: microsoft matched with high similarity
            Phishing site detected (based on image similarity)
            Source: https://icl-indias.com/?yd5622oj7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1pbW9udGVqbyU0MGNmZi1pbmMuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTY0ZWNkZmRhLWRkZGYtMzI2MC0yOWQ5LTVkZjNiZDdhMzVjNSZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg2MjQ1NTkzODU3MDY0OTYuODJkZTkwMTktZDRlNS00Yzc0LWFiNzUtOGFmOGJhZjcwNzRlJnN0YXRlPURjdEJEc0lnRUVCUjBMTVlWN1JqTzhNTUM5T2pOSlNDWWl5emFlTDFaZkgtN2x0anpMVzdkQlo2RFB0Wl9JUkVZUlppOEJqOElOT2VBenlDMnpHVHc4VG80c2JrSkJiWlltRmd6TGFfOTFGX2NWeS0tcXB0ZmRkMlB1dWg3Y3dmdlNHa1VseHRhVWg2X0FF&sso_reload=trueMatcher: Found strong image similarity, brand: MICROSOFT
            Suspicious Javascript code found in HTML file
            Source: (0119)SOA___pay,ment.htmHTTP Parser: .location
            Source: (0119)SOA___pay,ment.htmHTTP Parser: .location
            Source: https://icl-indias.com/?yd5622oj7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1pbW9udGVqbyU0MGNmZi1pbmMuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTY0ZWNkZmRhLWRkZGYtMzI2MC0yOWQ5LTVkZjNiZDdhMzVjNSZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg2MjQ1NTkzODU3MDY0OTYuODJkZTkwMTktZDRlNS00Yzc0LWFiNzUtOGFmOGJhZjcwNzRlJnN0YXRlPURjdEJEc0lnRUVCUjBMTVlWN1JqTzhNTUM5T2pOSlNDWWl5emFlTDFaZkgtN2x0anpMVzdkQlo2RFB0Wl9JUkVZUlppOEJqOElOT2VBenlDMnpHVHc4VG80c2JrSkJiWlltRmd6TGFfOTFGX2NWeS0tcXB0ZmRkMlB1dWg3Y3dmdlNHa1VseHRhVWg2X0FF&sso_reload=trueHTTP Parser: imontejo@cff-inc.com
            Source: https://icl-indias.com/?yd5622oj7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1pbW9udGVqbyU0MGNmZi1pbmMuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTY0ZWNkZmRhLWRkZGYtMzI2MC0yOWQ5LTVkZjNiZDdhMzVjNSZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg2MjQ1NTkzODU3MDY0OTYuODJkZTkwMTktZDRlNS00Yzc0LWFiNzUtOGFmOGJhZjcwNzRlJnN0YXRlPURjdEJEc0lnRUVCUjBMTVlWN1JqTzhNTUM5T2pOSlNDWWl5emFlTDFaZkgtN2x0anpMVzdkQlo2RFB0Wl9JUkVZUlppOEJqOElOT2VBenlDMnpHVHc4VG80c2JrSkJiWlltRmd6TGFfOTFGX2NWeS0tcXB0ZmRkMlB1dWg3Y3dmdlNHa1VseHRhVWg2X0FF&sso_reload=trueHTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
            Source: https://icl-indias.com/?yd5622oj7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1pbW9udGVqbyU0MGNmZi1pbmMuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTY0ZWNkZmRhLWRkZGYtMzI2MC0yOWQ5LTVkZjNiZDdhMzVjNSZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg2MjQ1NTkzODU3MDY0OTYuODJkZTkwMTktZDRlNS00Yzc0LWFiNzUtOGFmOGJhZjcwNzRlJnN0YXRlPURjdEJEc0lnRUVCUjBMTVlWN1JqTzhNTUM5T2pOSlNDWWl5emFlTDFaZkgtN2x0anpMVzdkQlo2RFB0Wl9JUkVZUlppOEJqOElOT2VBenlDMnpHVHc4VG80c2JrSkJiWlltRmd6TGFfOTFGX2NWeS0tcXB0ZmRkMlB1dWg3Y3dmdlNHa1VseHRhVWg2X0FF&sso_reload=trueHTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
            Source: https://icl-indias.com/common/loginHTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
            Source: https://icl-indias.com/?yd5622oj7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1pbW9udGVqbyU0MGNmZi1pbmMuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTY0ZWNkZmRhLWRkZGYtMzI2MC0yOWQ5LTVkZjNiZDdhMzVjNSZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg2MjQ1NTkzODU3MDY0OTYuODJkZTkwMTktZDRlNS00Yzc0LWFiNzUtOGFmOGJhZjcwNzRlJnN0YXRlPURjdEJEc0lnRUVCUjBMTVlWN1JqTzhNTUM5T2pOSlNDWWl5emFlTDFaZkgtN2x0anpMVzdkQlo2RFB0Wl9JUkVZUlppOEJqOElOT2VBenlDMnpHVHc4VG80c2JrSkJiWlltRmd6TGFfOTFGX2NWeS0tcXB0ZmRkMlB1dWg3Y3dmdlNHa1VseHRhVWg2X0FF&sso_reload=trueHTTP Parser: Number of links: 0
            Source: https://icl-indias.com/?yd5622oj7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1pbW9udGVqbyU0MGNmZi1pbmMuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTY0ZWNkZmRhLWRkZGYtMzI2MC0yOWQ5LTVkZjNiZDdhMzVjNSZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg2MjQ1NTkzODU3MDY0OTYuODJkZTkwMTktZDRlNS00Yzc0LWFiNzUtOGFmOGJhZjcwNzRlJnN0YXRlPURjdEJEc0lnRUVCUjBMTVlWN1JqTzhNTUM5T2pOSlNDWWl5emFlTDFaZkgtN2x0anpMVzdkQlo2RFB0Wl9JUkVZUlppOEJqOElOT2VBenlDMnpHVHc4VG80c2JrSkJiWlltRmd6TGFfOTFGX2NWeS0tcXB0ZmRkMlB1dWg3Y3dmdlNHa1VseHRhVWg2X0FFHTTP Parser: Base64 decoded: function c(){if(!document.querySelector(".b") || !document.querySelector(".g")){document.head.appendChild(Object.assign(document.createElement("div"),{classList:["b"]}));document.documentElement.style.filter="hue-rotate(4deg)";document.head.appendChild(Ob...
            Source: https://icl-indias.com/?yd5622oj7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlHTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
            Source: https://icl-indias.com/?yd5622oj7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlHTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
            Source: https://icl-indias.com/?yd5622oj7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlHTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
            Source: https://icl-indias.com/common/loginHTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
            Source: https://icl-indias.com/?yd5622oj7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1pbW9udGVqbyU0MGNmZi1pbmMuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTY0ZWNkZmRhLWRkZGYtMzI2MC0yOWQ5LTVkZjNiZDdhMzVjNSZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg2MjQ1NTkzODU3MDY0OTYuODJkZTkwMTktZDRlNS00Yzc0LWFiNzUtOGFmOGJhZjcwNzRlJnN0YXRlPURjdEJEc0lnRUVCUjBMTVlWN1JqTzhNTUM5T2pOSlNDWWl5emFlTDFaZkgtN2x0anpMVzdkQlo2RFB0Wl9JUkVZUlppOEJqOElOT2VBenlDMnpHVHc4VG80c2JrSkJiWlltRmd6TGFfOTFGX2NWeS0tcXB0ZmRkMlB1dWg3Y3dmdlNHa1VseHRhVWg2X0FF&sso_reload=trueHTTP Parser: <input type="password" .../> found
            Source: https://icl-indias.com/common/loginHTTP Parser: <input type="password" .../> found
            Source: (0119)SOA___pay,ment.htmHTTP Parser: No favicon
            Source: file:///C:/Users/user/Desktop/(0119)SOA___pay,ment.htmHTTP Parser: No favicon
            Source: https://icl-indias.com/?yd5622oj7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1pbW9udGVqbyU0MGNmZi1pbmMuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTY0ZWNkZmRhLWRkZGYtMzI2MC0yOWQ5LTVkZjNiZDdhMzVjNSZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg2MjQ1NTkzODU3MDY0OTYuODJkZTkwMTktZDRlNS00Yzc0LWFiNzUtOGFmOGJhZjcwNzRlJnN0YXRlPURjdEJEc0lnRUVCUjBMTVlWN1JqTzhNTUM5T2pOSlNDWWl5emFlTDFaZkgtN2x0anpMVzdkQlo2RFB0Wl9JUkVZUlppOEJqOElOT2VBenlDMnpHVHc4VG80c2JrSkJiWlltRmd6TGFfOTFGX2NWeS0tcXB0ZmRkMlB1dWg3Y3dmdlNHa1VseHRhVWg2X0FFHTTP Parser: No favicon
            Source: https://icl-indias.com/?yd5622oj7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1pbW9udGVqbyU0MGNmZi1pbmMuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTY0ZWNkZmRhLWRkZGYtMzI2MC0yOWQ5LTVkZjNiZDdhMzVjNSZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg2MjQ1NTkzODU3MDY0OTYuODJkZTkwMTktZDRlNS00Yzc0LWFiNzUtOGFmOGJhZjcwNzRlJnN0YXRlPURjdEJEc0lnRUVCUjBMTVlWN1JqTzhNTUM5T2pOSlNDWWl5emFlTDFaZkgtN2x0anpMVzdkQlo2RFB0Wl9JUkVZUlppOEJqOElOT2VBenlDMnpHVHc4VG80c2JrSkJiWlltRmd6TGFfOTFGX2NWeS0tcXB0ZmRkMlB1dWg3Y3dmdlNHa1VseHRhVWg2X0FF&sso_reload=trueHTTP Parser: No favicon
            Source: https://icl-indias.com/?yd5622oj7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1pbW9udGVqbyU0MGNmZi1pbmMuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTY0ZWNkZmRhLWRkZGYtMzI2MC0yOWQ5LTVkZjNiZDdhMzVjNSZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg2MjQ1NTkzODU3MDY0OTYuODJkZTkwMTktZDRlNS00Yzc0LWFiNzUtOGFmOGJhZjcwNzRlJnN0YXRlPURjdEJEc0lnRUVCUjBMTVlWN1JqTzhNTUM5T2pOSlNDWWl5emFlTDFaZkgtN2x0anpMVzdkQlo2RFB0Wl9JUkVZUlppOEJqOElOT2VBenlDMnpHVHc4VG80c2JrSkJiWlltRmd6TGFfOTFGX2NWeS0tcXB0ZmRkMlB1dWg3Y3dmdlNHa1VseHRhVWg2X0FF&sso_reload=trueHTTP Parser: No favicon
            Source: https://icl-indias.com/?yd5622oj7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1pbW9udGVqbyU0MGNmZi1pbmMuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTY0ZWNkZmRhLWRkZGYtMzI2MC0yOWQ5LTVkZjNiZDdhMzVjNSZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg2MjQ1NTkzODU3MDY0OTYuODJkZTkwMTktZDRlNS00Yzc0LWFiNzUtOGFmOGJhZjcwNzRlJnN0YXRlPURjdEJEc0lnRUVCUjBMTVlWN1JqTzhNTUM5T2pOSlNDWWl5emFlTDFaZkgtN2x0anpMVzdkQlo2RFB0Wl9JUkVZUlppOEJqOElOT2VBenlDMnpHVHc4VG80c2JrSkJiWlltRmd6TGFfOTFGX2NWeS0tcXB0ZmRkMlB1dWg3Y3dmdlNHa1VseHRhVWg2X0FF&sso_reload=trueHTTP Parser: No favicon
            Source: https://icl-indias.com/common/loginHTTP Parser: No favicon
            Source: https://icl-indias.com/common/loginHTTP Parser: No favicon
            Source: https://icl-indias.com/?yd5622oj7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1pbW9udGVqbyU0MGNmZi1pbmMuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTY0ZWNkZmRhLWRkZGYtMzI2MC0yOWQ5LTVkZjNiZDdhMzVjNSZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg2MjQ1NTkzODU3MDY0OTYuODJkZTkwMTktZDRlNS00Yzc0LWFiNzUtOGFmOGJhZjcwNzRlJnN0YXRlPURjdEJEc0lnRUVCUjBMTVlWN1JqTzhNTUM5T2pOSlNDWWl5emFlTDFaZkgtN2x0anpMVzdkQlo2RFB0Wl9JUkVZUlppOEJqOElOT2VBenlDMnpHVHc4VG80c2JrSkJiWlltRmd6TGFfOTFGX2NWeS0tcXB0ZmRkMlB1dWg3Y3dmdlNHa1VseHRhVWg2X0FF&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://icl-indias.com/?yd5622oj7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1pbW9udGVqbyU0MGNmZi1pbmMuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTY0ZWNkZmRhLWRkZGYtMzI2MC0yOWQ5LTVkZjNiZDdhMzVjNSZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg2MjQ1NTkzODU3MDY0OTYuODJkZTkwMTktZDRlNS00Yzc0LWFiNzUtOGFmOGJhZjcwNzRlJnN0YXRlPURjdEJEc0lnRUVCUjBMTVlWN1JqTzhNTUM5T2pOSlNDWWl5emFlTDFaZkgtN2x0anpMVzdkQlo2RFB0Wl9JUkVZUlppOEJqOElOT2VBenlDMnpHVHc4VG80c2JrSkJiWlltRmd6TGFfOTFGX2NWeS0tcXB0ZmRkMlB1dWg3Y3dmdlNHa1VseHRhVWg2X0FF&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://icl-indias.com/common/loginHTTP Parser: No <meta name="author".. found
            Source: https://icl-indias.com/?yd5622oj7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1pbW9udGVqbyU0MGNmZi1pbmMuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTY0ZWNkZmRhLWRkZGYtMzI2MC0yOWQ5LTVkZjNiZDdhMzVjNSZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg2MjQ1NTkzODU3MDY0OTYuODJkZTkwMTktZDRlNS00Yzc0LWFiNzUtOGFmOGJhZjcwNzRlJnN0YXRlPURjdEJEc0lnRUVCUjBMTVlWN1JqTzhNTUM5T2pOSlNDWWl5emFlTDFaZkgtN2x0anpMVzdkQlo2RFB0Wl9JUkVZUlppOEJqOElOT2VBenlDMnpHVHc4VG80c2JrSkJiWlltRmd6TGFfOTFGX2NWeS0tcXB0ZmRkMlB1dWg3Y3dmdlNHa1VseHRhVWg2X0FF&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: https://icl-indias.com/?yd5622oj7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1pbW9udGVqbyU0MGNmZi1pbmMuY29tJmNsaWVudC1yZXF1ZXN0LWlkPTY0ZWNkZmRhLWRkZGYtMzI2MC0yOWQ5LTVkZjNiZDdhMzVjNSZwcm90ZWN0ZWR0b2tlbj10cnVlJmNsYWltcz0lN2IlMjJpZF90b2tlbiUyMiUzYSU3YiUyMnhtc19jYyUyMiUzYSU3YiUyMnZhbHVlcyUyMiUzYSU1YiUyMkNQMSUyMiU1ZCU3ZCU3ZCU3ZCZub25jZT02Mzg2MjQ1NTkzODU3MDY0OTYuODJkZTkwMTktZDRlNS00Yzc0LWFiNzUtOGFmOGJhZjcwNzRlJnN0YXRlPURjdEJEc0lnRUVCUjBMTVlWN1JqTzhNTUM5T2pOSlNDWWl5emFlTDFaZkgtN2x0anpMVzdkQlo2RFB0Wl9JUkVZUlppOEJqOElOT2VBenlDMnpHVHc4VG80c2JrSkJiWlltRmd6TGFfOTFGX2NWeS0tcXB0ZmRkMlB1dWg3Y3dmdlNHa1VseHRhVWg2X0FF&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: https://icl-indias.com/common/loginHTTP Parser: No <meta name="copyright".. found
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49728 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49734 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49740 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49773 version: TLS 1.2
            Source: chrome.exeMemory has grown: Private usage: 1MB later: 30MB
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: global trafficDNS traffic detected: DNS query: sandsbrokeageinc.com
            Source: global trafficDNS traffic detected: DNS query: icl-indias.com
            Source: global trafficDNS traffic detected: DNS query: www.google.com
            Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
            Source: global trafficDNS traffic detected: DNS query: outlook.office365.com
            Source: global trafficDNS traffic detected: DNS query: r4.res.office365.com
            Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
            Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
            Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
            Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
            Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
            Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
            Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
            Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
            Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49728 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49734 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49740 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49773 version: TLS 1.2
            Source: classification engineClassification label: mal76.phis.winHTM@16/28@16/115
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\(0119)SOA___pay,ment.htm
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1948,i,17906471861068635082,894494503509890784,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1948,i,17906471861068635082,894494503509890784,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure1
            Drive-by Compromise            		Windows Management Instrumentation1
            Registry Run Keys / Startup Folder            		1
            Process Injection            		1
            Masquerading            		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Registry Run Keys / Startup Folder            		1
            Process Injection            		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
            Non-Application Layer Protocol            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            Extra Window Memory Injection            		1
            Extra Window Memory Injection            		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
            Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            No Antivirus matches

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            file:///C:/Users/user/Desktop/(0119)SOA___pay,ment.htm0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            ooc-g2.tm-4.office.com
            		52.98.171.242
            		truefalse
              		unknown
              sandsbrokeageinc.com
              		212.18.104.137
              		truefalse
                		unknown
                sni1gl.wpc.omegacdn.net
                		152.199.21.175
                		truefalse
                  		unknown
                  s-part-0017.t-0009.fb-t-msedge.net
                  		13.107.253.45
                  		truefalse
                    		unknown
                    www.google.com
                    		216.58.206.36
                    		truefalse
                      		unknown
                      icl-indias.com
                      		212.18.104.137
                      		truetrue
                        		unknown
                        r4.res.office365.com
                        		unknown
                        		unknownfalse
                          		unknown
                          aadcdn.msftauth.net
                          		unknown
                          		unknownfalse
                            		unknown
                            outlook.office365.com
                            		unknown
                            		unknownfalse
                              		unknown

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              https://icl-indias.com/common/logintrue
                                		unknown
                                file:///C:/Users/user/Desktop/(0119)SOA___pay,ment.htmtrue
                                • Avira URL Cloud: safe
                                		unknown

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                142.250.185.67
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                1.1.1.1
                                		unknownAustralia
                                		13335CLOUDFLARENETUSfalse
                                52.98.171.242
                                		ooc-g2.tm-4.office.comUnited States
                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                212.18.104.137
                                		sandsbrokeageinc.comunknown
                                		8687PPP-ASDEtrue
                                74.125.71.84
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                142.250.185.227
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                216.58.206.36
                                		www.google.comUnited States
                                		15169GOOGLEUSfalse
                                216.58.206.46
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                142.250.185.170
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                239.255.255.250
                                		unknownReserved
                                		unknownunknownfalse
                                40.126.31.67
                                		unknownUnited States
                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                152.199.21.175
                                		sni1gl.wpc.omegacdn.netUnited States
                                		15133EDGECASTUSfalse
                                142.250.184.206
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                23.38.98.96
                                		unknownUnited States
                                		16625AKAMAI-ASUSfalse

                                Private

                                IP
                                192.168.2.17
                                192.168.2.16

                                General Information

                                Joe Sandbox version:41.0.0 Charoite
                                Analysis ID:1514672
                                Start date and time:2024-09-20 21:05:05 +02:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:13
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • EGA enabled
                                Analysis Mode:stream
                                Analysis stop reason:Timeout
                                Sample name:(0119)SOA___pay,ment.htm
                                Detection:MAL
                                Classification:mal76.phis.winHTM@16/28@16/115
                                Cookbook Comments:
                                • Found application associated with file extension: .htm

                                Warnings

                                • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
                                • Excluded IPs from analysis (whitelisted): 142.250.185.67, 142.250.184.206, 74.125.71.84, 34.104.35.123, 217.20.57.34
                                • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
                                • Not all processes where analyzed, report is missing behavior information
                                • VT rate limit hit for: (0119)SOA___pay,ment.htm

                                LLM Input / Output

                                InputOutput
                                URL: https://icl-indias.com/?yd5622oj7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291c Model: jbxai
                                {
"brand":["Globi"],
"contains_trigger_text":true,
"prominent_button_name":"Sign in with another account",
"text_input_field_labels":["Enter password",
"Forgot my password"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                                URL: https://icl-indias.com/?yd5622oj7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291c Model: jbxai
                                {
"brand":["Microsoft"],
"contains_trigger_text":false,
"prominent_button_name":"Sign in",
"text_input_field_labels":["Enter password",
"Forgot my password",
"Sign in with another account"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                                URL: https://icl-indias.com/?yd5622oj7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291c Model: jbxai
                                {
"brand":["Microsoft"],
"contains_trigger_text":false,
"prominent_button_name":"Sign in",
"text_input_field_labels":["Enter password",
"Forgot my password",
"Sign in with another account"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                                URL: https://icl-indias.com/?yd5622oj7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291c Model: o1-mini-2024-09-12
                                ```json{  "riskscore": 9,  "legit_domain": "microsoft.com",  "reasons": [    "The provided URL 'icl-indias.com' does not match the legitimate domain of Microsoft ('microsoft.com').",    "'icl-indias.com' is not a recognized domain associated with Microsoft.",    "The domain structure and elements of the URL differ significantly from Microsoft's official website.",    "Possible phishing attempt due to mismatch between brand name and URL domain."  ]}
                                URL: icl-indias.com Brand: Microsoft
                                URL: https://icl-indias.com/?yd5622oj7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291c Model: jbxai
                                {
"phishing_score":8,
"brands":["Outlook",
"Microsoft"],
"sub_domain":"icl-indias",
"legit_domain":"outlook.com",
"partial_domain_match":true,
"brand_matches_associated_domain":false,
"reasons":"The domain name 'icl-indias.com' does not fully match the legitimate domain name 'outlook.com' associated with the identified brand 'Outlook'. The presence of 'icl-indias' in the domain name suggests a partial domain match,
 which is a common indicator of phishing sites. Additionally,
 the brand 'Outlook' does not match the associated domain 'icl-indias.com',
 which further supports the likelihood of a phishing site.",
"brand_matches":[false,
false],
"url_match":false}
                                URL: https://icl-indias.com/?yd5622oj7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291c Model: jbxai
                                {
"brand":["Outlook"],
"contains_trigger_text":false,
"prominent_button_name":"Sign in",
"text_input_field_labels":["Enter password",
"Forgot my password",
"Sign in with another account"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                                URL: https://icl-indias.com/common/login Model: jbxai
                                {
"brand":["Microsoft"],
"contains_trigger_text":false,
"prominent_button_name":"Sign in",
"text_input_field_labels":["Enter password",
"Forgot my password",
"Sign in with another account"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                                URL: https://icl-indias.com/common/login Model: jbxai
                                {
"brand":["Microsoft"],
"contains_trigger_text":false,
"prominent_button_name":"Sign in",
"text_input_field_labels":["Enter password",
"Password",
"Forgot my password",
"Sign in with another account"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                                URL: https://icl-indias.com/common/login Model: o1-mini-2024-09-12
                                ```json{  "riskscore": 10,  "legit_domain": "microsoft.com",  "reasons": [    "URL domain does not match the legitimate Microsoft domain.",    "URL contains unrelated identifiers ('icl-indias').",    "No common association found between 'icl-indias.com' and Microsoft."  ]}
                                URL: icl-indias.com Brand: Microsoft
                                URL: https://icl-indias.com/common/login Model: jbxai
                                {
"phishing_score":8,
"brands":["Microsoft"],
"sub_domain":"icl-indias",
"legit_domain":"outlook.com",
"partial_domain_match":true,
"brand_matches_associated_domain":false,
"reasons":"The domain name 'icl-indias.com' does not match the brand name or the expected domain for Microsoft Outlook,
 which is 'outlook.com'. The presence of a hyphen in the domain name and the discrepancy between the brand name and the domain name suggest a phishing attempt.",
"brand_matches":[false],
"url_match":false}

                                Created / dropped Files

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 20 18:05:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2673
                                Entropy (8bit):3.987332537485723
                                Encrypted:false
                                SSDEEP:
                                MD5:4414EAA085E6B01568B22E811F0E0B66
                                SHA1:961FD07D6189C9D065B2696AE591378364CECE44
                                SHA-256:029CE0713E503F3FF056B83D43EC350FC4B550CED306E8F7B4C095CACAD9A12B
                                SHA-512:5CFB3CE818D3165FDBED65E3B207211A2297866367F5030A91E96D084C62154E2A93957050EEBA93D37E95A9CD77DECF2D18A0D9F3572B51BE509E99AF450CF9
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I4Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V4Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V4Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V4Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V4Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........j.u......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 20 18:05:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2675
                                Entropy (8bit):4.001661717453684
                                Encrypted:false
                                SSDEEP:
                                MD5:2763CE54B3C08E343DD64930B3000F18
                                SHA1:CE45FB7F536146A93794A5B6BFFF588E585EF05F
                                SHA-256:EE1AC6F0AC7C39752639449DAA731F245F6CDD03C607CECCCBB0717234BBB934
                                SHA-512:8EAE8F94DBB67F65F04B891E9F207F115F6786258D9CBA8F9625B7A0256AA593E0DD4C2F041AA3502C925A4E0E8463848191E02696609DAEE6EF7357F202B035
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,....7.......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I4Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V4Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V4Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V4Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V4Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........j.u......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2689
                                Entropy (8bit):4.011316812778839
                                Encrypted:false
                                SSDEEP:
                                MD5:06D40305ED9A64BE53795F851BA98828
                                SHA1:34E4FA29F3A1B0DE2628801CDF2C71B604952F8D
                                SHA-256:9EEBDF772E04516C6D2A26EC31184B280DC44709B5A5010D417119837C79B113
                                SHA-512:15C4F1E7B90EA04D89E4D10DF47BDE17C6FD6FE387E7F015A678A82904D78B7A6F663766411AC850F3BCF6488E177344C6FB25DB81B31B1D33A309074E2D067A
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I4Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V4Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V4Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V4Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........j.u......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 20 18:05:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2677
                                Entropy (8bit):4.001845950309161
                                Encrypted:false
                                SSDEEP:
                                MD5:533CE9A553A51A4B06C337951AC5EEDC
                                SHA1:4DEEF2B9A9FE79CD6F373802425D3510876DDD8A
                                SHA-256:B3F8F22422D098AF999DD4927ABAFA0D7676CE3B4CB866D715A8680953E5C6A0
                                SHA-512:BE258B8C303F6B4CB31B219B58A901788F910609C61270D87E4D9830BA5CDA8532BD9F2046BAD95091EBFB62D56D9001BD97614488FEF50ABEB7FA3519702CC3
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I4Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V4Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V4Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V4Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V4Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........j.u......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 20 18:05:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2677
                                Entropy (8bit):3.9911203538225495
                                Encrypted:false
                                SSDEEP:
                                MD5:02CDA5C089D5B9E7FA32511F8B3389E0
                                SHA1:C90CEFB703B6197B289F574A1EB69081D0796290
                                SHA-256:A23C84989DA2334F922E5F247C981729AD62C522199F6B850985189CCE38A702
                                SHA-512:B20E5864C091630EA0513E54AEA8AC6A360AA5C62EEE7AEDAB9D877992F9C3ED923D767DE831AACC39B1ABC03727B2BE8EFF8A05FF39D80E16E5F61E7B53DDE8
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I4Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V4Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V4Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V4Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V4Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........j.u......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 20 18:05:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2679
                                Entropy (8bit):3.998284592914172
                                Encrypted:false
                                SSDEEP:
                                MD5:043E22E80F575C435A29FA3526A8D1EC
                                SHA1:41892A620BFF27ECF7E6E7547F36A166E82705D2
                                SHA-256:1CA6E4761D83EF1CDFED25398DECA318D5C11831B424070229C94C0C6B7099C9
                                SHA-512:ADF9AD2DB3905873B9F4427B813E601DB9E3338DAD61A707A5143D33A666A46A1F94A014DA4DEFD9DFFB46DF7402D23533B58DEA4698F3BC8840D400FEC59018
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I4Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V4Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V4Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V4Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V4Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........j.u......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                Chrome Cache Entry: 101

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with no line terminators
                                Category:downloaded
                                Size (bytes):28
                                Entropy (8bit):4.164497779200461
                                Encrypted:false
                                SSDEEP:
                                MD5:17C4BD96DCB397D1D62D24921BC4FEBA
                                SHA1:2C0F2AFF858069D582A97867B183EBD5DC8A9FCB
                                SHA-256:3549DBC06BDD994A38C9A29AECD7E8F9577E2150D15F8D6B0533B4D250666514
                                SHA-512:9659C4D5B7EF0C852428D3AE8A8EE816438E268E4537FFA70823C9CB2C240252E6D9E863B2AE95F39397172EEFAAA73541123DC9255C9B37FC9437C655F55A78
                                Malicious:false
                                Reputation:unknown
                                URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwlbvH3chKxlMxIFDU9-u70SBQ1Xevf9?alt=proto
                                Preview:ChIKBw1Pfru9GgAKBw1Xevf9GgA=

                                Chrome Cache Entry: 102

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:SVG Scalable Vector Graphics image
                                Category:downloaded
                                Size (bytes):3651
                                Entropy (8bit):4.094801914706141
                                Encrypted:false
                                SSDEEP:
                                MD5:EE5C8D9FB6248C938FD0DC19370E90BD
                                SHA1:D01A22720918B781338B5BBF9202B241A5F99EE4
                                SHA-256:04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
                                SHA-512:C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
                                Malicious:false
                                Reputation:unknown
                                URL:https://icl-indias.com/aadcdn.msftauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
                                Preview:<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

                                Chrome Cache Entry: 104

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:GIF image data, version 89a, 352 x 3
                                Category:dropped
                                Size (bytes):3620
                                Entropy (8bit):6.867828878374734
                                Encrypted:false
                                SSDEEP:
                                MD5:B540A8E518037192E32C4FE58BF2DBAB
                                SHA1:3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
                                SHA-256:8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
                                SHA-512:E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
                                Malicious:false
                                Reputation:unknown
                                Preview:GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.)...*..!.......,....`.....9.....i..l.go.....H..*".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H..*.-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...

                                Chrome Cache Entry: 105

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:PNG image data, 342 x 72, 8-bit/color RGBA, non-interlaced
                                Category:downloaded
                                Size (bytes):5139
                                Entropy (8bit):7.865234009830226
                                Encrypted:false
                                SSDEEP:
                                MD5:8B36337037CFF88C3DF203BB73D58E41
                                SHA1:1ADA36FA207B8B96B2A5F55078BFE2A97ACEAD0E
                                SHA-256:E4E1E65871749D18AEA150643C07E0AAB2057DA057C6C57EC1C3C43580E1C898
                                SHA-512:97D8CC97C4577631D8D58C0D9276EE55E4B80128080220F77E01E45385C20FE55D208122A8DFA5DADCB87543B1BC291B98DBBA44E8A2BA90D17C638C15D48793
                                Malicious:false
                                Reputation:unknown
                                URL:https://icl-indias.com/aadcdn.msftauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png
                                Preview:.PNG........IHDR...V...H.............tEXtSoftware.Adobe ImageReadyq.e<...%iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 21.0 (Macintosh)" xmpMM:InstanceID="xmp.iid:DB120779422011EA9888910153D3A5E6" xmpMM:DocumentID="xmp.did:DB12077A422011EA9888910153D3A5E6"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:DB120777422011EA9888910153D3A5E6" stRef:documentID="xmp.did:DB120778422011EA9888910153D3A5E6"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>P.WI....IDATx..]]l.......(.5.K0P..0...E.qT..J X)F.(5X....J.}(m.R5.Q...RUEUPU~.....qp@.b......L...k.m"0......"c.3

                                Chrome Cache Entry: 107

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
                                Category:downloaded
                                Size (bytes):659798
                                Entropy (8bit):5.352921769071548
                                Encrypted:false
                                SSDEEP:
                                MD5:9786D38346567E5E93C7D03B06E3EA2D
                                SHA1:23EF8C59C5C9AA5290865933B29C9C56AB62E3B0
                                SHA-256:263307E3FE285C85CB77CF5BA69092531CE07B7641BF316EF496DCB5733AF76C
                                SHA-512:4962CDF483281AB39D339A7DA105A88ADDB9C210C9E36EA5E36611D7135D19FEC8B3C9DBA3E97ABB36D580F194F1860813071FD6CBEDE85D3E88952D099D6805
                                Malicious:false
                                Reputation:unknown
                                URL:https://r4.res.office365.com/owa/prem/15.20.7982.21/scripts/boot.worldwide.1.mouse.js
                                Preview:.window.scriptsLoaded = window.scriptsLoaded || {}; window.scriptProcessStart = window.scriptProcessStart || {}; window.scriptProcessStart['boot.worldwide.1.mouse.js'] = (new Date()).getTime();..;_a.d.G=function(n,t){this.b=n;this.a=t};_a.d.G.prototype={b:0,a:0};_a.fo=function(n){this.s=n};_a.fo.prototype={s:null,t:null,i:function(){return this.s.currentTarget},e:function(){return this.t?this.t.x:this.s.pageX},f:function(){return this.t?this.t.y:this.s.pageY},o:function(){return this.s.relatedTarget},b:function(){return this.s.target},n:function(){return this.s.timeStamp||+new Date},a:function(){var n=this.s.which;!n&&_a.o.a().K&&this.s.type==="keypress"&&(n=this.u());return n},u:function(){return this.s.keyCode},m:function(){return this.s.originalEvent},j:function(){return this.s.type},k:function(){return this.s.originalEvent.touches},q:function(){return this.s.isDefaultPrevented()},g:function(){return this.s.shiftKey},h:function(){return _j.G.a().P?this.s.metaKey:this.s.ctrlKey},l:

                                Chrome Cache Entry: 108

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (59783), with CRLF line terminators
                                Category:downloaded
                                Size (bytes):663451
                                Entropy (8bit):5.3635307555313165
                                Encrypted:false
                                SSDEEP:
                                MD5:761CE9E68C8D14F49B8BF1A0257B69D6
                                SHA1:8CF5D714D35EFFA54F3686065CB62CCE028E2C77
                                SHA-256:BEAA65AD34340E61E9E701458E2CCFF8F9073FDEBBC3593A2C7EC8AFEACB69C1
                                SHA-512:CEC948666FBA0F56D3DA27A931033C3A581C9C00FEC4D3DDCF41324525B5B5321AE3AB89581ECC7F497DE85EF684AB277C8A2DB393D526416CEB76C91A1B9263
                                Malicious:false
                                Reputation:unknown
                                URL:https://r4.res.office365.com/owa/prem/15.20.7982.23/scripts/boot.worldwide.0.mouse.js
                                Preview:.window.scriptsLoaded = window.scriptsLoaded || {}; window.scriptProcessStart = window.scriptProcessStart || {}; window.scriptProcessStart['boot.worldwide.0.mouse.js'] = (new Date()).getTime();../* Empty file */;Function.__typeName="Function";Function.__class=!0;Function.createCallback=function(n,t){return function(){var r=arguments.length;if(r>0){for(var u=[],i=0;i<r;i++)u[i]=arguments[i];u[r]=t;return n.apply(this,u)}return n.call(this,t)}};Function.prototype.bind=Function.prototype.bind||function(n){if(typeof this!="function")throw new TypeError("bind(): we can only bind to functions");var u=Array.prototype.slice.call(arguments,1),r=this,t=function(){},i=function(){return r.apply(this instanceof t?this:n,u.concat(Array.prototype.slice.call(arguments)))};this.prototype&&(t.prototype=this.prototype);i.prototype=new t;return i};Function.createDelegate=function(n,t){return function(){return t.apply(n,arguments)}};Function.emptyFunction=Function.emptyMethod=function(){};Error.__typeNam

                                Chrome Cache Entry: 109

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with very long lines (32960)
                                Category:dropped
                                Size (bytes):109863
                                Entropy (8bit):5.310477442235456
                                Encrypted:false
                                SSDEEP:
                                MD5:46C21D0ACECBD2212374B27C7D1B078A
                                SHA1:5861965E506ACAAA7D10E5B9C31E99D254B85560
                                SHA-256:5F5FBEE72883732799D75F6C08679ED8A6E769AE4F3AFDCD3721103A481AFA80
                                SHA-512:B7E4980A66F15A8B918C2325CDC5FC41BADD0DEF7A43B2A2A93C593D05FC2ED4793448115DCC28B551F73623D876DB2B4672D64C3EE064369181FB74919FFC51
                                Malicious:false
                                Reputation:unknown
                                Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp||[]).push([[7],{496:function(e,t,n)

                                Chrome Cache Entry: 110

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:JSON data
                                Category:downloaded
                                Size (bytes):327
                                Entropy (8bit):5.678363661723327
                                Encrypted:false
                                SSDEEP:
                                MD5:F1959F9D05694E96D451A5A9591147EB
                                SHA1:605990E73B5B18978D79782E1D5B20F5C0C8FDA1
                                SHA-256:41BC261B10D0EB1A1F042E054F1A83B65B307557DE252C291068F6F6A22521E5
                                SHA-512:B122D824E495B3545D19E5A7D3F3504459FCFC3AB34A2A7567FE857908F8709C64291BF06F1E5AF162826F0E94B05CBA00B58137866F66A864957F2EC9BBA2A9
                                Malicious:false
                                Reputation:unknown
                                URL:https://sandsbrokeageinc.com/?gducltto&qrc=imontejo@cff-inc.com
                                Preview:{"url":"https://icl-indias.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2ljbC1pbmRpYXMuY29tLyIsImRvbWFpbiI6ImljbC1pbmRpYXMuY29tIiwia2V5Ijoib0k2TklxN0FyeklZIiwicXJjIjoiaW1vbnRlam9AY2ZmLWluYy5jb20iLCJpYXQiOjE3MjY4NTkxMzYsImV4cCI6MTcyNjg1OTI1Nn0.lv3Vm3LI2CuNvuep6TFVGMYWjTpmFb3EBvk0BBJYzZM","frame":true}

                                Chrome Cache Entry: 111

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:HTML document, ASCII text, with very long lines (3450), with CRLF line terminators
                                Category:downloaded
                                Size (bytes):3452
                                Entropy (8bit):5.117912766689607
                                Encrypted:false
                                SSDEEP:
                                MD5:CB06E9A552B197D5C0EA600B431A3407
                                SHA1:04E167433F2F1038C78F387F8A166BB6542C2008
                                SHA-256:1F4EDBD2416E15BD82E61BA1A8E5558D44C4E914536B1B07712181BF57934021
                                SHA-512:1B4A3919E442EE4D2F30AE29B1C70DF7274E5428BCB6B3EDD84DCB92D60A0D6BDD9FA6D9DDE8EAB341FF4C12DE00A50858BF1FC5B6135B71E9E177F5A9ED34B9
                                Malicious:false
                                Reputation:unknown
                                URL:https://login.live.com/Me.htm?v=3
                                Preview:<script type="text/javascript">!function(t,e){for(var s in e)t[s]=e[s]}(this,function(t){function e(n){if(s[n])return s[n].exports;var i=s[n]={exports:{},id:n,loaded:!1};return t[n].call(i.exports,i,i.exports,e),i.loaded=!0,i.exports}var s={};return e.m=t,e.c=s,e.p="",e(0)}([function(t,e){function s(t){for(var e=f[S],s=0,n=e.length;s<n;++s)if(e[s]===t)return!0;return!1}function n(t){if(!t)return null;for(var e=t+"=",s=document.cookie.split(";"),n=0,i=s.length;n<i;n++){var a=s[n].replace(/^\s*(\w+)\s*=\s*/,"$1=").replace(/(\s+$)/,"");if(0===a.indexOf(e))return a.substring(e.length)}return null}function i(t,e,s){if(t)for(var n=t.split(":"),i=null,a=0,r=n.length;a<r;++a){var c=null,S=n[a].split("$");if(0===a&&(i=parseInt(S.shift()),!i))return;var l=S.length;if(l>=1){var p=o(i,S[0]);if(!p||s[p])continue;c={signInName:p,idp:"msa",isSignedIn:!0}}if(l>=3&&(c.firstName=o(i,S[1]),c.lastName=o(i,S[2])),l>=4){var f=S[3],d=f.split("|");c.otherHashedAliases=d}if(l>=5){var h=parseInt(S[4],16);h&&(c.

                                Chrome Cache Entry: 112

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:PNG image data, 600 x 1, 8-bit/color RGBA, non-interlaced
                                Category:downloaded
                                Size (bytes):132
                                Entropy (8bit):4.945787382366693
                                Encrypted:false
                                SSDEEP:
                                MD5:3EDA15637AFEAC6078F56C9DCC9BBDB8
                                SHA1:97B900884183CB8CF99BA069EEDC280C599C1B74
                                SHA-256:68C66D144855BA2BC8B8BEE88BB266047367708C1E281A21B9D729B1FBD23429
                                SHA-512:06B21827589FCAF63B085DB2D662737B24A39A697FF9138BDF188408647C3E90784B355F2B8390160CA487992C033CE735599271EE35873E1941812AB6C34B52
                                Malicious:false
                                Reputation:unknown
                                URL:https://r4.res.office365.com/owa/prem/15.20.7982.21/resources/images/0/sprite1.mouse.png
                                Preview:.PNG........IHDR...X..........x......sRGB.........gAMA......a.....pHYs..........o.d....IDATHK..1......Om.O ...j.a...\BW....IEND.B`.

                                Chrome Cache Entry: 113

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with very long lines (61177)
                                Category:downloaded
                                Size (bytes):113401
                                Entropy (8bit):5.284985933216009
                                Encrypted:false
                                SSDEEP:
                                MD5:41955034BB6BC6963DF5A8ECA72C5B81
                                SHA1:D4B9E8C46100BDDACE8DFA08BDFF1F6F3D3B0A81
                                SHA-256:1F8CEB44FE7CFCF7E71DBD5122210335CA3821D697A851D2900B95AF7D92D69D
                                SHA-512:A52DF8961AC9964DE5202A52B4C38242368DC8898593BF3E8B3AFD3FC77C2C12FE72F27BB410DD4F7498643B69EEEFCCA1A566371E211F874C0BE22CF7E2A4E8
                                Malicious:false
                                Reputation:unknown
                                URL:https://icl-indias.com/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css
                                Preview:/*! Copyright (C) Microsoft Corporation. All rights reserved. *//*!.------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------..This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise...//-----------------------------------------------------------------------------.twbs-bootstrap-sass (3.3.0).//-----------------------------------------------------------------------------..The MIT License (MIT)..Copyright (c) 2013 Twitter, Inc..Permission is hereby granted, free of charge, to any person

                                Chrome Cache Entry: 115

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:GIF image data, version 89a, 352 x 3
                                Category:downloaded
                                Size (bytes):2672
                                Entropy (8bit):6.640973516071413
                                Encrypted:false
                                SSDEEP:
                                MD5:166DE53471265253AB3A456DEFE6DA23
                                SHA1:17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
                                SHA-256:A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
                                SHA-512:80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
                                Malicious:false
                                Reputation:unknown
                                URL:https://icl-indias.com/aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif
                                Preview:GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;.*..\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..

                                Chrome Cache Entry: 120

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with very long lines (23234)
                                Category:downloaded
                                Size (bytes):24207
                                Entropy (8bit):5.2347649587378795
                                Encrypted:false
                                SSDEEP:
                                MD5:6026206DA394ABD5252E0A5C87DD3B00
                                SHA1:3F542F42FD19862662C56CB29EB4BDD68A0622D9
                                SHA-256:08D2BCF4ED2AE7BC7C9A84831B73FB511B904A3232A5C9C9E1915AF000583A81
                                SHA-512:38A363B5FA541C9796604CD05201486BFAE63CD6461EF8B7AF5CAAD13556441D67CC39156842296070C014B30E4343A767B5B73C8DD4EC81511F8D0C5FEAA2C0
                                Malicious:false
                                Reputation:unknown
                                URL:https://icl-indias.com/aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_f7b06b70c72b4590b779.js
                                Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp||[]).push([[24],{464:function(e,n,t

                                Chrome Cache Entry: 87

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with very long lines (994), with no line terminators
                                Category:downloaded
                                Size (bytes):994
                                Entropy (8bit):4.934955158256183
                                Encrypted:false
                                SSDEEP:
                                MD5:E2110B813F02736A4726197271108119
                                SHA1:D7AC10CC425A7B67BF16DDA0AAEF1FEB00A79857
                                SHA-256:6D1BE7ED96DD494447F348986317FAF64728CCF788BE551F2A621B31DDC929AC
                                SHA-512:E79CF6DB777D62690DB9C975B5494085C82E771936DB614AF9C75DB7CE4B6CA0A224B7DFB858437EF1E33C6026D772BE9DBBB064828DB382A4703CB34ECEF1CF
                                Malicious:false
                                Reputation:unknown
                                URL:https://r4.res.office365.com/owa/prem/15.20.7982.21/resources/images/0/sprite1.mouse.css
                                Preview:.image-loading_blackbg-gif{background:url('loading_blackbg.gif');width:16px;height:16px}.image-loading_whitebg-gif{background:url('loading_whitebg.gif');width:16px;height:16px}.image-thinking16_blue-gif{background:url('thinking16_blue.gif');width:16px;height:16px}.image-thinking16_grey-gif{background:url('thinking16_grey.gif');width:16px;height:16px}.image-thinking16_white-gif{background:url('thinking16_white.gif');width:16px;height:16px}.image-thinking24-gif{background:url('thinking24.gif');width:24px;height:24px}.image-thinking32_blue-gif{background:url('thinking32_blue.gif');width:32px;height:32px}.image-thinking32_grey-gif{background:url('thinking32_grey.gif');width:32px;height:32px}.image-thinking32_white-gif{background:url('thinking32_white.gif');width:32px;height:32px}.image-clear1x1-gif{width:1px;height:1px;background:url('sprite1.mouse.png') -0 -0}.csimg{padding:0;border:none;background-repeat:no-repeat;-webkit-touch-callout:none}span.csimg{-ms-high-contrast-adjust:none}

                                Chrome Cache Entry: 88

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with very long lines (65536), with no line terminators
                                Category:downloaded
                                Size (bytes):232394
                                Entropy (8bit):5.54543362321178
                                Encrypted:false
                                SSDEEP:
                                MD5:AF8D946B64D139A380CF3A1C27BDBEB0
                                SHA1:C76845B6FFEAF14450795C550260EB618ABD60AB
                                SHA-256:37619B16288166CC76403F0B7DF6586349B2D5628DE00D5850C815D019B17904
                                SHA-512:C5CFB514F993310676E834C8A5477576BD57C82A8665387F9909BA0D4C3C2DE693E738ACAA74E7B4CA20894EA2FEEA5CF9A2428767D03FE1DE9C84538FDC3EE9
                                Malicious:false
                                Reputation:unknown
                                URL:https://r4.res.office365.com/owa/prem/15.20.7982.21/resources/styles/0/boot.worldwide.mouse.css
                                Preview:.feedbackList{-webkit-animation-duration:.17s;-moz-animation-duration:.17s;animation-duration:.17s;-webkit-animation-name:feedbackListFrames;-moz-animation-name:feedbackListFrames;animation-name:feedbackListFrames;-webkit-animation-fill-mode:both;-moz-animation-fill-mode:both;animation-fill-mode:both}@-webkit-keyframes feedbackListFrames{from{-webkit-transform:scale(1,1);transform:scale(1,1);-webkit-animation-timing-function:cubic-bezier(.33,0,.67,1);animation-timing-function:cubic-bezier(.33,0,.67,1)}to{-webkit-transform:scale(1.03,1.03);transform:scale(1.03,1.03)}}@-moz-keyframes feedbackListFrames{from{-moz-transform:scale(1,1);transform:scale(1,1);-moz-animation-timing-function:cubic-bezier(.33,0,.67,1);animation-timing-function:cubic-bezier(.33,0,.67,1)}to{-moz-transform:scale(1.03,1.03);transform:scale(1.03,1.03)}}@keyframes feedbackListFrames{from{-webkit-transform:scale(1,1);-moz-transform:scale(1,1);transform:scale(1,1);-webkit-animation-timing-function:cubic-bezier(.33,0,.67,

                                Chrome Cache Entry: 89

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:Unicode text, UTF-8 text, with very long lines (32009)
                                Category:downloaded
                                Size (bytes):57443
                                Entropy (8bit):5.372940573746363
                                Encrypted:false
                                SSDEEP:
                                MD5:D580777BB3A28B94F6F1D18EE17AEDA3
                                SHA1:E78833A2DB1AA97DA3F4A1994E6AF1F0D74D7CC7
                                SHA-256:81188E8A76162C79DB4A5C10AC933C9E874C5B9EAE10E47956AD9DF704E01B28
                                SHA-512:E3F5FFE3E7E54A7D640DF3BC06D336C9F936635D2594159B3EA5EDAEFBA6D6774060A532E0CBE0664FDC65806BD53E9BFC19C11F7946A5E157A9EC935C564378
                                Malicious:false
                                Reputation:unknown
                                URL:https://icl-indias.com/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js
                                Preview:!function(e){function o(n){if(i[n])return i[n].exports;var t=i[n]={exports:{},id:n,loaded:!1};return e[n].call(t.exports,t,t.exports,o),t.loaded=!0,t.exports}var i={};return o.m=e,o.c=i,o.p="",o(0)}([function(e,o,i){i(2);var n=i(1),t=i(5),r=i(6),a=r.StringsVariantId,s=r.AllowedIdentitiesType;n.registerSource("str",function(e,o){if(e.WF_STR_SignupLink_AriaLabel_Text="Create a Microsoft account",e.WF_STR_SignupLink_AriaLabel_Generic_Text="Create a new account",e.CT_STR_CookieBanner_Link_AriaLabel="Learn more about Microsoft's Cookie Policy",e.WF_STR_HeaderDefault_Title=o.iLoginStringsVariantId===a.CombinedSigninSignupV2WelcomeTitle?"Welcome":"Sign in",e.STR_Footer_IcpLicense_Text=".ICP.13015306.-10",o.oAppCobranding&&o.oAppCobranding.friendlyAppName){var i=o.fBreakBrandingSigninString?"to continue to {0}":"Continue to {0}";e.WF_STR_App_Title=t.format(i,o.oAppCobranding.friendlyAppName)}switch(o.oAppCobranding&&o.oAppCobranding.signinDescription&&(e.WF_STR_Default_Desc=o.oAppCobrand

                                Chrome Cache Entry: 90

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
                                Category:downloaded
                                Size (bytes):662286
                                Entropy (8bit):5.315860951951661
                                Encrypted:false
                                SSDEEP:
                                MD5:12204899D75FC019689A92ED57559B94
                                SHA1:CCF6271C6565495B18C1CED2F7273D5875DBFB1F
                                SHA-256:39DAFD5ACA286717D9515F24CF9BE0C594DFD1DDF746E6973B1CE5DE8B2DD21B
                                SHA-512:AA397E6ABD4C54538E42CCEDA8E3AA64ACE76E50B231499C20E88CF09270AECD704565BC9BD3B27D90429965A0233F99F27697F66829734FF02511BD096CF030
                                Malicious:false
                                Reputation:unknown
                                URL:https://r4.res.office365.com/owa/prem/15.20.7982.23/scripts/boot.worldwide.2.mouse.js
                                Preview:.window.scriptsLoaded = window.scriptsLoaded || {}; window.scriptProcessStart = window.scriptProcessStart || {}; window.scriptProcessStart['boot.worldwide.2.mouse.js'] = (new Date()).getTime();.._y.lC=function(){};_y.lC.registerInterface("_y.lC");_y.jw=function(){};_y.jw.registerInterface("_y.jw");_y.lA=function(){};_y.lA.registerInterface("_y.lA");var IDelayedSendEvent=function(){};IDelayedSendEvent.registerInterface("IDelayedSendEvent");var IIsShowingComposeInReadingPaneEvent=function(){};IIsShowingComposeInReadingPaneEvent.registerInterface("IIsShowingComposeInReadingPaneEvent");var ISendFailedO365Event=function(){};ISendFailedO365Event.registerInterface("ISendFailedO365Event");var ISendFailureRemoveO365Event=function(){};ISendFailureRemoveO365Event.registerInterface("ISendFailureRemoveO365Event");_y.gw=function(){};_y.gw.registerInterface("_y.gw");_y.iB=function(){};_y.iB.registerInterface("_y.iB");_y.ih=function(){};_y.ih.registerInterface("_y.ih");_y.jy=function(){};_y.jy.regis

                                Chrome Cache Entry: 92

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:JPEG image data, baseline, precision 8, 1920x1080, components 3
                                Category:dropped
                                Size (bytes):17453
                                Entropy (8bit):3.890509953257612
                                Encrypted:false
                                SSDEEP:
                                MD5:7916A894EBDE7D29C2CC29B267F1299F
                                SHA1:78345CA08F9E2C3C2CC9B318950791B349211296
                                SHA-256:D8F5AB3E00202FD3B45BE1ACD95D677B137064001E171BC79B06826D98F1E1D3
                                SHA-512:2180ABE47FBF76E2E0608AB3A4659C1B7AB027004298D81960DC575CC2E912ECCA8C131C6413EBBF46D2AAA90E392EB00E37AED7A79CDC0AC71BA78D828A84C7
                                Malicious:false
                                Reputation:unknown
                                Preview:.....Phttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=""/> </rdf:RDF> </x:xmpmeta>

                                Chrome Cache Entry: 93

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                Category:dropped
                                Size (bytes):17174
                                Entropy (8bit):2.9129715116732746
                                Encrypted:false
                                SSDEEP:
                                MD5:12E3DAC858061D088023B2BD48E2FA96
                                SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                Malicious:false
                                Reputation:unknown
                                Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                                Chrome Cache Entry: 94

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.9], baseline, precision 8, 50x28, components 3
                                Category:downloaded
                                Size (bytes):987
                                Entropy (8bit):6.922003634904799
                                Encrypted:false
                                SSDEEP:
                                MD5:E58AAFC980614A9CD7796BEA7B5EA8F0
                                SHA1:D4CAC92DCDE0CAF7C571E6D791101DA94FDBD2CA
                                SHA-256:8B34A475187302935336BF43A2BF2A4E0ADB9A1E87953EA51F6FCF0EF52A4A1D
                                SHA-512:2DAC06596A11263DF1CFAB03EDA26D0A67B9A4C3BAA6FB6129CDBF0A157C648F5B0F5859B5CA689EFDF80F946BF4D854BA2B2C66877C5CE3897D72148741FCC9
                                Malicious:false
                                Reputation:unknown
                                URL:https://icl-indias.com/aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg
                                Preview:......JFIF.....H.H.....fExif..MM.*.................>...........F.(...........1.........N.......H.......H....paint.net 4.2.9....C....................................................................C.........................................................................2..!............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......[.4..lz.....K.S..p.>.9.r9j..'.\.qrW..mo...X9ZV<./x...EX...m.Prj..A.EtG...K..mr....Lc.T.*8...nlY.V.{6...*R...]..(.y...)^.5V.IVO.W.B.19.R\...f.U.....'..S:..k.6..*).f.n._3*....}.y.8.EusH..y.`.mA...W.}...bL..:..b.<f..(lH#R....v._...........9N~S..

                                Chrome Cache Entry: 95

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
                                Category:downloaded
                                Size (bytes):660449
                                Entropy (8bit):5.4121922690110535
                                Encrypted:false
                                SSDEEP:
                                MD5:D9E3D2CE0228D2A5079478AAE5759698
                                SHA1:412F45951C6AEDA5F3DF2C52533171FC7BDD5961
                                SHA-256:7041D585609800051E4F451792AEC2B8BD06A4F2D29ED6F5AD8841AAE5107502
                                SHA-512:06700C65BEF4002EBFBFF9D856C12E8D71F408BACA2D2103DDE1C28319B6BD3859FA9D289D8AEB6DD484E802040F6EE537F31F97B4B60A6B120A6882C992207A
                                Malicious:false
                                Reputation:unknown
                                URL:https://r4.res.office365.com/owa/prem/15.20.7982.23/scripts/boot.worldwide.3.mouse.js
                                Preview:.window.scriptsLoaded = window.scriptsLoaded || {}; window.scriptProcessStart = window.scriptProcessStart || {}; window.scriptProcessStart['boot.worldwide.3.mouse.js'] = (new Date()).getTime();..;_n.a.jR=function(n){return n.dS()};_n.a.jZ=function(n){return n.eh()};_n.a.jP=function(n){return n.cC()};_n.a.jQ=function(n){return n.ca()};_n.a.hZ=function(n){return n.dO};_n.a.jU=function(n){return n.ed()};_n.a.jT=function(n){return n.ea()};_n.a.kb=function(n){return n.ej()};_n.a.hM=function(n){return 300};_n.a.fh=function(n){return n.V};_n.a.jV=function(n){return n.bI()};_n.a.ie=function(n){return n.mh()};_n.a.km=function(n){return n.bl()};_n.a.ka=function(n){return n.ei()};_n.a.ko=function(n){return n.cV()};_n.a.eX=function(n){return _y.E.isInstanceOfType(n)?n.y:null};_n.a.jN=function(n){return n.c()};_n.a.gm=function(n){return n.b()};_n.a.jM=function(n){return n.b()};_n.a.ib=function(n){return n.jM()};_n.a.iq=function(n){return n.bG};_n.a.iX=function(n){return _n.V.isInstanceOfType(n)?n

                                Chrome Cache Entry: 96

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text
                                Category:downloaded
                                Size (bytes):689017
                                Entropy (8bit):4.210697599646938
                                Encrypted:false
                                SSDEEP:
                                MD5:3E89AE909C6A8D8C56396830471F3373
                                SHA1:2632F95A5BE7E4C589402BF76E800A8151CD036B
                                SHA-256:6665CA6A09F770C6679556EB86CF4234C8BDB0271049620E03199B34B4A16099
                                SHA-512:E7DBE4E95D58F48A0C8E3ED1F489DCF8FBF39C3DB27889813B43EE95454DECA2816AC1E195E61A844CC9351E04F97AFA271B37CAB3FC522809CE2BE85CC1B8F0
                                Malicious:false
                                Reputation:unknown
                                URL:https://icl-indias.com/aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_NXCGegEOpKB5nrI5GnSS3g2.js
                                Preview:.!(function (e) {. function n(n) {. for (var t, i, o = n[0], r = n[1], s = 0, c = []; s < o.length; s++). (i = o[s]),. Object.prototype.hasOwnProperty.call(a, i) && a[i] && c.push(a[i][0]),. (a[i] = 0);. for (t in r) Object.prototype.hasOwnProperty.call(r, t) && (e[t] = r[t]);. for (d && d(n); c.length; ) c.shift()();. }. var t,. i = {},. a = { 22: 0 };. function o(n) {. if (i[n]) return i[n].exports;. var t = (i[n] = { i: n, l: !1, exports: {} });. return e[n].call(t.exports, t, t.exports, o), (t.l = !0), t.exports;. }. Function.prototype.bind ||. ((t = Array.prototype.slice),. (Function.prototype.bind = function (e) {. if ("function" != typeof this). throw new TypeError(. "Function.prototype.bind - what is trying to be bound is not callable". );. var n = t.call(arguments, 1),. i = n.length,. a = this,. o = function () {},. r = function () {. return (.

                                Static File Info

                                General

                                File type:HTML document, ASCII text, with CRLF line terminators
                                Entropy (8bit):5.364492803315853
                                TrID:
                                • HyperText Markup Language (15015/1) 17.56%
                                • HyperText Markup Language with DOCTYPE (12503/2) 14.62%
                                • HyperText Markup Language (12001/1) 14.03%
                                • HyperText Markup Language (12001/1) 14.03%
                                • HyperText Markup Language (11501/1) 13.45%
                                File name:(0119)SOA___pay,ment.htm
                                File size:3'141 bytes
                                MD5:3847b59ed6840a5c0e25152df4ed5df7
                                SHA1:fd2b7a5850b1054b13d38f496ec7beaf2d8bb255
                                SHA256:aacb178426254d904e0363a0675f84dd8898b10a69fe4c279e2cf74a2ff437cb
                                SHA512:9f288c9cac2716838167a190bd192b04327b7fe5b100aaab702fe607a6fc097ebc5b5731007fa891648bfee65717b7732de203b1a566f2dd93379c8ebb44994b
                                SSDEEP:48:ttzJIhxZooZPHnmG1CpeYkDp8rG9B9KXGksEI+h6rcybsC4JmqRHYpnJ0cRf:kkoNHmjg8rAr3jAy0/YpbF
                                TLSH:875186865E4218B09273F77B9DA3C214F82B705B26004371BA4C218B1FB16344AE7FD8
                                File Content Preview:<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Please Wait</title>..</head>..<body>..

                                File Icon

                                Icon Hash:173149cccc490307