Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-

Overview

General Information

Sample URL:https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-
Analysis ID:1532846
Infos:

Detection

HTMLPhisher
Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
AI detected phishing page (G)
Yara detected HtmlPhish54
Detected non-DNS traffic on DNS port
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML title does not match URL
Stores files to the Windows start menu directory
URL contains potential PII (phishing indication)

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6860 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6172 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1720,i,8374593274894758696,2123169348789437923,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 7204 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
1.11.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    Phishing

    barindex
    AI detected phishing page
    Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1LLM: Score: 9 Reasons: The brand 'Microsoft' is a well-known global technology company., The legitimate domain for Microsoft is 'microsoft.com'., The provided URL '680c737c-daa070be.babjeetrading.com' does not match the legitimate domain for Microsoft., The URL contains suspicious elements such as random alphanumeric strings and an unrelated domain 'babjeetrading.com'., The presence of a username input field suggests an attempt to collect sensitive information, which is common in phishing sites. DOM: 2.13.pages.csv
    AI detected phishing page (G)
    Source: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.auLLM: Score: 10 Reasons: The URL "0nline.babjeetrading.com" is suspicious. The number "0" is used in place of the letter "o", which is a common tactic used in phishing attacks to mimic legitimate URLs. The domain name "babjeetrading.com" does not appear to be related to Google or reCAPTCHA. The reCAPTCHA brand is owned by Google and is typically associated with the domain "google.com". The presence of only one input field, "I'm not a robot," is insufficient to determine the legitimacy of the site. reCAPTCHA often involves more complex challenges. The usage of a seemingly legitimate brand name like reCAPTCHA on a suspicious domain raises a strong concern for phishing. DOM: 1.4.pages.csv
    Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1LLM: Score: 10 Reasons: The URL contains a seemingly random subdomain (680c737c-daa070be) which is highly suspicious., The domain 'babjeetrading.com' does not match the typical format of Office 365 login pages., Office 365 is a well-known brand and a common target for phishing attacks., The presence of username and password fields is typical for login pages, which are often imitated in phishing attempts. DOM: 2.13.pages.csv
    Yara detected HtmlPhish54
    Source: Yara matchFile source: 1.11.pages.csv, type: HTML
    Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1HTTP Parser: Number of links: 1
    Source: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.auHTTP Parser: Base64 decoded: a[href="http://www.salidzini.lv/"][style="display: block; width: 88px; height: 31px; overflow: hidden; position: relative;"]
    Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1HTTP Parser: Title: MLC Life Insurance - Sign In does not match URL
    Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395Sample URL: PII: grant.harpur@mlcinsurance.com.au
    Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395Sample URL: PII: grant.harpur@mlcinsurance.com.au
    Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395Sample URL: PII: grant.harpur@mlcinsurance.com.au
    Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395Sample URL: PII: grant.harpur@mlcinsurance.com.au
    Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395Sample URL: PII: grant.harpur@mlcinsurance.com.au
    Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395Sample URL: PII: grant.harpur@mlcinsurance.com.au
    Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395Sample URL: PII: grant.harpur@mlcinsurance.com.au
    Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395Sample URL: PII: grant.harpur@mlcinsurance.com.au
    Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395Sample URL: PII: grant.harpur@mlcinsurance.com.au
    Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395Sample URL: PII: grant.harpur@mlcinsurance.com.au
    Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395Sample URL: PII: grant.harpur@mlcinsurance.com.au
    Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395Sample URL: PII: grant.harpur@mlcinsurance.com.au
    Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1HTTP Parser: Iframe src: https://login-okta.babjeetrading.com/discovery/iframe.html
    Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1HTTP Parser: Iframe src: https://login-okta.babjeetrading.com/discovery/iframe.html
    Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1HTTP Parser: <input type="password" .../> found
    Source: http://aa.ns.agingbydesignministry.org/?Mlcinsurance=grant.harpur@mlcinsurance.com.auHTTP Parser: No favicon
    Source: http://aa.ns.agingbydesignministry.org/?Mlcinsurance=grant.harpur@mlcinsurance.com.auHTTP Parser: No favicon
    Source: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.auHTTP Parser: No favicon
    Source: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.auHTTP Parser: No favicon
    Source: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.auHTTP Parser: No favicon
    Source: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.auHTTP Parser: No favicon
    Source: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.auHTTP Parser: No favicon
    Source: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.auHTTP Parser: No favicon
    Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1HTTP Parser: No favicon
    Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1HTTP Parser: No <meta name="author".. found
    Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1HTTP Parser: No <meta name="author".. found
    Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1HTTP Parser: No <meta name="author".. found
    Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1HTTP Parser: No <meta name="copyright".. found
    Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1HTTP Parser: No <meta name="copyright".. found
    Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1HTTP Parser: No <meta name="copyright".. found
    Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:52082 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.190.159.4:443 -> 192.168.2.16:52113 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 2.23.209.140:443 -> 192.168.2.16:52117 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:52129 version: TLS 1.2
    Source: global trafficTCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
    Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
    Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
    Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 13 Oct 2024 22:51:24 GMTContent-Type: text/html; charset=UTF-8Content-Length: 1255Connection: keep-aliveServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheSet-Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5g; path=/Upgrade: h2Vary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 56 6d 6f db 36 10 fe 9e 5f 71 d5 3e 38 2d 22 cb 4e d3 c6 6e 2c 0f a9 9b 62 2d da c4 58 dc a2 c5 30 04 94 78 b6 d8 50 a4 4a 52 7e d9 d0 ff be a3 24 27 8e ed 74 03 26 c0 30 c9 7b 7b ee 85 77 1c 3c 79 73 35 9a 7c 1d 5f 40 e6 72 39 3c 18 f8 3f 90 4c cd e2 00 55 e0 0f 90 f1 e1 01 d0 37 70 c2 49 1c 8e 99 e1 5a c1 55 69 e0 9d 72 68 4c 59 38 a1 d5 20 aa c9 07 35 6f 8e 8e 91 4e 57 84 f8 bd 14 f3 38 48 35 31 2b 17 ba 55 81 01 34 bb 38 70 b8 74 91 37 7a 06 69 c6 8c 45 17 7f 9a bc 0d 7b 01 44 c3 0d 4d 8a e5 18 07 73 81 8b 42 1b b7 21 bf 10 dc 65 31 c7 b9 48 31 ac 36 47 20 94 70 82 c9 d0 a6 4c 62 dc 3d 82 9c 2d 45 5e e6 eb 83 7b dd 1f 2f 26 e7 70 79 fe f1 22 0e 8c 4e b4 b3 01 8c ae 2e 27 17 97 93 38 50 5a 28 8e cb 23 50 7a aa a5 d4 8b 60 f8 98 6b 2c cd 30 f4 90 8c 96 1b d8 c8 6c c8 66 18 77 b6 9c f9 2f b2 4a 87 15 e9 27 a2 b8 2c 84 41 bb 21 f4 33 43 85 61 b3 9c 3d 66 a1 16 92 42 dd 82 41 19 07 d6 ad 24 da 0c 91 62 9d 19 9c c6 c1 af 37 a9 b5 37 39 13 2a d6 b7 c1 5a c2 a6 46 14 ae b6 e9 bf 69 a9 52 5f 0d 60 33 bd 78 2d 75 7a 3b a6 08 1c 3e 85 bf ef 58 fc c7 75 5a e6 84 a2 9d 68 be 6a a7 92 59 fb 41 58 d7 66 9c 1f b6 a4 66 1c 79 eb e9 d9 7e 91 19 ba 0b 89 7e 69 5f af 46 5e f4 92 8a e3 b0 2a 30 42 87 26 78 fa 47 e7 cf 76 e5 41 9b 0b 5b 48 b6 82 18 82 e0 5e df 8f 06 7d b4 09 bf f1 05 ac 49 bd b7 df 6c cc 2c 0f 86 f7 4c 83 a8 be 0b 03 0f 1a 2a d0 71 2b f1 3e 86 05 39 d9 22 0a 17 f3 35 e1 0e 4e eb 81 fa e1 ff f6 43 69 85 c1 d9 16 76 a5 9b ed 24 13 16 3c 1c ca 23 25 9e ea 03 de b3 39 bb ae a8 4f 06 d1 1d 63 13 82 0d c4 46 2f 5a cd f1 36 a9 29 1a 2a 1e 19 ca 59 78 5c 2d 6c 1e 1e b7 28 3e c4 37 7c 54 aa f2 24 9c 6a 93 22 6c 69 e9 ad b5 f4 5a c3 07 a9 1e 14 0f f7 fe 3b b7 b0 d2 25 2c d0 20 24 84 d4 0a 35 3b 02 ab a9 ce 33 5a 02 4b 74 e9 3c 8b a9 c9 68 e8 d6 73 84 d2 82 67 b8 ad a4 73 31 cb 1c 24 08 0c e8 b2 b7 61 92 79 75 cc ff 60 8a 0b 0a 19 b3 5a 55 12 b6 61 ce 58 51 a0 f2 3d 25 95 25 27 4b af 1e 42 8d b6 b0 0e 4a b9 0b 9e 2e d6 f0 ab 2e 5b 95 a1 42 93 13 84 cb 23 d4 73 8f dd 65 46 97 b3 ac 36 bb c0 c4 0a 87 b0 10 2e 03 5b 16 14 bd ac cc 19 dd a8 02 91 0f 22 52 f5 a8 fe 39 02 15 0a 4b 24 f2 8d ac 03 53 3c d2 86 a2 ad 6f 05 d5 83 50 75 9c c8 d2 3a 56 8f ab 3d f7 a8 0c a7 0a 37 6e 75 17 da 42 96 33 52 e3 4b cd e0 9c 72 ea dd d8 b0 38 35 3a 07 53 2a 45 e7 ed 5d e5 83 68 3b 4a fb 52 fe 3b 4e 29 3d 8a 0a e7 dd 9b 57 f0 cb f1 e9 c9 0b de eb f6 c3 d3 a4 cf c3 6e b7 c7 c2 17 d3 a4 1b 3e e7 2f 7b fd 4e a7 9f f4 5f a4 3b a9 d9 32 b2 ae 4c a5 1d dd 57 18 4b 4a b8 af cb bc 90 48 31 77 19 c2 28 63 52 a2 a2 Data Ascii: Vmo6_q>8-"Nn,b-X
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 13 Oct 2024 22:51:24 GMTContent-Type: text/css;charset=UTF-8Content-Length: 7321Connection: keep-aliveServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheUpgrade: h2Vary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 c5 3d db b2 db 38 72 bf a2 cc d4 64 c7 3b a4 4c 51 a2 ae b5 9b 9d da 97 7d c8 ee 0f b8 fc 40 91 d0 11 d7 14 a9 90 94 cf f1 28 ca 9f a5 f2 49 f9 85 34 ee 8d 1b a9 b1 b3 b3 e3 b2 07 ea 6e 02 8d 6e 34 ba 01 02 cd 3f 55 97 6b db 0d b3 5b 57 ff f8 fe fd a9 6d 86 7e fe d2 b6 2f 35 c9 af 55 3f 2f da cb fb a2 ef ff ed 94 5f aa fa cb 1f fe 3d 1f da fd 32 49 a2 55 92 fc e7 5f 29 31 e9 ba 7c f8 d7 fe 76 ec c9 f0 87 3a 1f aa 26 62 ff c6 e4 6d 78 77 98 f7 5d dc 36 f5 97 a8 ff fc b2 6f da e1 c7 7d d7 b6 c3 bb 7b fb 99 74 a7 ba 7d dd 9f ab b2 24 cd e3 da 91 68 80 27 f2 8e e4 1a 99 df 86 f6 91 47 80 9c 15 6d 49 ee c7 bc f8 f4 d2 b5 b7 a6 8c 8b b6 6e bb fd d0 e5 4d 7f 85 87 9a e1 31 3f 0e 4d 34 a7 95 c4 4d fb da e5 d7 fb eb b9 1a 48 0c f8 82 ec 39 48 10 c1 3f 71 99 37 2f a4 9b e7 c5 50 7d 26 18 b4 37 40 e4 94 df ea 61 ee 81 19 74 55 73 6a e7 36 c0 a0 b8 76 d5 25 ef be cc 3d 30 83 ae bf 15 05 e9 fb b9 07 66 d0 bd e6 5d 53 35 2f 73 0f 4c d1 9d da ee 02 92 6a 86 ae ad a3 79 7b 25 cd 1f e7 65 d7 5e cb f6 b5 89 87 f6 05 94 8c 3a 3e 4a c1 fb 3c 46 42 7b 3c 86 17 9d 1d 23 11 fd 1c 23 11 5d c4 43 01 aa 7d a1 0a 6e c8 63 0e 43 8c dc e9 20 8e 5f 49 f5 72 1e f6 9b 24 39 f0 b1 f2 7d 92 24 ff c2 07 7b 4e 87 0b 95 0b 08 2a be 41 7b 43 35 d4 24 06 71 15 e4 2e a8 4f c7 d3 e6 b4 c1 64 bc de be fa 85 ec d3 f4 fa 26 50 55 43 3a f1 a4 33 3c bf 2f b2 e2 58 a4 87 6b 5e 96 54 2f b3 34 bb be 69 1e 0e 8f f3 70 a9 79 b5 dc be f6 da a4 0e b8 17 60 6d 87 f8 d2 c7 6c 74 53 0e e2 bc fc fb ad 1f f6 8b 24 f9 e1 00 54 c7 4f d5 e0 c7 3e f2 6e a8 8a 9a 44 79 5f 95 24 2a 09 b0 5c f7 d1 a9 7a 29 f2 eb 50 b5 0d 2d de c0 fc 4e 60 98 30 08 ce 24 2f e9 ff 68 47 ae 51 d5 5c 6f c3 87 e1 cb 95 fc e1 54 d5 e4 63 74 81 0e 47 17 d2 dc a2 26 ff 1c f5 a4 60 55 f4 b7 0b d5 ed bd ac fa 6b 9d 7f d9 1f eb b6 f8 f4 c8 6f 65 d5 46 45 de 7c ce 7b 30 e2 f6 a5 a3 ca fd 0c 6c b4 8a b2 6a 6a 90 60 cc 1e 38 80 dd 03 af 79 1d e7 75 f5 d2 ec 8f 79 4f 28 96 57 c4 a6 8f 0f 62 34 f7 1f df a9 2a a8 e6 0f 67 2e a8 e4 31 3f 43 17 a3 0f 7c 5e f9 08 93 ca 05 88 60 50 60 ea 47 2e b5 bc 4a b7 c7 22 3f 30 c9 95 a4 68 41 f0 d0 1f 41 24 ed 28 df 9f e9 94 74 6f 6f 03 65 07 1a 39 46 e5 10 b5 d7 81 0b a9 07 8e 60 48 5a c3 ee 51 9e 1a 31 64 86 2f 35 d9 57 03 f4 aa 78 80 9c 3e a1 91 02 03 ed 84 47 e8 03 66 52 10 e7 15 0d b6 4d f6 c3 81 09 49 f6 f1 70 6d fb 8a f1 d9 11 3a d7 7e 26 41 c9 b1 f9 ae ba bc dc 2d 82 0b 88 a7 26 0f da d0 d0 5e f7 f1 3c 23 17 da f4 fd d8 0e 43 7b 01 40 4a 21 f4 c9 63 db c1 80 80 4e 9f bb 7b 7c 69 7f 89 8f ed 1b 65 8c 0e 68 aa 0d 98 7b 29 48 8d c2 00 3a 00 56 7a fb 7d b4 cf 4f 74 00 ee 8f 04 cc 89 e0 a1 57 9c 49 f1 09 a8 3f 62 60 97 c3 a0 f8 78 f7 34 cb 39 e6 4c
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 13 Oct 2024 22:51:24 GMTContent-Type: text/javascript;charset=UTF-8Content-Length: 420Connection: keep-aliveServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheUpgrade: h2Vary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 7d 52 4d 4b c3 40 10 bd f7 57 2c 28 ec 2e c8 52 c1 9b d4 82 e2 cd 93 28 1e eb 66 77 6a 56 92 dd b0 99 58 44 f3 df 9d 49 6a 6d 49 eb 1c 42 f2 e6 bd 37 5f 71 29 b6 28 5c 97 33 44 7c 7e 7c 10 0b 11 61 23 e8 4d 6d 42 f4 69 63 aa e4 2c 86 14 4d 99 61 ad af 67 6e 50 14 b6 85 91 fe 7a fe f5 27 37 29 87 b7 10 fb 03 ac b1 58 46 5b 43 ff fa ab a6 12 3b f1 d6 a9 5f ae de fd a2 48 e8 89 15 ea 26 65 54 23 4d 1b 2c 21 2a b5 2a b4 58 dc 88 55 41 2d 59 af f4 14 f7 80 e0 90 32 b3 df 54 1e 52 5f 33 41 11 d6 82 00 43 25 f4 16 e1 58 a7 2e fa db 44 aa 01 ea 05 54 2d ec e5 7d 72 5d 4d 83 18 0c 58 01 b5 2c 5f 6c 40 61 45 9d 06 d8 18 79 bd 23 73 6c d7 96 c1 13 b9 05 7c 0a 35 a4 0e 95 da 6b 65 3f a6 05 1e c1 87 4c 83 84 f8 36 b5 e7 18 97 b8 4e b9 26 fa 4e ef 32 58 84 fb 0a f8 4b 49 4e 4b 7d 4a 5c da b6 24 f1 f4 c8 8c 7f 7f 0b 29 35 8d d0 54 d6 81 92 67 f2 82 81 53 5e 21 36 1d fe d3 c9 90 97 7a a2 1e 70 c3 7f 06 4f cd 95 e5 09 0e 7e 36 23 27 78 0f f1 14 eb c3 56 1d d3 d8 69 42 e1 75 18 db 34 10 fd 5d 19 2a af 06 cd b4 a9 81 57 03 96 89 ef 27 9b d4 e2 91 0b 8c 6e 8e 57 c6 ac e5 8a ce bd b8 3c 42 dc ed a4 48 fe f3 a0 3e 5b d0 4a 8f 5b b7 5d 51 07 fa 27 0f 0d fb 0b 71 35 9f cf b7 68 cf cf 59 af 0d 9d ce 95 4a ff 00 4a 36 5a 81 cb 03 00 00 Data Ascii: }RMK@W,(.R(fwjVXDIjmIB7_q)(\3D|~|a#MmBic,MagnPz'7)XF[C;_H&eT#M,!**XUA-Y2TR_3AC%X.DT-}r]MX,_l@aEy#sl|5ke?L6N&N2XKINK}J\$)5TgS^!6zpO~6#'xViBu4]*W'nW<BH>[J[]Q'q5hYJJ6Z
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 13 Oct 2024 22:51:25 GMTContent-Type: text/javascript;charset=UTF-8Content-Length: 4860Connection: keep-aliveServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheUpgrade: h2Vary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 b5 3b 0d 73 db b6 92 7f 45 e6 74 7c e4 05 51 64 3b 6d e7 51 65 3d 89 e3 7c 5c 9d 26 63 a7 ed cd 69 74 1a 98 82 6c 36 12 a0 07 82 56 5c 89 ff fd ed e2 8b a0 44 d9 be 7b d3 99 36 22 16 8b c5 ee 62 b1 1f 00 7c 47 65 8f 65 b3 8a e7 aa 10 3c e6 44 25 6b c9 54 25 39 80 3f 5d ff c9 72 d5 2f 99 fa 2c 85 12 ea 7e c9 3e cd 36 9b f5 64 b2 c4 f6 64 92 8e c6 75 c1 4b 45 79 ce c4 ac f7 4a 4a 7a 7f 78 e8 a9 31 c2 93 35 eb 7b f4 8c d7 9b 4d bb 77 26 64 7c 07 3c a8 5e c1 7b 3c b1 33 2e dd 74 fd 5b 5a 7e 5a 71 98 7e c9 a4 ba ef e7 74 3e d7 4c 1e 1e c6 6c a4 c6 19 87 7f 92 9a 30 0d ac 87 8e 78 4f 93 27 8a 48 2f 0e 67 ab 58 6d 36 b1 ca 80 da a2 28 59 92 c4 b1 67 a6 20 02 98 71 a3 69 cc 92 b5 92 f7 eb 32 96 7d ce be 29 68 27 75 4e 55 7e 1b 03 d3 02 fe a9 6b 8f 5d 85 d8 ea 56 8a d5 83 e8 25 a2 a3 cc 7c c8 fa 53 c1 d9 69 11 b3 fe 1d 9d 57 2c 49 63 9e d9 6f c2 7b 81 6a d5 29 4f 41 82 9e 0a 78 06 32 0c 49 27 49 02 d3 32 1e 53 52 25 75 19 c7 32 93 7d ba 5c ce ef 51 09 9b cd 68 0c 08 5a 8a 04 91 1b 4e 94 59 03 ad 7f 22 09 e8 80 d0 6c 3d a7 d7 6c 9e 0e 48 c9 b8 4a fd 64 c9 ba 98 c5 47 87 c5 68 30 4e b4 8c bd 62 74 34 1e 5a e5 e2 77 4d 40 07 25 98 04 11 4b fc a9 5d a7 c8 d6 38 7b 5a c5 83 84 e8 b1 f0 79 94 10 d3 0d df c7 b0 82 91 9b 29 ca 32 5c 79 90 f9 ea 7e 71 2d e6 b0 d2 62 64 3e fb 85 62 92 2a 21 c7 59 c0 97 9d 45 dd 16 65 9d 10 31 0c d6 a5 f2 bd 1e bf dc 05 55 5a 36 65 c5 42 2d 7f 01 06 ce a5 04 db 8c de 31 6e e6 ec 15 65 8f ce 25 a3 d3 fb 1e fb c6 f2 4a 15 fc a6 1f 25 43 34 e1 a1 40 36 b3 01 a9 40 3f f0 49 b3 41 92 10 3a 4c d0 2c 90 78 76 44 24 c0 8b ec f8 10 51 4e 65 df 49 6f 5a 7a 6e b0 4e c0 70 5d 60 e3 85 31 78 99 90 41 92 1a 4b 04 e8 01 20 b9 1e 98 f0 08 97 17 ed 28 71 8b 31 2c 57 05 da 9e 04 86 0a 98 b5 ca 46 66 5a 52 18 db 1a 27 9a d1 64 9d d3 92 f5 06 a9 fe 39 4a 8b ac 1a 5e 83 84 5f 87 1a f0 32 b5 04 69 5f db c4 b3 67 64 ad 87 a7 38 29 c1 29 d3 83 a3 da 20 7f 9f 36 58 32 d3 08 30 ed 60 3c cc 05 07 4d 55 cc a0 fd 98 56 19 ed 83 81 f4 97 62 19 83 8a fa 68 34 a6 d1 a0 4e d9 8c 56 73 95 82 e6 50 58 83 44 b4 d8 73 c6 6f d4 ed cf 03 50 ce c8 b5 9e 83 0a 36 9b 1f 0e b2 cc a8 ff d8 7e 25 c9 1a 16 c2 93 ad 81 dc 49 e6 90 e2 83 62 b3 41 3e 7f 2e 74 1b 3f 7f 2a 46 27 7a 94 11 45 8b 61 34 82 63 7f f0 63 6d ff 4f 68 f6 0d 36 b6 88 d7 21 8e 28 42 d4 e3 16 ea f1 98 58 3d 54 e5 2d 98 a0 1b 04 1d 38 e8 11 0d d5 55 c6 8d 05 30 42 9d ab 01 d3 06 95 ff 40 ca 31 ac c0 a0 9e 15 1c 10 ee d7 2a 2b a0 05 dc 7c af 6d c0 9a 79 d5 ec 5e bf a8 60 89 08 4e ef 44 31 ed 0d ec 02 0f ea 3a 1e 55 40 14 7c 58 e3 3a a4 f1 af 66 e7 6c 36 c7 a0 1a 2a 6f aa 05 f8 8c d2 ae 4a e2 7c 3b 78 16 30 44 01 1c 9b 8e 61 f1 93 18 16 cf 9e 25 07 b
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 13 Oct 2024 22:51:25 GMTContent-Type: text/javascript;charset=UTF-8Content-Length: 331Connection: keep-aliveServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheUpgrade: h2Vary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 75 50 4d 4f 02 31 10 fd 2b a4 17 da 64 a9 89 de 84 e5 80 31 d1 44 13 13 f8 03 cd 74 a0 95 d2 59 db 59 91 10 fe bb 65 59 c0 83 5c fa 31 6f e6 bd 79 0f 28 66 1e 38 13 6d c0 54 5b 82 76 83 91 35 24 34 8c cf 01 8f 3f 29 32 24 df b0 50 e3 be 51 e7 04 b5 c8 ce 58 da ea 13 a8 3f b3 18 43 c7 96 79 17 f0 26 57 f0 71 5d 98 ba 26 9d 30 14 9e e3 33 3b 44 16 d5 a9 ec 12 2e af fc 1d ac 21 5f 04 ca c9 c6 c7 bf 0b af 90 7b 85 d9 ee d5 4a d1 fc 8c c0 34 0c ce 08 55 9d 88 ea cb 98 36 cc 06 dc bc 2b cb fd 86 2c 3e 0a 08 94 d1 8a 83 aa 9c 45 be 32 7f b5 98 76 73 0c 08 4c 49 0a 1f 9b 96 f5 b1 e5 18 47 b9 34 c5 a2 12 57 58 2f a9 8d 76 46 7c 8e 01 b9 6d 6a a9 ea e9 be 77 e2 63 11 7f 59 bc bf d5 42 f4 4b 69 d3 34 18 ed 93 f3 c1 ca 3e 5d f5 1f d6 a5 a0 0e e3 65 1b 81 3d c5 c1 59 4d aa 42 4f db 59 20 58 7f 98 15 ca cb f8 55 6e 38 b1 fe 7b 00 c1 e4 5c 62 5d 17 33 4c 71 14 c8 58 4c 62 3a b9 2b e8 74 78 5b b5 2a 56 16 7e 83 d4 b2 ec 5c 55 f7 f8 a0 0e bf 6c 5b 87 24 3c 02 00 00 Data Ascii: uPMO1+d1DtYYeY\1oy(f8mT[v5$4?)2$PQX?Cy&Wq]&03;D.!_{J4U6+,>E2vsLIG4WX/vF|mjwcYBKi4>]e=YMBOY XUn8{\b]3LqXLb:+tx[*V~\Ul[$<
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 13 Oct 2024 22:51:25 GMTContent-Type: text/javascript;charset=UTF-8Content-Length: 420Connection: keep-aliveServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheUpgrade: h2Vary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 7d 52 4d 4b c3 40 10 bd f7 57 2c 28 ec 2e c8 52 c1 9b d4 82 e2 cd 93 28 1e eb 66 77 6a 56 92 dd b0 99 58 44 f3 df 9d 49 6a 6d 49 eb 1c 42 f2 e6 bd 37 5f 71 29 b6 28 5c 97 33 44 7c 7e 7c 10 0b 11 61 23 e8 4d 6d 42 f4 69 63 aa e4 2c 86 14 4d 99 61 ad af 67 6e 50 14 b6 85 91 fe 7a fe f5 27 37 29 87 b7 10 fb 03 ac b1 58 46 5b 43 ff fa ab a6 12 3b f1 d6 a9 5f ae de fd a2 48 e8 89 15 ea 26 65 54 23 4d 1b 2c 21 2a b5 2a b4 58 dc 88 55 41 2d 59 af f4 14 f7 80 e0 90 32 b3 df 54 1e 52 5f 33 41 11 d6 82 00 43 25 f4 16 e1 58 a7 2e fa db 44 aa 01 ea 05 54 2d ec e5 7d 72 5d 4d 83 18 0c 58 01 b5 2c 5f 6c 40 61 45 9d 06 d8 18 79 bd 23 73 6c d7 96 c1 13 b9 05 7c 0a 35 a4 0e 95 da 6b 65 3f a6 05 1e c1 87 4c 83 84 f8 36 b5 e7 18 97 b8 4e b9 26 fa 4e ef 32 58 84 fb 0a f8 4b 49 4e 4b 7d 4a 5c da b6 24 f1 f4 c8 8c 7f 7f 0b 29 35 8d d0 54 d6 81 92 67 f2 82 81 53 5e 21 36 1d fe d3 c9 90 97 7a a2 1e 70 c3 7f 06 4f cd 95 e5 09 0e 7e 36 23 27 78 0f f1 14 eb c3 56 1d d3 d8 69 42 e1 75 18 db 34 10 fd 5d 19 2a af 06 cd b4 a9 81 57 03 96 89 ef 27 9b d4 e2 91 0b 8c 6e 8e 57 c6 ac e5 8a ce bd b8 3c 42 dc ed a4 48 fe f3 a0 3e 5b d0 4a 8f 5b b7 5d 51 07 fa 27 0f 0d fb 0b 71 35 9f cf b7 68 cf cf 59 af 0d 9d ce 95 4a ff 00 4a 36 5a 81 cb 03 00 00 Data Ascii: }RMK@W,(.R(fwjVXDIjmIB7_q)(\3D|~|a#MmBic,MagnPz'7)XF[C;_H&eT#M,!**XUA-Y2TR_3AC%X.DT-}r]MX,_l@aEy#sl|5ke?L6N&N2XKINK}J\$)5TgS^!6zpO~6#'xViBu4]*W'nW<BH>[J[]Q'q5hYJJ6Z
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 13 Oct 2024 22:51:25 GMTContent-Type: text/javascript;charset=UTF-8Content-Length: 4860Connection: keep-aliveServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheUpgrade: h2Vary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 b5 3b 0d 73 db b6 92 7f 45 e6 74 7c e4 05 51 64 3b 6d e7 51 65 3d 89 e3 7c 5c 9d 26 63 a7 ed cd 69 74 1a 98 82 6c 36 12 a0 07 82 56 5c 89 ff fd ed e2 8b a0 44 d9 be 7b d3 99 36 22 16 8b c5 ee 62 b1 1f 00 7c 47 65 8f 65 b3 8a e7 aa 10 3c e6 44 25 6b c9 54 25 39 80 3f 5d ff c9 72 d5 2f 99 fa 2c 85 12 ea 7e c9 3e cd 36 9b f5 64 b2 c4 f6 64 92 8e c6 75 c1 4b 45 79 ce c4 ac f7 4a 4a 7a 7f 78 e8 a9 31 c2 93 35 eb 7b f4 8c d7 9b 4d bb 77 26 64 7c 07 3c a8 5e c1 7b 3c b1 33 2e dd 74 fd 5b 5a 7e 5a 71 98 7e c9 a4 ba ef e7 74 3e d7 4c 1e 1e c6 6c a4 c6 19 87 7f 92 9a 30 0d ac 87 8e 78 4f 93 27 8a 48 2f 0e 67 ab 58 6d 36 b1 ca 80 da a2 28 59 92 c4 b1 67 a6 20 02 98 71 a3 69 cc 92 b5 92 f7 eb 32 96 7d ce be 29 68 27 75 4e 55 7e 1b 03 d3 02 fe a9 6b 8f 5d 85 d8 ea 56 8a d5 83 e8 25 a2 a3 cc 7c c8 fa 53 c1 d9 69 11 b3 fe 1d 9d 57 2c 49 63 9e d9 6f c2 7b 81 6a d5 29 4f 41 82 9e 0a 78 06 32 0c 49 27 49 02 d3 32 1e 53 52 25 75 19 c7 32 93 7d ba 5c ce ef 51 09 9b cd 68 0c 08 5a 8a 04 91 1b 4e 94 59 03 ad 7f 22 09 e8 80 d0 6c 3d a7 d7 6c 9e 0e 48 c9 b8 4a fd 64 c9 ba 98 c5 47 87 c5 68 30 4e b4 8c bd 62 74 34 1e 5a e5 e2 77 4d 40 07 25 98 04 11 4b fc a9 5d a7 c8 d6 38 7b 5a c5 83 84 e8 b1 f0 79 94 10 d3 0d df c7 b0 82 91 9b 29 ca 32 5c 79 90 f9 ea 7e 71 2d e6 b0 d2 62 64 3e fb 85 62 92 2a 21 c7 59 c0 97 9d 45 dd 16 65 9d 10 31 0c d6 a5 f2 bd 1e bf dc 05 55 5a 36 65 c5 42 2d 7f 01 06 ce a5 04 db 8c de 31 6e e6 ec 15 65 8f ce 25 a3 d3 fb 1e fb c6 f2 4a 15 fc a6 1f 25 43 34 e1 a1 40 36 b3 01 a9 40 3f f0 49 b3 41 92 10 3a 4c d0 2c 90 78 76 44 24 c0 8b ec f8 10 51 4e 65 df 49 6f 5a 7a 6e b0 4e c0 70 5d 60 e3 85 31 78 99 90 41 92 1a 4b 04 e8 01 20 b9 1e 98 f0 08 97 17 ed 28 71 8b 31 2c 57 05 da 9e 04 86 0a 98 b5 ca 46 66 5a 52 18 db 1a 27 9a d1 64 9d d3 92 f5 06 a9 fe 39 4a 8b ac 1a 5e 83 84 5f 87 1a f0 32 b5 04 69 5f db c4 b3 67 64 ad 87 a7 38 29 c1 29 d3 83 a3 da 20 7f 9f 36 58 32 d3 08 30 ed 60 3c cc 05 07 4d 55 cc a0 fd 98 56 19 ed 83 81 f4 97 62 19 83 8a fa 68 34 a6 d1 a0 4e d9 8c 56 73 95 82 e6 50 58 83 44 b4 d8 73 c6 6f d4 ed cf 03 50 ce c8 b5 9e 83 0a 36 9b 1f 0e b2 cc a8 ff d8 7e 25 c9 1a 16 c2 93 ad 81 dc 49 e6 90 e2 83 62 b3 41 3e 7f 2e 74 1b 3f 7f 2a 46 27 7a 94 11 45 8b 61 34 82 63 7f f0 63 6d ff 4f 68 f6 0d 36 b6 88 d7 21 8e 28 42 d4 e3 16 ea f1 98 58 3d 54 e5 2d 98 a0 1b 04 1d 38 e8 11 0d d5 55 c6 8d 05 30 42 9d ab 01 d3 06 95 ff 40 ca 31 ac c0 a0 9e 15 1c 10 ee d7 2a 2b a0 05 dc 7c af 6d c0 9a 79 d5 ec 5e bf a8 60 89 08 4e ef 44 31 ed 0d ec 02 0f ea 3a 1e 55 40 14 7c 58 e3 3a a4 f1 af 66 e7 6c 36 c7 a0 1a 2a 6f aa 05 f8 8c d2 ae 4a e2 7c 3b 78 16 30 44 01 1c 9b 8e 61 f1 93 18 16 cf 9e 25 07 b
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 13 Oct 2024 22:51:25 GMTContent-Type: text/javascript;charset=UTF-8Content-Length: 331Connection: keep-aliveServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheUpgrade: h2Vary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 75 50 4d 4f 02 31 10 fd 2b a4 17 da 64 a9 89 de 84 e5 80 31 d1 44 13 13 f8 03 cd 74 a0 95 d2 59 db 59 91 10 fe bb 65 59 c0 83 5c fa 31 6f e6 bd 79 0f 28 66 1e 38 13 6d c0 54 5b 82 76 83 91 35 24 34 8c cf 01 8f 3f 29 32 24 df b0 50 e3 be 51 e7 04 b5 c8 ce 58 da ea 13 a8 3f b3 18 43 c7 96 79 17 f0 26 57 f0 71 5d 98 ba 26 9d 30 14 9e e3 33 3b 44 16 d5 a9 ec 12 2e af fc 1d ac 21 5f 04 ca c9 c6 c7 bf 0b af 90 7b 85 d9 ee d5 4a d1 fc 8c c0 34 0c ce 08 55 9d 88 ea cb 98 36 cc 06 dc bc 2b cb fd 86 2c 3e 0a 08 94 d1 8a 83 aa 9c 45 be 32 7f b5 98 76 73 0c 08 4c 49 0a 1f 9b 96 f5 b1 e5 18 47 b9 34 c5 a2 12 57 58 2f a9 8d 76 46 7c 8e 01 b9 6d 6a a9 ea e9 be 77 e2 63 11 7f 59 bc bf d5 42 f4 4b 69 d3 34 18 ed 93 f3 c1 ca 3e 5d f5 1f d6 a5 a0 0e e3 65 1b 81 3d c5 c1 59 4d aa 42 4f db 59 20 58 7f 98 15 ca cb f8 55 6e 38 b1 fe 7b 00 c1 e4 5c 62 5d 17 33 4c 71 14 c8 58 4c 62 3a b9 2b e8 74 78 5b b5 2a 56 16 7e 83 d4 b2 ec 5c 55 f7 f8 a0 0e bf 6c 5b 87 24 3c 02 00 00 Data Ascii: uPMO1+d1DtYYeY\1oy(f8mT[v5$4?)2$PQX?Cy&Wq]&03;D.!_{J4U6+,>E2vsLIG4WX/vF|mjwcYBKi4>]e=YMBOY XUn8{\b]3LqXLb:+tx[*V~\Ul[$<
    Source: global trafficHTTP traffic detected: GET /?Mlcinsurance=grant.harpur@mlcinsurance.com.au HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /?_css_main=ok HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://aa.ns.agingbydesignministry.org/?Mlcinsurance=grant.harpur@mlcinsurance.com.auAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5g
    Source: global trafficHTTP traffic detected: GET /?_js=asd HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://aa.ns.agingbydesignministry.org/?Mlcinsurance=grant.harpur@mlcinsurance.com.auAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5g
    Source: global trafficHTTP traffic detected: GET /?_jd=botd HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveOrigin: http://aa.ns.agingbydesignministry.orgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://aa.ns.agingbydesignministry.org/?_js=asdAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5g
    Source: global trafficHTTP traffic detected: GET /?_js_main=12 HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://aa.ns.agingbydesignministry.org/?Mlcinsurance=grant.harpur@mlcinsurance.com.auAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5g
    Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://aa.ns.agingbydesignministry.org/?Mlcinsurance=grant.harpur@mlcinsurance.com.auAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5g
    Source: global trafficHTTP traffic detected: GET /?_js=asd HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5g
    Source: global trafficHTTP traffic detected: GET /?_jd=botd HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5g
    Source: global trafficHTTP traffic detected: GET /?_js_main=12 HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5g
    Source: global trafficDNS traffic detected: DNS query: 60ms64xz.r.eu-west-1.awstrack.me
    Source: global trafficDNS traffic detected: DNS query: nym1-ib.adnxs.com
    Source: global trafficDNS traffic detected: DNS query: aa.ns.agingbydesignministry.org
    Source: global trafficDNS traffic detected: DNS query: www.google.com
    Source: global trafficDNS traffic detected: DNS query: 0nline.babjeetrading.com
    Source: global trafficDNS traffic detected: DNS query: 6afe6eac-daa070be.babjeetrading.com
    Source: global trafficDNS traffic detected: DNS query: 7a77ef93-daa070be.babjeetrading.com
    Source: global trafficDNS traffic detected: DNS query: 680c737c-daa070be.babjeetrading.com
    Source: global trafficDNS traffic detected: DNS query: a609b987-daa070be.babjeetrading.com
    Source: global trafficDNS traffic detected: DNS query: login-okta.babjeetrading.com
    Source: unknownHTTP traffic detected: POST /?_red=1 HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveContent-Length: 5Cache-Control: max-age=0Upgrade-Insecure-Requests: 1Origin: http://aa.ns.agingbydesignministry.orgContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://aa.ns.agingbydesignministry.org/?Mlcinsurance=grant.harpur@mlcinsurance.com.auAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5gData Raw: 68 61 73 68 3d Data Ascii: hash=
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 13 Oct 2024 22:51:25 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 277Connection: keep-aliveServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 61 61 2e 6e 73 2e 61 67 69 6e 67 62 79 64 65 73 69 67 6e 6d 69 6e 69 73 74 72 79 2e 6f 72 67 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at aa.ns.agingbydesignministry.org Port 80</address></body></html>
    Source: unknownNetwork traffic detected: HTTP traffic on port 52137 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52114 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52118
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52119
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52112
    Source: unknownNetwork traffic detected: HTTP traffic on port 52143 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52113
    Source: unknownNetwork traffic detected: HTTP traffic on port 52120 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52116
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52117
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52114
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52115
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52082
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52081
    Source: unknownNetwork traffic detected: HTTP traffic on port 52146 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52120
    Source: unknownNetwork traffic detected: HTTP traffic on port 52123 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52084
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52085
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52129
    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52140 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52161 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52123
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52124
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52088
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52121
    Source: unknownNetwork traffic detected: HTTP traffic on port 52157 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52122
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52127
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52128
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52125
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52126
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52093
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52094
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52130
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52098
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52131
    Source: unknownNetwork traffic detected: HTTP traffic on port 52126 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52154 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52096
    Source: unknownNetwork traffic detected: HTTP traffic on port 52158 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52116 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52141 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52135 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52160 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52084 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52134
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52135
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52099
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52132
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52133
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52138
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52136
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52137
    Source: unknownNetwork traffic detected: HTTP traffic on port 52102 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52141
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52142
    Source: unknownNetwork traffic detected: HTTP traffic on port 52129 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52140
    Source: unknownNetwork traffic detected: HTTP traffic on port 52144 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52132 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52098 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
    Source: unknownNetwork traffic detected: HTTP traffic on port 52113 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52138 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52145
    Source: unknownNetwork traffic detected: HTTP traffic on port 52155 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52146
    Source: unknownNetwork traffic detected: HTTP traffic on port 52121 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52143
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52144
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52149
    Source: unknownNetwork traffic detected: HTTP traffic on port 52081 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52147
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52148
    Source: unknownNetwork traffic detected: HTTP traffic on port 52149 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52124 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52152
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52153
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52150
    Source: unknownNetwork traffic detected: HTTP traffic on port 52152 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52118 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
    Source: unknownNetwork traffic detected: HTTP traffic on port 52166 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
    Source: unknownNetwork traffic detected: HTTP traffic on port 52162 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52133 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52156
    Source: unknownNetwork traffic detected: HTTP traffic on port 52156 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52157
    Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52154
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52155
    Source: unknownNetwork traffic detected: HTTP traffic on port 52082 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52158
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52159
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52160
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52164
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52161
    Source: unknownNetwork traffic detected: HTTP traffic on port 52127 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52153 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52162
    Source: unknownNetwork traffic detected: HTTP traffic on port 52096 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52130 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52115 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52165 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52136 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52167
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52168
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52165
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52166
    Source: unknownNetwork traffic detected: HTTP traffic on port 52101 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52150 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52122 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52147 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52168 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52093 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52112 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52164 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52106 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52088 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52125 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52148 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52119 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52167 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52094 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52159 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52134 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52117 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52142 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52101
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52102
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52106
    Source: unknownNetwork traffic detected: HTTP traffic on port 52085 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52145 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52128 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52131 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52099 -> 443
    Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:52082 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.190.159.4:443 -> 192.168.2.16:52113 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 2.23.209.140:443 -> 192.168.2.16:52117 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:52129 version: TLS 1.2
    Source: classification engineClassification label: mal64.phis.win@25/41@36/223
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1720,i,8374593274894758696,2123169348789437923,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1720,i,8374593274894758696,2123169348789437923,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure1
    Drive-by Compromise    		Windows Management Instrumentation1
    Registry Run Keys / Startup Folder    		1
    Process Injection    		1
    Masquerading    		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
    Registry Run Keys / Startup Folder    		1
    Process Injection    		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media5
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive6
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture4
    Ingress Tool Transfer    		Traffic DuplicationData Destruction

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    No Antivirus matches

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    0nline.babjeetrading.com
    		172.236.233.44
    		truetrue
      		unknown
      6afe6eac-daa070be.babjeetrading.com
      		172.236.233.44
      		truefalse
        		unknown
        7a77ef93-daa070be.babjeetrading.com
        		172.236.233.44
        		truefalse
          		unknown
          nym1-ib.adnxs.com
          		68.67.179.164
          		truefalse
            		unknown
            login-okta.babjeetrading.com
            		172.236.233.44
            		truefalse
              		unknown
              www.google.com
              		142.250.185.164
              		truefalse
                		unknown
                baconredirects-elb-1vu8uzbbqecyf-1056340931.eu-west-1.elb.amazonaws.com
                		52.210.33.116
                		truefalse
                  		unknown
                  server-38541367.us-east-1.elb.amazonaws.com
                  		3.211.174.227
                  		truefalse
                    		unknown
                    680c737c-daa070be.babjeetrading.com
                    		172.236.233.44
                    		truetrue
                      		unknown
                      a609b987-daa070be.babjeetrading.com
                      		172.236.233.44
                      		truefalse
                        		unknown
                        aa.ns.agingbydesignministry.org
                        		unknown
                        		unknownfalse
                          		unknown
                          60ms64xz.r.eu-west-1.awstrack.me
                          		unknown
                          		unknownfalse
                            		unknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            http://aa.ns.agingbydesignministry.org/?Mlcinsurance=grant.harpur@mlcinsurance.com.aufalse
                              		unknown
                              http://aa.ns.agingbydesignministry.org/?_js=asdfalse
                                		unknown
                                https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.autrue
                                  		unknown
                                  http://aa.ns.agingbydesignministry.org/?_css_main=okfalse
                                    		unknown
                                    http://aa.ns.agingbydesignministry.org/favicon.icofalse
                                      		unknown
                                      http://aa.ns.agingbydesignministry.org/?_red=1false
                                        		unknown
                                        http://aa.ns.agingbydesignministry.org/?_jd=botdfalse
                                          		unknown
                                          http://aa.ns.agingbydesignministry.org/?_js_main=12false
                                            		unknown
                                            https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1true
                                              		unknown

                                              World Map of Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public IPs

                                              IPDomainCountryFlagASNASN NameMalicious
                                              142.250.184.195
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              142.250.185.67
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              172.236.233.44
                                              		0nline.babjeetrading.comUnited States
                                              		20940AKAMAI-ASN1EUtrue
                                              34.104.35.123
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              1.1.1.1
                                              		unknownAustralia
                                              		13335CLOUDFLARENETUSfalse
                                              142.250.186.36
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              216.58.212.131
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              216.58.212.132
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              142.250.186.163
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              142.250.186.174
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              52.210.33.116
                                              		baconredirects-elb-1vu8uzbbqecyf-1056340931.eu-west-1.elb.amazonaws.comUnited States
                                              		16509AMAZON-02USfalse
                                              3.211.174.227
                                              		server-38541367.us-east-1.elb.amazonaws.comUnited States
                                              		14618AMAZON-AESUSfalse
                                              64.233.166.84
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              142.250.185.170
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              239.255.255.250
                                              		unknownReserved
                                              		unknownunknownfalse
                                              142.250.185.174
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              172.217.23.99
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              142.250.185.164
                                              		www.google.comUnited States
                                              		15169GOOGLEUSfalse
                                              142.250.185.131
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              68.67.179.164
                                              		nym1-ib.adnxs.comUnited States
                                              		29990ASN-APPNEXUSfalse
                                              172.217.16.195
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              142.250.184.202
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              216.58.212.170
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse

                                              Private

                                              IP
                                              192.168.2.16

                                              General Information

                                              Joe Sandbox version:41.0.0 Charoite
                                              Analysis ID:1532846
                                              Start date and time:2024-10-14 00:50:50 +02:00
                                              Joe Sandbox product:CloudBasic
                                              Overall analysis duration:
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                              Sample URL:https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395
                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                              Number of analysed new started processes analysed:17
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • EGA enabled
                                              Analysis Mode:stream
                                              Analysis stop reason:Timeout
                                              Detection:MAL
                                              Classification:mal64.phis.win@25/41@36/223

                                              Warnings

                                              • Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
                                              • Excluded IPs from analysis (whitelisted): 184.28.90.27, 142.250.185.67, 142.250.185.174, 64.233.166.84, 34.104.35.123, 142.250.184.202, 216.58.212.131, 142.250.185.170, 142.250.185.106, 142.250.184.234, 172.217.16.138, 216.58.212.138, 216.58.206.42, 142.250.181.234, 142.250.186.106, 142.250.186.42, 142.250.186.74, 142.250.185.202, 142.250.185.74, 172.217.18.10, 142.250.185.234, 142.250.186.138, 142.250.185.138
                                              • Excluded domains from analysis (whitelisted): fonts.googleapis.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, fonts.gstatic.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, clients2.google.com, edgedl.me.gvt1.com, e16604.g.akamaiedge.net, clients.l.google.com, prod.fs.microsoft.com.akadns.net
                                              • Not all processes where analyzed, report is missing behavior information
                                              • VT rate limit hit for: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395

                                              LLM Input / Output

                                              InputOutput
                                              URL: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au Model: gemini-1.5-flash
                                              {
"text": "About this page Our systems have detected unusual traffic from your computer network. This page checks to see if it's really you sending the requests,
 and not a robot. Why did this happen?",
 "contains_trigger_text": false,
 "trigger_text": "",
 "prominent_button_name": "",
 "text_input_field_labels": "unknown",
 "pdf_icon_visible": false,
 "has_visible_qrcode": false,
 "has_visible_captcha": false,
 "has_urgent_text": false}
                                              URL: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au Model: gemini-1.5-flash
                                              {
"brands": []}
                                              URL: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au Model: gemini-1.5-flash
                                              {
"text": "About this page Our systems have detected unusual traffic from your computer network. This page checks to see if it's really you sending the requests,
 and not a robot. Why did this happen?",
 "contains_trigger_text": false,
 "trigger_text": "",
 "prominent_button_name": "",
 "text_input_field_labels": ["I'm not a robot"],
 "pdf_icon_visible": false,
 "has_visible_qrcode": false,
 "has_visible_captcha": true,
 "has_urgent_text": false}
Google indexed: False
                                              URL: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au Model: jbxai
                                              {
"brands":[],
"text":"I'm not a robot",
"contains_trigger_text":true,
"trigger_text":"I'm not a robot",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":true,
"has_urgent_text":false,
"has_visible_qrcode":false}
                                              URL: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au Model: jbxai
                                              {
"brands":[],
"text":"I'm not a robot",
"contains_trigger_text":true,
"trigger_text":"I'm not a robot",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":true,
"has_urgent_text":false,
"has_visible_qrcode":false}
                                              URL: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au Model: jbxai
                                              {
"brands":[],
"text":"Our systems have detected unusual traffic from your computer network. This page checks to see if it's really you sending the requests,
 and not a robot. Why did this happen?",
"contains_trigger_text":true,
"trigger_text":"Why did this happen?",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                                              URL: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au Model: gemini-1.5-flash
                                              {
"brands": ["reCAPTCHA",
 "Google"]}
Google indexed: False
                                              URL: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au Model: jbxai
                                              {
"phishing_score":8,
"brands":"unknown",
"legit_domain":"unknown",
"classification":"unknown",
"reasons":["The brand is marked as 'unknown',
 and no specific brand can be identified from the URL.",
"The domain '0nline.babjeetrading.com' contains a zero '0' instead of the letter 'o',
 which is a common tactic used in phishing URLs.",
"The domain 'babjeetrading.com' does not correspond to any well-known brand,
 making it difficult to verify its legitimacy.",
"The use of '0nline' as a subdomain is suspicious and could be an attempt to mimic legitimate online services.",
"Without a known brand association,
 it is challenging to determine the legitimacy of the site."],
"brand_matches":[],
"url_match":false,
"brand_input":"unknown",
"input_fields":"unknown"}
                                              URL: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au Model: gemini-1.5-pro-002
                                              {
"legit_domain": "google.com",
 "classification": "wellknown",
 "reasons": ["The URL \"0nline.babjeetrading.com\" is suspicious. The number \"0\" is used in place of the letter \"o\",
 which is a common tactic used in phishing attacks to mimic legitimate URLs. The domain name \"babjeetrading.com\" does not appear to be related to Google or reCAPTCHA. The reCAPTCHA brand is owned by Google and is typically associated with the domain \"google.com\". The presence of only one input field,
 \"I'm not a robot,
\" is insufficient to determine the legitimacy of the site.  reCAPTCHA often involves more complex challenges. The usage of a seemingly legitimate brand name like reCAPTCHA on a suspicious domain raises a strong concern for phishing."],
 "riskscore": 10}
Google indexed: False
                                              URL: 0nline.babjeetrading.com
            Brands: reCAPTCHA
            Input Fields: I'm not a robot
                                              URL: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au Model: jbxai
                                              {
"brands":[],
"text":"Select all images with bicycles",
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"VERIFY",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                                              URL: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au Model: jbxai
                                              {
"brands":[],
"text":"Select all images with I'm not a robot",
"contains_trigger_text":true,
"trigger_text":"I'm not a robot",
"prominent_button_name":"VERIFY",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":true,
"has_urgent_text":false,
"has_visible_qrcode":false}
                                              URL: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au Model: jbxai
                                              {
"phishing_score":8,
"brands":"unknown",
"legit_domain":"unknown",
"classification":"unknown",
"reasons":["The brand is marked as 'unknown',
 and no specific brand can be identified from the URL.",
"The domain '0nline.babjeetrading.com' contains a zero '0' instead of the letter 'o',
 which is a common tactic used in phishing URLs.",
"The domain 'babjeetrading.com' does not correspond to any well-known brand,
 making it difficult to verify its legitimacy.",
"The use of '0nline' as a subdomain is suspicious and could be an attempt to mimic legitimate online services.",
"Without a known brand association,
 it is challenging to determine the legitimacy of the site."],
"brand_matches":[],
"url_match":false,
"brand_input":"unknown",
"input_fields":"unknown"}
                                              URL: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username Model: gemini-1.5-flash
                                              {
"text": "Connecting to Office 365 Sign in with your account to access Microsoft Office 365 Powered by Okta Privacy Policy",
 "contains_trigger_text": true,
 "trigger_text": "Sign in with your account to access Microsoft Office 365",
 "prominent_button_name": "",
 "text_input_field_labels": ["unknown"],
 "pdf_icon_visible": false,
 "has_visible_qrcode": false,
 "has_visible_captcha": false,
 "has_urgent_text": false}
                                              URL: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username Model: gemini-1.5-flash
                                              {
"text": "Connecting to Office 365 Sign in with your account to access Microsoft Office 365 Username Password Remember me Sign In Need help signing in? Powered by Okta Privacy Policy",
 "contains_trigger_text": true,
 "trigger_text": "Sign in with your account to access Microsoft Office 365",
 "prominent_button_name": "Sign In",
 "text_input_field_labels": ["Username",
 "Password"],
 "pdf_icon_visible": false,
 "has_visible_qrcode": false,
 "has_visible_captcha": false,
 "has_urgent_text": false}
Google indexed: False
                                              URL: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username Model: jbxai
                                              {
"brands":["Microsoft"],
"text":"Connecting to Office 365 Sign in with your account to access Microsoft Office 365",
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                                              URL: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username Model: jbxai
                                              {
"brands":["Microsoft"],
"text":"Connecting to Office 365 Sign in with your account to access Microsoft Office 365",
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"Sign In",
"text_input_field_labels":["Username",
"Password"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                                              URL: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username Model: gemini-1.5-flash
                                              {
"brands": ["Office 365",
 "Okta"]}
                                              URL: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username Model: gemini-1.5-flash
                                              {
"brands": ["Office 365",
 "Okta"]}
Google indexed: False
                                              URL: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username Model: jbxai
                                              {
"phishing_score":9,
"brands":"Microsoft",
"legit_domain":"microsoft.com",
"classification":"wellknown",
"reasons":["The brand 'Microsoft' is a well-known global technology company.",
"The legitimate domain for Microsoft is 'microsoft.com'.",
"The provided URL '680c737c-daa070be.babjeetrading.com' does not match the legitimate domain for Microsoft.",
"The URL contains suspicious elements such as random alphanumeric strings and an unrelated domain 'babjeetrading.com'.",
"The presence of a username input field suggests an attempt to collect sensitive information,
 which is common in phishing sites."],
"brand_matches":[false],
"url_match":false,
"brand_input":"Microsoft",
"input_fields":"Username"}
                                              URL: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username Model: gemini-1.5-pro-002
                                              {
"legit_domain": "office.com",
 "classification": "wellknown",
 "reasons": ["The URL contains a seemingly random subdomain (680c737c-daa070be) which is highly suspicious.",
 "The domain 'babjeetrading.com' does not match the typical format of Office 365 login pages.",
 "Office 365 is a well-known brand and a common target for phishing attacks.",
 "The presence of username and password fields is typical for login pages,
 which are often imitated in phishing attempts."],
 "riskscore": 10}
Google indexed: False
                                              URL: 680c737c-daa070be.babjeetrading.com
            Brands: Office 365
            Input Fields: Username, Password
                                              URL: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username Model: jbxai
                                              {
"brands":["Office 365",
"MLC Life Insurance"],
"text":"Connecting to Office 365 Sign in with your account to access Microsoft Office 365",
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"Sign In",
"text_input_field_labels":["Username",
"Password"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                                              URL: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username Model: jbxai
                                              {
"brands":["Office 365",
"MLC Life Insurance"],
"text":"Connecting to Office 365 Sign in with your account to access Microsoft Office 365",
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"Sign In",
"text_input_field_labels":["Username",
"Password"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

                                              Created / dropped Files

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 13 21:51:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                              Category:dropped
                                              Size (bytes):2673
                                              Entropy (8bit):3.980348395711722
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:5DA66639A63CFA8110FC41F22164F3FA
                                              SHA1:EBAB4BD41D973C3C2D2906EEB3E6D08B6C2560B4
                                              SHA-256:5AC537200E4FA3B1EBB1706AEC1AFF8F4EF1B16750C1F5CADD9FA24F4532B5AA
                                              SHA-512:F2FB2B3E2973041FC1A17613913E121946C39BE1A8F59E8D476A6D4384F06E080F8712A60F22385DFE5819F2E05D903B545F56FA1AE5B5AE22F0EFC89D1D2CB6
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:L..................F.@.. ...$+.,....LBJl....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IMYc.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VMYj.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VMYj.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VMYj............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VMYk............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............T......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 13 21:51:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                              Category:dropped
                                              Size (bytes):2675
                                              Entropy (8bit):3.997449100560715
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:B4AD18F13D3439B7A56503FA7F4B6EC9
                                              SHA1:F9FB5BE4C7D3F2CBD9895A78AD931333C6304682
                                              SHA-256:D0B85A26BC3D6D7F235AC50D96F38FE2EB6C2C32EA584CA431934817018D9011
                                              SHA-512:0C5ABE8862E64426CA2D7171177C1C6A5BE39BCCC5FCFD00B615B29B4B2987150AE5CAA821E566C8776BD8E16C093F018888EE2AE290E0A6030FB202682E2E92
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:L..................F.@.. ...$+.,....x.>l....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IMYc.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VMYj.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VMYj.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VMYj............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VMYk............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............T......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                              Category:dropped
                                              Size (bytes):2689
                                              Entropy (8bit):4.007720280839512
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:DCDC6EAA351FC444991063D619A2A115
                                              SHA1:7F73467B8D0EFDAB82D538B552ADE17064134401
                                              SHA-256:B612828390AC011CFA749B873546A80FF271744D56DA676F6521BF8CF1388D1E
                                              SHA-512:3D990B72BDCB5B7416CD4AC2FC0114ABE2A903B16D1EBF1531723CC6627C0D520DB21C45CB7CDA1FCB49E688935BBBB6ECE61542C55FCD62CB371BF56C796AF9
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IMYc.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VMYj.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VMYj.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VMYj............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............T......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 13 21:51:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                              Category:dropped
                                              Size (bytes):2677
                                              Entropy (8bit):3.9941547894435954
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:1ABC5ED47F768A9DEDFD9F18E643D43A
                                              SHA1:0B85CDC3E796E9CBBC22CA8367F59F0DA3D0562C
                                              SHA-256:5BD6B4C0877B4172BCE40D7BAF939D0D4650CCD3D307244AA9F382367446C9B1
                                              SHA-512:2325C19BFF7A7EFAB7CB6B8C48D08F8349DE1AEFC69874496CBF7F29D678A126157A83406BB2D4CE6B731CF518737D7CFDDF497D47900C2BC30BA80679DCA334
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:L..................F.@.. ...$+.,....K.9l....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IMYc.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VMYj.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VMYj.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VMYj............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VMYk............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............T......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 13 21:51:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                              Category:dropped
                                              Size (bytes):2677
                                              Entropy (8bit):3.9841180829493026
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:6F9BEAD57ABD3989A855D99B8F3E8DCF
                                              SHA1:1C60D00598544CAFF7AA159D3C1E21685EDAEE19
                                              SHA-256:9B8A53D17A5E14734E195717BF2C818D8E28C7EFAD7068237C570E4B517A0BF0
                                              SHA-512:96BED7D72785F7CE7A4B8A44D67007180FF30A53D2A7E504A0853922C886E7878FCBDCF70F22AF20F2169B90A54BB33C1BDB84390B44967453BDD2A9BCA21600
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:L..................F.@.. ...$+.,.....uDl....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IMYc.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VMYj.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VMYj.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VMYj............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VMYk............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............T......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 13 21:51:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                              Category:dropped
                                              Size (bytes):2679
                                              Entropy (8bit):3.9944808434537906
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:BE43108F8CE5D5FD97498F70E9BB9209
                                              SHA1:0C6C873E527F24205D36F16AC25B06F3E3F8A570
                                              SHA-256:16022E0D1DE6256E5384F98800022FF4F23BC31B9D67183FF5CFF05A1EFF8FB8
                                              SHA-512:1815E50E40E1282B0E8B7455386D3250F1860A509971A1442E453D40C181A0BCE33639ABD11311F8BEC7849580551F30704BD3B85A28DAE96F747E5C6518D837
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:L..................F.@.. ...$+.,....{./l....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IMYc.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VMYj.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VMYj.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VMYj............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VMYk............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............T......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                              Chrome Cache Entry: 157

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:PNG image data, 233 x 50, 8-bit/color RGBA, non-interlaced
                                              Category:downloaded
                                              Size (bytes):8145
                                              Entropy (8bit):7.9568247392522755
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:EDD9CCC22A7B7FD18AE3B5D73D276C54
                                              SHA1:529918702D4D27482C02B09BF3BF863366EA62A0
                                              SHA-256:75BE2B8EF6AE1B32E9AD5C7D587A41E0B7D10D323C0E6C1DFB6B8C0B086266D8
                                              SHA-512:3246EEF660EC245B91F8F6CC4D5D516A450DB9D203C389240F5F992A3BD184DD196361958B05B6A46FB648D95A574608A601664A31B781E8BF94160F410A7319
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://a609b987-daa070be.babjeetrading.com/fs/bco/1/fs02jizmyXLrx2FQi2p6
                                              Preview:.PNG........IHDR.......2.............IDATx...xTU...m.k....{H(b].XV]]u-ka-..k...!.j(..HL.I..&...B.....=w&Lf&....F..<..f.s'.s.r..o.\.............. \.n..f.\Ui.!.f8...\.G.v...O.....#|P.. .l.g..-.y.OS.\...l..U....Z....pU.K..j...tI....+..e,.}...zW...&....0m\E.p.\..UE2.7..F?({P..j.eE4.#..?.Pn...M.....l.v.....CY..@.jY..F>W.......X..f.......A[....n...=.U..`..,gM...p.QX.....'dXe.!C.....%..b....9/..g;.g.$G%+....pn..`=-..... ..nU.`...7.g^,.5>`.*%9*S.(..d..Ra/..c..v......).jj..3.`..-.=xK...pV...)..$..N.zI..$.-...Z){U..R....>..g.v.e.|...%K*u..\O`..U..kQ"..`..m.nHePe.^AJ..a!(S.c...<3.K8....4..1..).\.Va",...)..N.l:.....d..xRW..O..&....3......`.x..[n8=`...a..\R^"L...dPe.>@J^.1.....L.&.tQ.?.<...{=..xy..!Re....,..C......^3..L....[/0M.q0.!.vkU..+.....W...)...iy\...5Q....G...24$^j.....gh]r..{.0h..*..m.......Q....T$.Xy;45OBS...$U.S.n.F9f7y...-.".(...5.B..qPT..M.M0.."@..PJ2.....0..!..:M.Qe....T.3..0..1P4.....=.H..c.?....a.5...P....!.~y&{K[~..+.D.B.....

                                              Chrome Cache Entry: 158

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
                                              Category:downloaded
                                              Size (bytes):665
                                              Entropy (8bit):7.42832670119013
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:07BF314AAB04047B9E9A959EE6F63DA3
                                              SHA1:17BEF6602672E2FD9956381E01356245144003E5
                                              SHA-256:55EAF62CB05DA20088DC12B39D7D254D046CB1FD61DDF3AE641F1439EFD0A5EE
                                              SHA-512:2A1D4EBC7FBA6951881FD1DDA745480B504E14E3ADAC3B27EC5CF4045DE14FF030D45DDA99DC056285C7980446BA0FC37F489B7534BE46107B21BD43CEE87BA0
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://www.gstatic.com/recaptcha/api2/info_2x.png
                                              Preview:.PNG........IHDR...0...0.......1.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........IDATX..W..DA.=.6O...H.,E.............b.....C.1...1..EbLPI.W......H..s.z5.:..._.d.0.u.......j.x.R..._.v..R...1..ir..`.yn..R..j.h./y..l......(`..5....l.E..0......B^......F.....F....Y|p..._,p.............(3^.r.P.O......;<....z.,..yF....N..x.MS...Q.C%......D8G.+......oOk...)T..}|..e...G.....'.R..G.Z.T}7(...&..@...G....$PGYv...A.c.]d....N..'.4b...R.%..)2Yd..b.M..^@.M....^.:h.N(dP*t..RQ%.o...{.vGH..S._".@./...g.....]...?..h..E.,r.m.%."."W.6G..t...->....q\.Kc.t"^......Kj~{l..C..).y..><@|yB....=c.............!...<....IEND.B`.

                                              Chrome Cache Entry: 159

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:downloaded
                                              Size (bytes):28
                                              Entropy (8bit):4.066108939837481
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:96B191AE794C2C78387B3F4F9BB7A251
                                              SHA1:F974547DF0ADFFB7E80699552C6BCE3E709343A6
                                              SHA-256:CE76758AEEF2CAF12021AFB5257D0CA4E9E5C20015C2C85D68BB27FA6B1AFB28
                                              SHA-512:07EE1CFDBD53C1046FA4F44FF7C83F4456CDAA099299816B451D114E3EEAAD4BE8F0CD0FC09F0E838418BCBB5E50547E806E8E080B8E3421D0DB26FF4C15D412
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwmRWLAhuKpl_BIFDeeNQA4SBQ3OQUx6?alt=proto
                                              Preview:ChIKBw3njUAOGgAKBw3OQUx6GgA=

                                              Chrome Cache Entry: 160

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:gzip compressed data, from Unix, original size modulo 2^32 7324
                                              Category:downloaded
                                              Size (bytes):1998
                                              Entropy (8bit):7.891849610307165
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:C8798EBDED153C62971BCA924F9DF9D0
                                              SHA1:37B38950670C0010918231E2B4E29130BA965CDC
                                              SHA-256:FE1DCC0264A677CAF236FA4F2AA9A56D26EA262C3B311C84B94CBD2456E6DB31
                                              SHA-512:3A7A8A4157E7C865A88D2A7A5525900FE1A305656BF9ECD6082C259293DF69485A83F16264EB90BB2D71B80122E4B7D487FA767E31F29DB599E4C96D2B552AE0
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://a609b987-daa070be.babjeetrading.com/assets/loginpage/css/loginpage-theme.c8c15f6857642c257bcd94823d968bb1.css
                                              Preview:...........YYo.F.~... .8..4.C..,.`.$."A...C..b.I6.lz.....IY.........l.......CEF...ab0.MK....#a}.%.p.%.1...d,.n......tD@ga Bc.0...DBC...WD.h..Dih....ZR...H..:!uJ..m.&Z.....-..H..$...-tX.......4.'...-.....-k.2..#...%...d.8...2.....+.U.Xbk....XK&25..;...v0S'+;......A.P.2..F...BJ...Jw5..nZ6lu...d...J=..-JW0X-X..Fo....\.[g..IA.z[.*.E....F...4Pu.u<p.v....)G.Q.....,-o...@.....^..*e.4....E:v..m A..9..H......m}.a.....4..G...h.......O.w{......7;..a7~..7.e.=.)j...\.!G......9;.<0t...Q.......M...7Z.~..X8_..0..w3_...q..44.....5.1.....#...S..7...X.a...B.....L..i........[..z./....%..,..AL3*SN!...+|q..:..m.!.....F.~...!E9....(G..3'g..\.6.a.eN..S..i8...Y.....Q<?\)....rrD.._..#.n.|.m.,..J.D.i..T...3.8FL...!<..:.J.e.9...0.3.4pp.DY..0t.G".f..*.G4`.R.......1.i.F*.i..:........[....s../..?$...}$E.:....<.....(.2.......)>.L.RJ>...I...4.....u.E\....Y$xY$,.........._pc:..?pWz....-.......?.n'..gi.i.JD.....3X......e..i.."..$.OvM[...\...Y...(.gE"dY.....-....

                                              Chrome Cache Entry: 162

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:Web Open Font Format (Version 2), TrueType, length 14940, version 1.0
                                              Category:downloaded
                                              Size (bytes):14940
                                              Entropy (8bit):7.987709153796886
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:A46FB7AAE99225FDFD9D64B2B8B1063F
                                              SHA1:1EE50BF5985C1956DDE1C06D9B1CEC4645DDB92B
                                              SHA-256:4B5816BBFC52587979139951355FE4048DA02CE60E40CEF8E4A1EFB6CD396281
                                              SHA-512:4D981728548E5AF03C71AC0209D4F669D109558B369B0CBCC6BBFA1C32B43D1358B0322F65CFDF6E286EEB743081E6804C5B58292DBA4FC34BA76171FB3B716E
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://fonts.gstatic.com/s/montserrat/v26/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
                                              Preview:wOF2......:\.......d..9...........................6..\..r.`?STATH..F.......[.....6.$..B. ..|......'.5l.F.;........x..T)..g............Y...U..A.. Lr.v/..s.a..|....wX.O:.w...IBP.=...$.F...kK.p..Wz...|;...E2.'Y......V.r!.\..S.....+.\..-|.rN.<.....\...f%..He....y..{.c.d..E...z...F]{..^e.E..4..R..T...M._.K...Z.B.R1....(.cE.0X[.?......w.{g.}..D< .K...0..e.......X.I. M!Xxi...m.....a]:..zo...A...H1UQ....X..-[97 @.@.25...............t...E...]..$...S..]..iuKV\.m-...t..{...&dTnuL.*.."....h.Z$.+"z.....~.......$.S9T*....CB.Dx...7......?-......x.H..g..8g...I..[...RT.......`d.....5 YC.......3.....Fy........m*.Rt[.[.)..v..m...<....u9....S..f.Qrv...s...K..1@.A....BY..@,.......N_....N... .....x..8 ..>.;..,.5...F....F...i..':..$.Io$c$..?.....g.3.)C..........aD..{..DU.L...X...!."..Q.....$..I.O..!....4.....C...$.P.*p....`.SO5.>Z....g.n8..B...*+PN.J...#..|......>._.`:.?u.&...k@..!.1.2.a. ......?F.(..x`d.. (...C.......7...E[9.t.L.k..7.S...o..n.o..u.,....U....p$...

                                              Chrome Cache Entry: 164

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:Unicode text, UTF-8 text, with very long lines (49026), with LF, NEL line terminators
                                              Category:downloaded
                                              Size (bytes):98350
                                              Entropy (8bit):5.286879409751987
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:FEE94C3936A7BDE0E34D3CA2E29A36C0
                                              SHA1:71F5E16D085777B19473E206BFD90FA712960F4B
                                              SHA-256:A7CD48B9527E6FC425258C9DEDC338FEB7897C7DB34416585E5915AC58B0FC1A
                                              SHA-512:5D7E9F8E8C5BAD06F684B41926B438BFB83AD6DE3F6C106FD1C70EC21A44DAD36E666EB0DCC76DB46D72C8B6621E8E2B910367EBF63BE7C35A31C76B1EA5FA3F
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://login-okta.babjeetrading.com/lib/discoveryIframe-a869d3b07ebd94f8cfae.min.js
                                              Preview:/*! For license information please see discoveryIframe-a869d3b07ebd94f8cfae.min.js.LICENSE.txt */.var MyOkta="object"==typeof MyOkta?MyOkta:{};MyOkta.discoveryIframe=function(t){var n={};function r(e){if(n[e])return n[e].exports;var i=n[e]={i:e,l:!1,exports:{}};return t[e].call(i.exports,i,i.exports,r),i.l=!0,i.exports}return r.m=t,r.c=n,r.d=function(t,n,e){r.o(t,n)||Object.defineProperty(t,n,{enumerable:!0,get:e})},r.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},r.t=function(t,n){if(1&n&&(t=r(t)),8&n)return t;if(4&n&&"object"==typeof t&&t&&t.__esModule)return t;var e=Object.create(null);if(r.r(e),Object.defineProperty(e,"default",{enumerable:!0,value:t}),2&n&&"string"!=typeof t)for(var i in t)r.d(e,i,function(n){return t[n]}.bind(null,i));return e},r.n=function(t){var n=t&&t.__esModule?function(){return t.default}:function(){return t};return r.d(n,"a",n),n},r.

                                              Chrome Cache Entry: 166

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:Web Open Font Format (Version 2), TrueType, length 15340, version 1.0
                                              Category:downloaded
                                              Size (bytes):15340
                                              Entropy (8bit):7.983406336508752
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:19B7A0ADFDD4F808B53AF7E2CE2AD4E5
                                              SHA1:81D5D4C7B5035AD10CCE63CF7100295E0C51FDDA
                                              SHA-256:C912A9CE0C3122D4B2B29AD26BFE06B0390D1A5BDAA5D6128692C0BEFD1DFBBD
                                              SHA-512:49DA16000687AC81FC4CA9E9112BDCA850BB9F32E0AF2FE751ABC57A8E9C3382451B50998CEB9DE56FC4196F1DC7EF46BBA47933FC47EB4538124870B7630036
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
                                              Preview:wOF2......;........d..;..........................d..z..J.`..L.Z..<.....\..`..^...x.6.$..6. ..|. ..8..z%......Q.{..q...FF.kd .8.(..d..).!C...Y.JA...r. ..GH8F......nW...".2&....2<..+C...p...b..SC.......J......z.-..Q..#6&1zUe../\...l.....<.....9s...E~.]B-..B.wY..o......Q..*A.F..1j.......-.`P% .. ,..@1.0..~.....WWW.d.u<c{..^.R.+..w....&.........A......+C....(.N.....0.~..0.J.;.Nu..7....]..m.H.....[h.GL3....?)....c.H...2.3.}y........SXI|..iVN'%E.D.W....r..<`....i....6;E$.....U.$j.@...._.......R2....WS...k.vz.R.'a9!^..*.N....h.._.....c.%."..S.2.16B...o.2}.pmU[.|.LI....2.....OWQLO1-....s..8.(...".|6...6R.. ..M-.zO.}w)..v..mXxX...c..3*#.+.v....F`.Z;.zQ.......r,....Yo.....g.h....+.....O.3Y..)Y.8.!....elX......._.3.}k~u.{ C..H.z..FP........@...d..)T.R...L.H.J.j.@..............$...E......y...3.b...I.h u.+%.HA.\..9..8..X.!....gx...].:..V..C...._..X..!....6..)...GM:E.....O.Z.*}k.;.T.k..D.k.O..D5.r..."......?..T.Q.A...CF...3g.5.Dn<.QPy..G..1.9..Q..0..

                                              Chrome Cache Entry: 167

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
                                              Category:dropped
                                              Size (bytes):600
                                              Entropy (8bit):7.391634169810707
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:0F2A4639B8A4CB30C76E8333C00D30A6
                                              SHA1:57E273A270BB864970D747C74B3F0A7C8E515B13
                                              SHA-256:44B988703019CD6BFA86C91840FECF2A42B611B364E3EEA2F4EB63BF62714E98
                                              SHA-512:3EA72C7E8702D2E9D94B0FAA6FA095A33AB8BC6EC2891F8B3165CE29A9CCF2114FAEF424FA03FD4B9D06785326284C1BB2087CE05E249CCAC65418361BFA7C51
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:.PNG........IHDR...0...0.......1.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........IDATX..M+.Q.....&/....&......6...|.I..).o.I.X..#.@.bb.D.'5....m...=..y........{....<.P..;.H......f...3l...M.I...j2.....3..1x..S......9..<m...E.'F'.. ...M.j...C..c.5.-..F..3H./F!.."V.e.i.}.Y....../.rw...@...].rp...`CQo(.....J...u.".!E...$.^$...k....b...*.@.^.;.u5.*.......H/Q{..$..'..........w...r.+xS.uR..J.......GD.O./.. G7..l...J.t.3.S...N.7...e..s.-Jlj)..5E....E.;8w4.k..=.li.G...1.c....p,T6;....1.oW.%.2,..Z..a...*m.s}T1F....Hr.1......<x0.....-.i......IEND.B`.

                                              Chrome Cache Entry: 168

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:HTML document, ASCII text
                                              Category:downloaded
                                              Size (bytes):277
                                              Entropy (8bit):5.157148627239778
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:E158682C49201F8CE0FC84971481EDAC
                                              SHA1:D187459385DFDF84A1ADB154FF535009B8F72DD6
                                              SHA-256:740F4BE9FE2C3DC71887DBC12D7E5315BE97E2E64153A467218B1655EE13D019
                                              SHA-512:D88E24AE4C436D7C585E1C1CCA13D416679E570321A581CA70FEECF55D0089B29840EDE38A0D0EA550094BF1DF772A136BA4DC73B2DE0EA527A7C5198D31462C
                                              Malicious:false
                                              Reputation:unknown
                                              URL:http://aa.ns.agingbydesignministry.org/favicon.ico
                                              Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<hr>.<address>Apache Server at aa.ns.agingbydesignministry.org Port 80</address>.</body></html>.

                                              Chrome Cache Entry: 170

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced
                                              Category:dropped
                                              Size (bytes):1800
                                              Entropy (8bit):7.190946488281365
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:04EEEBA5B3538C4524D8E6828BA2C405
                                              SHA1:8DB73B75BC7547A90AEBD1377852EA3BF7CBC5EA
                                              SHA-256:DA75C3F3CE27C081541DFB59EDD7E756FEFE054A9E0E976356C4B0D3778BB434
                                              SHA-512:C5E00C512C3533DA77FD403A45B91A9A791A42E487A3466742440A67157E623C45961E414F40C5E1E35AA811BA54B37C4A5106EA73BDC311EB03415A8B117B44
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:.PNG........IHDR...F...F.....q......tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:49805dde-5585-4fad-868b-ddeac76a2fd0" xmpMM:DocumentID="xmp.did:B4C76E1B907911E5A157F64E2CF70557" xmpMM:InstanceID="xmp.iid:B4C76E1A907911E5A157F64E2CF70557" xmp:CreatorTool="Adobe Photoshop CC 2015 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:20f735b9-f728-456b-b356-7e7bee3746ff" stRef:documentID="adobe:docid:photoshop:e1b0c655-489a-1178-968f-b163372a28ae"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..T.....IDATx..}s.0

                                              Chrome Cache Entry: 173

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced
                                              Category:downloaded
                                              Size (bytes):10796
                                              Entropy (8bit):7.946024875001343
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:12BDACC832185D0367ECC23FD24C86CE
                                              SHA1:4422F316EB4D8C8D160312BB695FD1D944CBFF12
                                              SHA-256:877AE491D9AAC5C6EF82A8430F9F652ACE8A0DBC7294BD112AAD49BD593769D0
                                              SHA-512:36C319AC7F75202190E7A59F3F3C92892A71D5F17663E672319A745B6574BCFDE7C89B35F480CB15A193924DACB9D67F8CA1E1BC2BF33FC5CCBFA152CC7BA2D0
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://a609b987-daa070be.babjeetrading.com/fs/bcg/4/gfsa2vo23bcdUiNMC2p7
                                              Preview:.PNG........IHDR.......^.....l2`...).IDATx..}...U.... w...B..P$.Hv..t......x.EA@.Q`.E......-.".(..X`..D....5]]U}....$3...&...guOw..}>.....~....w.ZZ...z..FZ$I.$I....N.......tt.$e...M....ru$I.$IR.h.AvK0.t..wy.:.1...D.H...LS....iF~.X...smr.$I.$IR.4.....SY..@....h8.....*..dB...1.eG...$I.$.hZ...8.r...[.A.I..XE..hdA{Z..teaF...u:}.1^..-I.$I.FP.A..Nm..........A78...=.%W_.$I..8YQ.H2z#.D_...m..k..u.t..R6#.....N....){...$I..1@...g...@a ..u2..dL...*ai.d.[.$I..D.....OM..a...,h%u.B.....0...57..hrW..$I....Gf.|.=.eg`.........k.J.$IR..<.u....]....@.d...H..$I.$5..MWwu:....H|Y..,.$.I.$I....Qu...s.NzzM..]..;$ I.$IR......+..L9......63.I@.$I..z..#.....:..7...s..<$ I.$I.hP.tu...m"..o1.y.@..W1T<(..... z%."?.4zE..$ ..Y1z`.P..!....`t%t....[..d...N.UKy&.A;..6S...<...........o...]0...r.$I......0..R.....N.....0Wi._.;...M..Lrb{.7w..].jm.r....C...&..gd}..Etm}..~L.l...}n\'...$..Mr.i..{..n..9.....SwMh.}.Q{./wJ.....B]:.....+..\V...A.S.w..6.....,..[.......J@....-.4.....:..Zvt.r.*.

                                              Chrome Cache Entry: 174

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:gzip compressed data, from Unix, original size modulo 2^32 223282
                                              Category:downloaded
                                              Size (bytes):30536
                                              Entropy (8bit):7.989737336708108
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:B446C4F65DEE322A74A9F03902B4AA4F
                                              SHA1:333A47BADF236D2A5007A772C900FBE7C834DFC2
                                              SHA-256:4D45285C1F380D825FB9AC1A813591BE2CFCA92B795AD4FF38A31A3E725EB199
                                              SHA-512:1C516C7E399709DB546A793ECC3CFF8873722F74A1A731C91B4838E463AFCD15D90188C2D0CA4D5BD42D9885C67DA7574FAA6E18BF27157D93DA25BAAFA87D25
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://a609b987-daa070be.babjeetrading.com/assets/js/sdk/okta-signin-widget/7.23.2/css/okta-sign-in.min.css
                                              Preview:...........k..H. .}~.&..dt...3.......i`zfp......%R!vR..."#J(`.....%.......R.G.[BVH...........oW............->...>...|..M....v...O.*[..rwW.*....3{..w......F.p.../...../.8._...6Y..9....6y....asG...|.....>I.|.p....:.M&.,....P....RD..i=..N..*..U..nYe...~7..V.[...=.....H7..*.k....l.T..1...!.&O.l.SeEr..._..K.dV..x0"MR.|c..c..........h...........:$...EYg...iz@....C...}R.(..cU.......<.`t.Y....:.&.+.{D.../.D....F#...6....6...).4.?.....-...Pr4o......~.....'.[.E...x...N..+e[..5..)..D|.......N.a]~......m5.Ve.P...X.N.d...*...N.9:6..Q...0..-.s.*.2..n.U..^..>....I..6)...).}.....J6.6..I.QM.....(.....#.....:9.....C....L........d.{.q6......C g...ZK.'i.>bt8..j%....q6?0'...$..2"......o.q.@...,.RmP...l./.H..pJi.fc.....|~......#....j.)%....>.V..>....>..`.HMc..U.)mM.S;h:u.Cr .."......;.4l-._.;.x....\...6.]d....&..1.p..$N....C............3K-....k.f.\L......a...x2..J..th..gF...b....$.M$<#.:.I..U..,Dz.wH.VI..f..n..v..d........?..0...N......Sq.,.Z.WH..l=_.":.m.6R8..

                                              Chrome Cache Entry: 175

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (1434), with no line terminators
                                              Category:dropped
                                              Size (bytes):1434
                                              Entropy (8bit):5.7650966390195455
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:428199CEE2F0EEB6B22877D19E9A5948
                                              SHA1:8904CC6022394076F644563F5AADCB999A23B9E5
                                              SHA-256:9BB78787D230094E7B59FD220AF0A87160630712D25307D3DBEF05FB554A261F
                                              SHA-512:F8BD0C179D0B811621E30F53C909A70E9E85AABCE6A37E948D427D2C10AEFDBD3D51D9E47D6212FAEA7DFFD4758E39E52D28821BB0A4B571BF1C375DA4A4509C
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]||{},N='grecaptcha';var gr=w[N]=w[N]||{};gr.ready=gr.ready||function(f){(cfg['fns']=cfg['fns']||[]).push(f);};w['__recaptcha_api']='https://www.google.com/recaptcha/api2/';(cfg['render']=cfg['render']||[]).push('onload');w['__google_recaptcha_client']=true;var d=document,po=d.createElement('script');po.type='text/javascript';po.async=true; po.charset='utf-8';var v=w.navigator,m=d.createElement('meta');m.httpEquiv='origin-trial';m.content='A/kargTFyk8MR5ueravczef/wIlTkbVk1qXQesp39nV+xNECPdLBVeYffxrM8TmZT6RArWGQVCJ0LRivD7glcAUAAACQeyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZzIiLCJleHBpcnkiOjE3NDIzNDIzOTksImlzU3ViZG9tYWluIjp0cnVlLCJpc1RoaXJkUGFydHkiOnRydWV9';if(v&&v.cookieDeprecationLabel){v.cookieDeprecationLabel.getValue().then(function(l){if(l!=='treatment_1.1'&&l!=='treatment_1.2'&&l!=='control_1.1'){d.head.prepend(m)

                                              Chrome Cache Entry: 176

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components 3
                                              Category:downloaded
                                              Size (bytes):29708
                                              Entropy (8bit):7.968779190170683
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:4D148F309A0B5B9E01277D880C0C421A
                                              SHA1:2B071F438ECE6E26DFC3EE93709AB1D9ADC2C412
                                              SHA-256:4C0022D98D09910E05613E0C72D563A12597F813F85FDB512D8007F3AB8DF34C
                                              SHA-512:B887BEF9C1223AEF66B01B9EEB012328714BBDF923365A0525F52A207B89939AD08847A20CDC4D94AE27403BBFC3B85DBF2A87BBEFE2D331DB45A3554ABB419E
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://www.google.com/recaptcha/api2/payload?p=06AFcWeA7X6zdQqmKY_7103Mkvxo9tOvDVNiUK_b8QsPz6rAihkhZlFFwcwuoAbKPqawhLLzJciV50RY7wWe6bcmxyuYBKNuhg6vKeo9mR8n5Xs-5Yb05hB20p9snFavwoqPPesSQ1JxluO6pJoxoEcrl4OCJUB_D8g4DdsbxNdtHOAWXyy2WAHwlLwQN22Q5GFmj8n8wxC3JZ&k=6LdLA14qAAAAAJv2az-DAgKhXePkDnB25zY9tmvH
                                              Preview:......JFIF.............C..............................................!........."$".$.......C.......................................................................,.,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...7.dL.$o....\....+....D.[q.H..o...I`..-....O#?.rlnm..Yw-.MFy.~&.[..].m....$#.G....rn...,.n0{.s..i6..5. ...A.X..\.b...An.....>.........5-4;.^)...Dm........W..][..ir[w....>.P.......'w..$.7...FP.(]... pH.zV2.z#zRKVD.;m..aF~Lq..l.m..<a?...F.P......%@7!B..<...y......n.......Ji......X...&.#...J..+nRp[p..)..~`..!.8..J.......8.z...Y.Z:..;..U...2..........8LQ..2r@.f.

                                              Chrome Cache Entry: 177

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                              Category:dropped
                                              Size (bytes):2228
                                              Entropy (8bit):7.82817506159911
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:EF9941290C50CD3866E2BA6B793F010D
                                              SHA1:4736508C795667DCEA21F8D864233031223B7832
                                              SHA-256:1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
                                              SHA-512:A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6...*.Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6...*..,xz.._......B."#...L(n..f..Yb...*.8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o......*....x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.*....-.A.}.......I .P.....S....|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.*iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

                                              Chrome Cache Entry: 178

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:Web Open Font Format (Version 2), CFF, length 42632, version 2.0
                                              Category:downloaded
                                              Size (bytes):42632
                                              Entropy (8bit):7.995693492865635
                                              Encrypted:true
                                              SSDEEP:
                                              MD5:F37DD71E272C2E2A491B7F3E0BC3BC3B
                                              SHA1:74824DA964C79C9ACFB73D1F9501F6D2EEEB4373
                                              SHA-256:419A069F2859715998EC2BEDA0659052F7E22469385CC25011C7ECBB97266719
                                              SHA-512:EF552D7DB14D0DFB8F94144482B9023F33FBBBC34CA7495C149FFEC228F3A3CE1A5839683BA9FF347A92D368F6F9F612E3F4D5DB54DA913160E8A2FEBE2B3C16
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://a609b987-daa070be.babjeetrading.com/assets/loginpage/font/assets/Aeonik-Regular.c672e6fbaa411f5719f3.woff2
                                              Preview:wOF2OTTO..........=....6...........................;..(...r....`..^.6.$..|....;. [.<...6..#..P4.....O.b%...z........nX..*.6.....f....../K.2..q.m.........Lxop...>C^.......2..5)..Z.I...1..lV:u....|....s/.pN%.R._..B.i;.EU..nJ>E....9....8....if...Ed;3.Y..%..z.f.v<.v....,.X9.v5....TO.......]...g.....x.{.|...Yj....zA.......X....$}..O.9...T.J.rCZ.]..KC..+...b.1...........5.f.^,..b@H.f....K5.. r$s..d.UAO..Q.0..0.p.....'X.....l...ZR.^.$...Nl./.>.TQ^....F.....m:1Lvr.{.].1'.Q.5.5..'..+7..db..o<.....J.Aa...N...Z.Tv.wA...^q..z...b...$...:J.....TI=.8.C.+...1&$.T..'.P#-.Aqq&_3^~....f7=a<....^.I.N.?.#.Z..F.b..)..... .......s....E.$X.$...b.-U..T..S3..._T.~oK....,.....S..).dOV.-A..2.LE.=o...Va,....G.......WTdV.D=q.O..m......N.sv`a.bbbDc....i..:+........{.w.E...w..|u.....t..0.V!....;.Z.....y.....H],.*.P".H.......s./._'P..U...M.B.B$...?..x..wIZ.pk)...K8.4.@..@...#....!..............{.S....K..r>.1#@...fdg.f,^...,2).'N...#"..3....5j..Q..5...1.j.<t._bY..5U....'.Rj.q.v..

                                              Chrome Cache Entry: 181

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:gzip compressed data, from Unix, original size modulo 2^32 141825
                                              Category:downloaded
                                              Size (bytes):49815
                                              Entropy (8bit):7.994231596056247
                                              Encrypted:true
                                              SSDEEP:
                                              MD5:07C728F081BF3ACDFF4FAB772665AA79
                                              SHA1:626EA7DB1CB087E31BBC52076F527535C19DA7FE
                                              SHA-256:6476F117BD8B99967284B0AC5E64AF5016FD0F98C48F860E201D16B063999B1A
                                              SHA-512:51AF6AB57485AAFA24BB920B8853A8DC0E94EC8FBF63AC8FFE2E1A8116D86047FCFEEBC807E02D98EE39185FFDEE1FE3327519A86A168C35E07254CB2D1FB760
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://6afe6eac-daa070be.babjeetrading.com/shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js
                                              Preview:...........m[.8.0........OL.......... ........pw.....@.o?."...=..:_.y!.T..RU..T...Z...O.....28.W..*._...+.....I..p.........w~\...Q........0...(..a.&".....w'.q..W.;Q.F.W1J....(4...R..".r.F.s...C..j.o..J...3<.%. L.....G.M.%.Ee.x".<.....?..8.'.H......g....Uq#Q.ER..Qr..W..)k..3..............:.....:.e.`.\...V........p&[....n+.......Yu..o6J.n."z.&N&.....!+.W......s.6r.D.....{..q/.....*:|...Sh....8..S1......X...T*_.0h..j...Zkl.5.&g.%.4...o..n6....W!......Qx....CGF...........1....l......./..cq...S5.}.....8....d....d....,.a..|Q....[.U...X..;.e..r.ym.N.9..x.ODp..u.Z...2...C.:.B.&.SQ.s..c.(.. ...(..Z....^F....t..U...bZ..4:.....?T.k.PeU\....L.a..:..tf.......jV...2.B.i7...>b..W....D2...>.h.+...v0.y....+MKf./.yG..X.....V`e../.g....?.Vh}.....Z..^...ZF..i-)..#..1... P8&f3...D] .+.z.E.;cI..5`H7A.D.$.B.Q.a......aw8..I.J.@.St;C......O.....@ji.M..W...TE..J.t..t:y.&VZ7..L.....z..........paJV.(J...g....!.|........;.zN...5}......\....=q.E.@ .Dv.z..

                                              Chrome Cache Entry: 182

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (65536), with no line terminators
                                              Category:downloaded
                                              Size (bytes):79242
                                              Entropy (8bit):6.019678305853488
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:A0CE64213F4F6193A598DE1CDBAEA665
                                              SHA1:FEC9A873B214601198F7312BCB1BF99204014085
                                              SHA-256:F0DFF86310E9D08A2D80DBE68BAE9367F8CD6CBD4B7D036F09B0702D035C7E8C
                                              SHA-512:72DA125D31FD39B9B6571286C9B4B35D2B8875C8E299155A4D44742FF2B3FDF9B8CD5A7B888CF2BA26FAF4842EA6810CF7D6DEE5DC4B7E55AED03C623884356C
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://www.gstatic.com/recaptcha/releases/aR-zv8WjtWx4lAw-tRCA-zca/styles__ltr.css
                                              Preview:.goog-inline-block{position:relative;display:-moz-inline-box;display:inline-block}* html .goog-inline-block{display:inline}*:first-child+html .goog-inline-block{display:inline}.recaptcha-checkbox{border:none;font-size:1px;height:28px;margin:4px;width:28px;overflow:visible;outline:0;vertical-align:text-bottom}.recaptcha-checkbox-border{-webkit-border-radius:2px;-moz-border-radius:2px;border-radius:2px;background-color:#fff;border:2px solid #c1c1c1;font-size:1px;height:24px;position:absolute;width:24px;z-index:1}.recaptcha-checkbox-borderAnimation{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFQAAANICAYAAABZl8i8AAAAIGNIUk0AAHomAACAhAAA+gAAAIDoAAB1MAAA6mAAADqYAAAXcJy6UTwAAAAGYktHRAD/AP8A/6C9p5MAAHq9SURBVHja7Z15fFTl9f/fd9ZM9n1PgCyEXSSRNYKCgAuiIipuVSuudavV1tq6W/WrtnWrrZbWDZUqUqUoCoIEQhBI2JesELKvM9mTWe7c3x83d5xAlkky8fv92ft5vfKC19znOWfuZ571POc5B1SoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKHifwGCRqsTNFrdj6VPq9XqtNofT9+wvutQyEyad8t9IaPPntFUd

                                              Chrome Cache Entry: 183

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:HTML document, ASCII text, with very long lines (617)
                                              Category:downloaded
                                              Size (bytes):559447
                                              Entropy (8bit):5.6838609237395215
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:99210E7C2195DE81C0EEDF98787A69B3
                                              SHA1:7B26C66058385B60109AA6129C2161A399A6034D
                                              SHA-256:5F75BFBFBF0C7CAC2C87D6CA5DE0661AEDC188B0900B6CEF5EFBAEA134B53302
                                              SHA-512:C3198D7943B3311679D77BCFFEA75D7043801277BF03AC10CA20BBE424E9AE896C060C7E0EF4143E23C2A41E367917A258404FBA428099316705B7252AEA8A6B
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://www.gstatic.com/recaptcha/releases/aR-zv8WjtWx4lAw-tRCA-zca/recaptcha__en.js
                                              Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2005, 2007 Bob Ippolito. All Rights Reserved.. Copyright The Closure Library Authors.. SPDX-License-Identifier: MIT.*/./*. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var E=function(){return[function(K,v,L,Q,d,x,r,w,f){return(K-(((K&55)==((w=[2,6,"P"],(K&60)==K)&&(L=LO.get(),f=a[27](33,v,L)),K)&&c.call(this,v),(K|w[0])>=29)&&(K<<1&8)<w[1]&&(r=a[0](72,v,L),Q.I=d||0,Q.u=Q.I,Q[w[2]]=r.UA,Q.Z=r.buffer,Q.H=x!==void 0?Q.I+x:Q.Z.length),w[0])&16)<8&&(K-3&15)>=10&&(N[w[1]](63,"INPUT")||(C[w[0]](w[0],this.u,this.V(),"click",this.N),this.vL=null),this.xV=!1,V[20](12,"INPUT",this)),f},function(K,v,L,Q,d){return(K|((Q=[9,895,11],(K-6&7)>=3)&&K>>2<Q[2]&&CO.call(this,Q[1],14),.Q[0]))&2||(L="",L=h[5](37,v.Cr,"imageselect")?L+'Select each image that contains the object described in the text or

                                              Chrome Cache Entry: 184

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:gzip compressed data, from Unix, original size modulo 2^32 1819571
                                              Category:downloaded
                                              Size (bytes):431822
                                              Entropy (8bit):7.999109146689357
                                              Encrypted:true
                                              SSDEEP:
                                              MD5:B8304EA01E11169821C7DC3083B7F5D4
                                              SHA1:0D789129D13BD8494DF6E3269DA6462F1A791EFE
                                              SHA-256:A1DF0B7F0B76002B2A149C304DF7AA629A6B6729EF21289942939F62F1620FE4
                                              SHA-512:8D108DBAC6A914FCAE2DDA5E968B6D24A9FD971C980186CC8204B81AE53424FA2FF6846BDD58380537CB07DB88F97BEF03350730338C7C35875B38CDD16F1E61
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://a609b987-daa070be.babjeetrading.com/assets/js/sdk/okta-signin-widget/7.23.2/js/okta-sign-in.min.js
                                              Preview:...........}kC.........C..06$..(~H .v..@...Ra.A.!y%9.....9g....m....,..>g......x.L....:o.C....<[..,cq.6.?..8...F......Y#...(.r....Q..Y........kFE.Y2.o..5..0...q.F..F~.f.8..!k..$M>.#.4...4..F.@....C.9.|q...G.fa.76Z..,.e9.....q..5..<..F..........A....~{{....V.^.G<C.~x.z..t...i..C......4Ly.......kD.m.&%.J.|.NC..i......Q..ix9.!.4....!....F...k..qpj5^...........8...''.Gg............#x{..=.......`!.6..\..;..@.qe.r.X..q.{.M.0..C.R|5..X.*....F...&.p.3..F..y..{e<..4.]...x..1......._.0.|?..0X..[....j..M2.F...Z"...g.:u....1[]..f..v...z.....B.ix.....+%..Ec.V.q.S.O.a.|.`.......9n7..Oa.qu..].......i;n...?..t....w.Q\....){.-........y..0.....=....&.6G.m.:.(| .e...CY......c....n..|<.ek..JC.......v..pBc?.sw...~{.f...t.m..K.Z+r.3'.N..F.n.g....Ij[._..q....."..}..5.a.`.. .......".4G&f...{jg.k9..`.V.~00...}......qFx.!...ib).g.mg.. p.s..<.F.....[.......N.7..M.{tzD.. 9...v.]._..Q...=.Y...p..m.N0......Y..6.*..D.R......b.......>8.._.........}...0....x...

                                              Chrome Cache Entry: 185

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:PNG image data, 50 x 1155, 8-bit/color RGBA, non-interlaced
                                              Category:downloaded
                                              Size (bytes):3141
                                              Entropy (8bit):7.275615969527201
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:7846B2F8C6D0A7CA69FDD3D3C294E92D
                                              SHA1:E0BB021FFDF93C68FEF44DE2A3B08F378B6FB50A
                                              SHA-256:40810B0318131F9BA52C83A17E633A0AC476ADE66EA8A914D6C4980571397665
                                              SHA-512:C08600B8B07D56BB502F9AED5CE2BAB59B33105C1CCF595413BC7158368FA06C73BC2D22C7CC99D1EFD10FD7C599CEE92163DEC3D2312BFD98DBF69457C59DE7
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://a609b987-daa070be.babjeetrading.com/assets/js/sdk/okta-signin-widget/7.23.2/img/ui/forms/checkbox-sign-in-widget.png
                                              Preview:.PNG........IHDR...2.........;.lr....IDATx..._l.......{..@.,.g.e.2...l$...p8...H.ndxS...7o.\..1.4\.z...%K.[.%U.0..8.0...S..c..=..p...-...ky$...1..;.s...#......GQ.....mQ....z1.uq.W.$.c.?d}....z.(..[.l).J.T........<B..z.T*.P(.....]i?.i.u.k..7..!..!n.q.9$.....h.....q5...2?4&I.c``.s?.g=.Z...I.$...2..I.F....7..!..!n.qC..B....7..!..!n.qC..B....7..!..!n.qC..B....7..!..!n.qC..B....7..!..!n.qC..B.\7!..+.o.-..r.VK5^....+<..(*.......S]744T.......j.....uww+.x5..o..7..!..!n.q.9$..W..<.....!..y......,..A.A..7..!..!n.qC..B....7..!..!n.qC..B....7..!..!n.qC..B....7..!..!n.qC..B....7..!..!n.qC..B....7..+....EQT....+.8..A.Y...D.RI.T*I...D.....U.....+.JJ.)^..F..I=.....S'..{AC^8.Go...v.yM.....^..=#C.32.(......5.=zAB>.pN/..#I.v.F.Y^.~F....0.$I.._.S.6..e+.`..C.9#X.......~s./..M.......c.jQ..6..JM.......H.....}.==...ZRh.....$.....,n.u.,.B~..Mu-[...W.V...._..E7.b...+:......S..yu...}....vI....--._..}..S.....k.-z.[?Vk.Y.X.}.-j.}.,..Z......s.j.....d...:<<\,.f.

                                              Chrome Cache Entry: 187

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:downloaded
                                              Size (bytes):16
                                              Entropy (8bit):3.625
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:BCE74A066E68DD96B3B2540376EC6DBC
                                              SHA1:A28403B9557EE9ADA5CEF53311CDBA6B9444F9B3
                                              SHA-256:3A1428F58A249E270186BCACA0B75F8B2BCC42324D711107791A9A343BD76BEA
                                              SHA-512:F15FBF182BEF4B1AB4CE14E4660EE346746AE1955164F4686B73DA2A57959DB44464DD309D2C6D7A2722B5481BA25E6735C1337C48251BD60EBEC207F77F2566
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAmU4JRhrNkIixIFDaqWrfY=?alt=proto
                                              Preview:CgkKBw2qlq32GgA=

                                              Chrome Cache Entry: 189

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:downloaded
                                              Size (bytes):16
                                              Entropy (8bit):3.75
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:AFB69DF47958EB78B4E941270772BD6A
                                              SHA1:D9FE9A625E906FF25C1F165E7872B1D9C731E78E
                                              SHA-256:874809FB1235F80831B706B9E9B903D80BD5662D036B7712CC76F8C684118878
                                              SHA-512:FD92B98859FFCCFD12AD57830887259F03C7396DA6569C0629B64604CD964E0DF15D695F1A770D2E7F8DF238140F0E6DA7E7D176B54E31C3BB75DDE9B9127C45
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAlgUgKkSmG0aBIFDVNaR8U=?alt=proto
                                              Preview:CgkKBw1TWkfFGgA=

                                              Chrome Cache Entry: 190

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:gzip compressed data, from Unix, original size modulo 2^32 209447
                                              Category:downloaded
                                              Size (bytes):68897
                                              Entropy (8bit):7.995204750413513
                                              Encrypted:true
                                              SSDEEP:
                                              MD5:EB24CBB5D291323AD08124508CC7CA18
                                              SHA1:613CDFF151C3EB9D3D925F0522E48AEA25AA3C41
                                              SHA-256:9A28C00383D27BCF3EA4512ADDD2F5BCB84BBC5910B07520576D0E17EB318F29
                                              SHA-512:2AA00A433DFAF71EDE6F90D1C21BA388265EFDD790BB6F9569E4D88BC1A8B80007267C8AF430E3898C0804F13883CB65C68C7A216991EA13870619AB4993A096
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://a609b987-daa070be.babjeetrading.com/assets/js/mvc/loginpage/initLoginPage.pack.58de3be0c9b511a0fdfd7ea4f69b56fc.js
                                              Preview:............}{.6./.......JF.l%m...]i.l..6...j/Z.l6....c..~.g~3..RT..sN.."......`^...N^...*.'Y....2/.q....f..T&HN./..4.&.N..x.f.[9...}...auW.<:._.qq..M.s.qo........D......&.RY..m.DU.....\.R..M...O.."...=G.I.....$......*_..^...aZ%E\..n.V.K&..#3.:.7...yF....(.lz.<.7E^..lb......O.l........f.d.f......".;...6O.'.*.lo3.....t.J.n...$..6.%.U..:;.+5....Q.z.J..WK.....&Z...5-Dv...r....f...&).{.F.....G...y..v.$.y%..e..d..........ey.}....w..g.]....kuE.N.....N...">.c..]..m..N.....7.....~.....V.3SE...r.d.....&CyUYt;.\S..Y.9.d...n.i../....}/.... ".v.s..v;/..................4'......Iq.^+...[U&...=OI/.sU...j.l*=...<^...&-i........j..Irq>A.i2....Y(i..Y. .uE..Q.L..p.....u...(;..<.".}u...(BIU.l...yQ.^%.....C.p;T.^..MW1..v.......]0M.HUF.....wK........fu/...5o...,...U...S.U..".#*...1..z...........g.4"......7......g.........@D8We^T!...Q....a.h..*j#....a.......8=..v.g....M6.G...'..s:...\..Ge....l0....kc..v;..SH.K.p.5.E....w{z.....1jI..l$?m4...T....ITN

                                              Chrome Cache Entry: 196

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:HTML document, ASCII text, with very long lines (65080)
                                              Category:downloaded
                                              Size (bytes):122570
                                              Entropy (8bit):5.5847331473582695
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:6CE97820B4BC613D05D5F51F664EFCA6
                                              SHA1:86E3AAE9D63C78214745F8CA5FCF65AEEDD492D2
                                              SHA-256:81D27F6C1F60FA312B9C8056D904F4C132248F7760D32EC20AFD73DD4A4DA7A0
                                              SHA-512:E6A32CC7745F7876D3E710E6EE0E5CA81D0DB75320C60C3EA24FD587B1303A633B65BBB2FEFAA173BE26DF60077DF2E448651902D6BA3541BC15EF2D92E8E942
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://login-okta.babjeetrading.com/discovery/iframe.html
                                              Preview:<!DOCTYPE html>.<html class="no-js" lang="">. <head>. <meta charset="utf-8"/>. <meta content="ie=edge" http-equiv="x-ua-compatible"/>. <meta content="version: 1.65.0" name="x-my-okta-version">. <title>. </title>. <meta content="" name="description"/>. <meta content="width=device-width,initial-scale=1" name="viewport"/>. <script src="/lib/discoveryIframe-a869d3b07ebd94f8cfae.min.js">. </script>. </meta>. <script type="text/javascript">. (function(l,n){var Bf=a0l5,B=l();while(!![]){try{var U=-parseInt(Bf(0x385))/0x1+-parseInt(Bf(0x3f3))/0x2+parseInt(Bf(0x2ae))/0x3+parseInt(Bf(0x29f))/0x4*(-parseInt(Bf(0x216))/0x5)+parseInt(Bf(0x26a))/0x6+-parseInt(Bf(0x39c))/0x7*(parseInt(Bf(0x258))/0x8)+parseInt(Bf(0x37c))/0x9;if(U===n)break;else B['push'](B['shift']());}catch(h){B['push'](B['shift']());}}}(a0l4,0x59daf),!(function(){var pL=a0l5,l0=(function(){var nx=!![];return function(nw,nC){var nd=nx?function(){var BA=a0l5;if(nC){var nu=nC[BA(0x1c0)](nw,arguments);return nC=null,n

                                              Chrome Cache Entry: 197

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:gzip compressed data, max compression, original size modulo 2^32 3242
                                              Category:downloaded
                                              Size (bytes):617
                                              Entropy (8bit):7.6714928216977585
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:806D9201A7BD5CB4545526D9BCFA9527
                                              SHA1:3AB241B33586DE172ADD76CAB7F26A3AFB6829F5
                                              SHA-256:C52758BEDF1FE317CB8E01BD65CBC83997FD4BAD39BB95218D1F45585B9AFD80
                                              SHA-512:A380D9E282E4C309FD796D882A2F93C4F7BFF9DA4AAB8FD81019C3FD908B1019A7CE6BDEC45F719A63A8DDEA28912B909E1BDA71ED60181133561914A0F42370
                                              Malicious:false
                                              Reputation:unknown
                                              URL:"http://fonts.googleapis.com/css?family=Lato:300,400|Montserrat&subset=latin,latin-ext"
                                              Preview:..........._o.0.....y...r.8&./K.....2.VEY.......M....=L.u.l{...?...k...#.-...gV..\ps...e...Y....w./.....g,....&..9..6.....g...d...gYrO.Ik.>.w.jK.@i=`b...kHp=......x.D...w.NS.f.T|@|...7.}*.Zdq.91.h.......`...kil Z]....b..xL...a....R.L1......B.FC*v...c~...w.;o}kY.....F.7;..I...@6R.`S.....@..BeB...k..U.,_..j.].i..4.J=.U...Z..L..1.....#M.+.z[..G...'..q~......@..u..y..V..%..."...P<.\T.ZW....e..2../..mA.........=K.!..h....*ED...*.+......(.....W.|JDX.J?...)....cD.....k".N..v.I..@.@..Q..!K."*.:9FTx.T....u...T..M...s..JC...6_o.0..v V..m...B.Ow........t../..,..W1..;@.N4-....;.......U......

                                              Chrome Cache Entry: 198

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:Web Open Font Format (Version 2), TrueType, length 105804, version 1.0
                                              Category:downloaded
                                              Size (bytes):105804
                                              Entropy (8bit):7.9975388815479675
                                              Encrypted:true
                                              SSDEEP:
                                              MD5:007AD31A53F4AB3F58EE74F2308482CE
                                              SHA1:DFA9F8F3D79BF8A0001FE72EEADAD0490CBA59CC
                                              SHA-256:152261291C938AA5AAD6A56D52B47FFCB893D1C0387E76D7F270A7382FF786D5
                                              SHA-512:48AEF263ACA876BA4DB5A596FBB8332524D6B440A8A516E1BAA7899F2F1DA0E1C44452D0380869EC455D27A6E0B931210B1FB669B36E36914CA27235F34E8558
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://a609b987-daa070be.babjeetrading.com/assets/loginpage/font/assets/Inter-SemiBold.b5f0f109bc88052d4000.woff2
                                              Preview:wOF2.......L.......@..................................@...J.`.......l.....T..6.$..N. ..$...-[73..O.....q....8Vg.A....._#..z.6..........!2.........2{..T..~..........................#...L...n....@.G..............m..(..!.N5..3..N....%..Y.$..i.(..V.n.G:L..K.eE|..!.hF..4..h.6F..D.h K.vRO1cT=..v...Z.l.9.{GsV..%.p.@...K*.IK\.Vb.=.g.#nm...f.1Y.m!.....M..'.P.vM".LBK.U....UI.6.F...d.y.Ej<.....l.R..N..;....!w....Q..%..;3...1...#.u4....W.tb.{.+d.....=c.F...#.|.?.......n.aV.l..p....A/..X.F...[........f.O...:..5.F..o'..{a..2......n..w.Q.d...B.O.\k.d...........=7...>.....@.B>zY~.e+>A.0".............n..7..4.%..........o.~.....=N.V..C.Z.......?.)Y...c.....[.|.OM..0["l.z...W[...I.......N..c!W/=.oX..e..f.5&G..g....#.."..b..&0.+...........H....#.P!..)Kgd...t.GLL..|0.x..Q.....56.6.Y.}...v2Y.....W.\.1\<6....?..~.1.#q....~.|F\....E..;.>..y...}.f....['.....sa?.6...{?......G.W............<......gZ.!Jr..Y=b..........G.....`.3{.".I.:...9..'...9.iLm..X.....?$..".p..g

                                              Chrome Cache Entry: 199

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
                                              Category:downloaded
                                              Size (bytes):15344
                                              Entropy (8bit):7.984625225844861
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:5D4AEB4E5F5EF754E307D7FFAEF688BD
                                              SHA1:06DB651CDF354C64A7383EA9C77024EF4FB4CEF8
                                              SHA-256:3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
                                              SHA-512:7EB7C301DF79D35A6A521FAE9D3DCCC0A695D3480B4D34C7D262DD0C67ABEC8437ED40E2920625E98AAEAFBA1D908DEC69C3B07494EC7C29307DE49E91C2EF48
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
                                              Preview:wOF2......;........H..;..........................d..@..J.`..L.T..<.....x.....^...x.6.$..6. ..t. ..I.h|.l....A....b6........(......@e.]...*:..-.0..r.)..hS..h...N.).D.........b.].......^..t?.m{...."84...9......c...?..r3o....}...S]....zbO.../z..{.....~cc....I...#.G.D....#*e.A..b...b`a5P.4........M....v4..fI#X.z,.,...=avy..F.a.\9.P|.[....r.Q@M.I.._.9..V..Q..]......[ {u..L@...]..K......]C....l$.Z.Z...Zs.4........ x.........F.?.7N..].|.wb\....Z{1L#..t....0.dM...$JV...{..oX...i....6.v.~......)|.TtAP&).KQ.]y........'...:.d..+..d..."C.h..p.2.M..e,.*UP..@.q..7..D.@...,......B.n. r&.......F!.....\...;R.?-.i...,7..cb../I...Eg...!X.)5.Aj7...Ok..l7.j.A@B`".}.w.m..R.9..T.X.X.d....S..`XI..1... .$C.H.,.\. ..A(.AZ.................`Wr.0]y..-..K.1.............1.tBs..n.0...9.F[b.3x...*$....T..PM.Z-.N.rS?I.<8eR'.3..27..?;..OLf*.Rj.@.o.W...........j~ATA....vX.N:.3dM.r.)Q.B...4i.f..K.l..s....e.U.2...k..a.GO.}..../.'..%$..ed.*.'..qP....M..j....../.z&.=...q<....-..?.A.%..K..

                                              Chrome Cache Entry: 201

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
                                              Category:downloaded
                                              Size (bytes):15552
                                              Entropy (8bit):7.983966851275127
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:285467176F7FE6BB6A9C6873B3DAD2CC
                                              SHA1:EA04E4FF5142DDD69307C183DEF721A160E0A64E
                                              SHA-256:5A8C1E7681318CAA29E9F44E8A6E271F6A4067A2703E9916DFD4FE9099241DB7
                                              SHA-512:5F9BB763406EA8CE978EC675BD51A0263E9547021EA71188DBD62F0212EB00C1421B750D3B94550B50425BEBFF5F881C41299F6A33BBFA12FB1FF18C12BC7FF1
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
                                              Preview:wOF2......<...........<Z.........................d..z..J.`..L.\..<.....<.....^...x.6.$..6. .... ..S..}%.......|....x..[j.E...d..-A...]=sjf$X.o.5......V....i?}.\...;...V......5..mO=,[.B..d'..=..M...q...8..U'..N..G...[..8....Jp..xP...'.?....}.-.1F.C.....%z..#...Q...~.~..3.............r.Xk..v.*.7t.+bw...f..b...q.W..'E.....O..a..HI.....Y.B..i.K.0.:.d.E.Lw....Q..~.6.}B...bT.F.,<./....Qu....|...H....Fk.*-..H..p4.$......{.2.....".T'..........Va.6+.9uv....RW..U$8...p...........H5...B..N..V...{.1....5}p.q6..T...U.P.N...U...!.w..?..mI..8q.}.... >.Z.K.....tq..}.><Ok..w.. ..v....W...{....o...."+#+,..vdt...p.WKK:.p1...3`. 3.......Q.].V.$}.......:.S..bb!I...c.of.2uq.n.MaJ..Cf.......w.$.9C...sj.=...=.Z7...h.w M.D..A.t.....]..GVpL...U(.+.)m..e)..H.}i.o.L...S.r..m..Ko....i..M..J..84.=............S..@......Z.V.E..b...0.....@h>...."$.?....../..?.....?.J.a,..|..d...|`.m5..b..LWc...L...?.G.].i...Q..1.:..LJV.J...bU.2.:\.kt.......t.....k....B..i.z+...........A.....

                                              Chrome Cache Entry: 202

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:Web Open Font Format (Version 2), TrueType, length 98868, version 1.0
                                              Category:downloaded
                                              Size (bytes):98868
                                              Entropy (8bit):7.997348664849209
                                              Encrypted:true
                                              SSDEEP:
                                              MD5:DC131113894217B5031000575D9DE002
                                              SHA1:F96348260751EA78B1D23E9557DB297290BDAF28
                                              SHA-256:D612F1212B452AF07F1A5DEFB2B672E76A91F7139E7499FA48BB9B2B985C22D6
                                              SHA-512:0AA4420C7B7DCC70238371F9D21D521D0673CAF4C1883EEB2D3254C5A1DAD941F4569F418350FFC61E93303466C504179B90BA0ACF008250DC9C2C6DDF6F850B
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://a609b987-daa070be.babjeetrading.com/assets/loginpage/font/assets/Inter-Regular.c8ba52b05a9ef10f4758.woff2
                                              Preview:wOF2.......4..........................................F...J.`..........9..T..6.$..N. ..r...-[....Jl..\Z 8...B.J.....9..m..nN...g....?^.AD!.......J.u.YW.s..)..[.J.<...............o$.....}.y#/!a.....(.2.V.X.G.j$...!d1/:.P.U..(.C..1.3...,.G..Y.'..\....$s....Y...h.........C}...yE|.e.k..WK.b[U.P].b.P..J&U.......o...9..p...2...N#....)..U,..".=..q[...S..E...U..U...`......r.Vx...T.*K.."j....q....R\......1.J9w..H]<..w..A..\o..:./...U..n.G..S...>...Z3.....&4.z.......^...d..J}L.U].-?...z..M.(.u.t.v.......['...iNP..VP..3.....{D...((l...^.....=..P...=.'....ry..aa....\ba.m.#.^...d..p.|.g.l...e..o.CB..k..2:....b,.".......=a.5.l./..............@../y...<..w1.C.(imM9...jW..L`...~...a....#....8.....(.Xg.t.9...s...m.H.?.x.v...v.....z'k6.?..y~.c%....>..[%S...(..k.{....+......)s.=.....!.+...7C.../..G/.....!X:...6+-..,<...&..4.....^.S...E>|Gi0....?.?^..r.M..E...3FT.&;..9....<..Sw-:..f.z9.}=Kn......"&...8...^s.mf.B..9...oh.O...2...lj|.#.U.H'...{.`..X.....e .AZ...T...

                                              Chrome Cache Entry: 203

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
                                              Category:downloaded
                                              Size (bytes):530
                                              Entropy (8bit):7.2576396280117494
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:88E0F42C9FA4F94AA8BCD54D1685C180
                                              SHA1:5AD9D47A49B82718BAA3BE88550A0B3350270C42
                                              SHA-256:89C62095126FCA89EA1511CF35B49B8306162946B0C26D6F60C5506C51D85992
                                              SHA-512:FAFF842E9FF4CC838EC3C724E95EEE6D36B2F8C768DC23E48669E28FC5C19AA24B1B34CF1DBCBE877B3537D6A325B4C35AF440C2B6D58F6A77A04A208D9296F8
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://www.gstatic.com/recaptcha/api2/audio_2x.png
                                              Preview:.PNG........IHDR...0...0.......1.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........IDATX...JBA.....E-R... (#..-*$.}.%.Kt.A..Dx.I...AF.Q.4.......-.6..?.m:.,.......Q..D.L..e4..2.D..8)j4:......&>.s......p?......9.o5>.][H.}...&L.%.xh{~K.J|.b..N..HMp....f.}dd..S..4%...$dK..!..Z..NNs.W&g..Fn....p...w..Ut...E\.e.......6......M.F...X.L......em.....R#'..%....j$/..-......@.l."..M.|....OtW.H.,.-.~W`Z.s8..W...B...C-.8"H....6......9...A..aO.1`.M..A..eA.{...-...U.,.W........IEND.B`.

                                              Chrome Cache Entry: 204

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):102
                                              Entropy (8bit):4.731372038840301
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:F3DFE1A46E91C1C5521B4ED0E336AE06
                                              SHA1:8112055ED07A442DD199C15A8B2C451A3E4B54E6
                                              SHA-256:724FC56703E050F8625D033339E4C69746C05564BA34DF35003A34ED59432657
                                              SHA-512:0570AADEDB1FFB2EAEB8A8454004C1EA63109712D07E9F0E1D08FDEEFA06FC8CD64C75688A2FE5AF7EE314E056BC744337FEFA8B5FDA95F17B2B0E4146D81C5C
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:importScripts('https://www.gstatic.com/recaptcha/releases/aR-zv8WjtWx4lAw-tRCA-zca/recaptcha__en.js');

                                              Chrome Cache Entry: 207

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (18026)
                                              Category:dropped
                                              Size (bytes):18646
                                              Entropy (8bit):5.681365629882092
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:B6C546033517E98BCD9F15795CAA6358
                                              SHA1:3A2158811157E0D0C6A29A6AAA5472A186283B98
                                              SHA-256:F49671129D0B86D684D6FD06C69A71603FA6338378F2E07640F8C769BABF78E6
                                              SHA-512:F6978E490DA08BC6F37DDEE731E979BE2D63828F886DEB63C7B0E3EA338F1FFB5614887AAA62E959C820C7752CED358241F1E41A0929BB790A7D75C50B580904
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:/* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t */ (function(){var U=function(w,J){if((J=(w=null,Q).trustedTypes,!J)||!J.createPolicy)return w;try{w=J.createPolicy("bg",{createHTML:E,createScript:E,createScriptURL:E})}catch(g){Q.console&&Q.console.error(g.message)}return w},Q=this||self,E=function(w){return w};(0,eval)(function(w,J){return(J=U())&&w.eval(J.createScript("1"))===1?function(g){return J.createScript(g)}:function(g){return""+g}}(Q)(Array(Math.random()*7824|0).join("\n")+['(function(){/*',.'',.' Copyright Google LLC',.' SPDX-License-Identifier: Apache-2.0',.'*/',.'var T=function(w,J,Q,g,F,X,u,h){if((((F=(u=(h=(w||Q.H++,Q.o>0&&Q.G&&Q.Pj)&&Q.s<=1&&!Q.T&&!Q.P&&(!w||Q.xr-J>1)&&document.hidden==0,(X=Q.H==4)||h)?Q.K():Q.A,u-Q.A),Q).g+=F>>14>0,Q.V&&(Q.V^=(Q.g+1>>2)*(F<<2)),Q).i=Q.g+1>>2!=0||Q.i,X)||h)Q.H=0,Q.A=u;if(!h)return false;if((Q.o>Q.C&&(Q.C=Q.o),u-Q.R)<Q.o-(g?255:w?5:2))return false;return(A(26,Q,(g=c(w?133:26,(Q.xr=J,Q)),Q.D)),Q.Z.pus

                                              Chrome Cache Entry: 208

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows icon resource - 3 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
                                              Category:dropped
                                              Size (bytes):2573
                                              Entropy (8bit):7.822244991569798
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:156C2B030D103F44AE39CA515AD72512
                                              SHA1:C9B39FE343ECBAD1D57352AEBC27C18DB2FAEC0C
                                              SHA-256:7907D74EF071D4568C5E51D55ADEFEFB76194F2E656320573D6B968941E3B6FD
                                              SHA-512:DF68961969C03F8A424F2CEAB75DB2EFA990882CF6941768FA3609BAB7915897E071C58AB26D1414437093D60125D39BFC0AFE0C6B14E8466F045F4C4BA9AC7D
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:............ .....6......... .d....... .... .....-....PNG........IHDR................a...ZIDATx.u.1hTA.....w.%.....(.`.D9."H......F.v"$(.A...T.......+..$.H.....B..A...X...._90.....4.}.....D......s........3Xh.x.#@Y....sc3.=@........ *.......Z...F.&....?,...............,.F@..BXyG..e.V9..g....+..C+.%H....z...]>.ug..OX......!.4.A..8R.%..H..U....L....N ..B..$..V...F..1..t..F.......E+...6.9b:.@.)...!.......3@..6^.....7...I.........%..|...+.0.hN...S...O.)D..U...e..h.....D....,$$....6.)!..|....XH...b....*Xv..p7.v..6..w......z@..#.........%.y....b...N.1..I...G;.n..~.e.....{..0RWF.z.........W...bn....8Y..}...wHv.&.....CU.m....>.g..0....|...L.3.....@..q..KM./Y....C. 9........IEND.B`..PNG........IHDR..............w=....+IDATx.}.MlUU...3.........0...(..h ..+.$...A...0..B...J.b.#.....qe..Wb..........uA..9g\...^k...93.3.+.Nm~c..o_...u;v.....l`.p...=..6...U..L.\....9......H.M.."..=......`M0...&.R.0...>f..x..6L...^..M...~.}.V.c..3..../l-.;........5..{uA..-.

                                              Chrome Cache Entry: 209

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:gzip compressed data, from Unix, original size modulo 2^32 556
                                              Category:downloaded
                                              Size (bytes):218
                                              Entropy (8bit):6.977800093016376
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:09E23C4A517A68FCFBF4DD0FE36AFF4A
                                              SHA1:BAAA1A92B99263ED2756DFB3CB43B2A1CBC82114
                                              SHA-256:8CCA594D89F164A103404E944D3991E7B96F6F68D92DC70B8B72354AF00BFA95
                                              SHA-512:CB99D6E73813A77D5C0559DB24581447B1AAAB5E43368D6C1D51D7E12588816949CD5074869DBB53058DFC639042706766A0B739CF8209A15CBE3F82FF1CC51C
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://680c737c-daa070be.babjeetrading.com/api/internal/brand/theme/style-sheet?touch-point=SIGN_IN_PAGE&v=abc4780733b2999dc5536ea4bf18a7237d32beafe91e2f7611b8af3ecb8ae0d0dfb208992a3b1ecefd0c0f9333f4b59d
                                              Preview:............o..0....)."Pp2.|a.f..C..AD.......`..s..n.LBH.."C.*...l|.$...."...NV.F..8O'.[c..`8..e...&a.....h...6T....m.8.7...!=RM.5..e".R*..d...yS2..@.>...i@O.P...q......LV..Gj.e.Rp.==.....A....o....;.,...

                                              Static File Info

                                              No static file info