Loading ...

Play interactive tourEdit tour

Analysis Report https://txdot.app.box.com/link/?lp=lQ61Q237vy2VvvgyVMEeRFamK8wxg_2-5l4FdzXrNRDCh_7uOGlZ9s0hng0u5xmNqPZ_HfXxL8bH7mSz0x0u4eblZ1b_2mj-y2Jk5gwZwLtmPN8Pleg1lKSbDxHXPqUmlsYxUFdck9Pdbqi14qap_-KU3bCbKqUNrDkOhf4idKH_9R8XbdQ-5gJJVflKmpCKRd0Bevwe2FM8u1XNC-9_oqqVjNA2zQqdFLUnpKB40w4trkD6QqRKtPTpGX9R6JmvMCrW4c9XS8VwMDTbo0gCe3mLZjNsWxXaCSG27iZiCKpStbEf7arghebxNupHSXZdWUiFhwd6EEjq8mXKBJuddJ9-KdKRTzRe-HZ2y52XucNFcBt4K7FAhGMISZAYfL_AMQiDmAkK_EA5UupXIL7zRfDKQOR7Ha-l3rtw&a=click&tt=PrivacyPolicy&ru=lV4a_R14RHQwPqGjgywQzx00qIpHfa-apLV_AEgHdLYJye9IojlFbifD9r73NYqK1tJKDfKp9rzvW8B6OnBp8Sw-Z2RzJssPdynqKx6GWK-j6RWfJ_gFH9us7AFKd8kqjntgpt91S7qOS9ejZrrY5kMqKbYFxssWows.

Overview

General Information

Sample URL:https://txdot.app.box.com/link/?lp=lQ61Q237vy2VvvgyVMEeRFamK8wxg_2-5l4FdzXrNRDCh_7uOGlZ9s0hng0u5xmNqPZ_HfXxL8bH7mSz0x0u4eblZ1b_2mj-y2Jk5gwZwLtmPN8Pleg1lKSbDxHXPqUmlsYxUFdck9Pdbqi14qap_-KU3bCbKqUNrDkOhf4idKH_9R8XbdQ-5gJJVflKmpCKRd0Bevwe2FM8u1XNC-9_oqqVjNA2zQqdFLUnpKB40w4trkD6QqRKtPTpGX9R6JmvMCrW4c9XS8VwMDTbo0gCe3mLZjNsWxXaCSG27iZiCKpStbEf7arghebxNupHSXZdWUiFhwd6EEjq8mXKBJuddJ9-KdKRTzRe-HZ2y52XucNFcBt4K7FAhGMISZAYfL_AMQiDmAkK_EA5UupXIL7zRfDKQOR7Ha-l3rtw&a=click&tt=PrivacyPolicy&ru=lV4a_R14RHQwPqGjgywQzx00qIpHfa-apLV_AEgHdLYJye9IojlFbifD9r73NYqK1tJKDfKp9rzvW8B6OnBp8Sw-Z2RzJssPdynqKx6GWK-j6RWfJ_gFH9us7AFKd8kqjntgpt91S7qOS9ejZrrY5kMqKbYFxssWows.

Most interesting Screenshot:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Queries the volume information (name, serial number etc) of a device

Classification

Startup

  • System is w10x64
  • cmd.exe (PID: 2940 cmdline: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://txdot.app.box.com/link/?lp=lQ61Q237vy2VvvgyVMEeRFamK8wxg_2-5l4FdzXrNRDCh_7uOGlZ9s0hng0u5xmNqPZ_HfXxL8bH7mSz0x0u4eblZ1b_2mj-y2Jk5gwZwLtmPN8Pleg1lKSbDxHXPqUmlsYxUFdck9Pdbqi14qap_-KU3bCbKqUNrDkOhf4idKH_9R8XbdQ-5gJJVflKmpCKRd0Bevwe2FM8u1XNC-9_oqqVjNA2zQqdFLUnpKB40w4trkD6QqRKtPTpGX9R6JmvMCrW4c9XS8VwMDTbo0gCe3mLZjNsWxXaCSG27iZiCKpStbEf7arghebxNupHSXZdWUiFhwd6EEjq8mXKBJuddJ9-KdKRTzRe-HZ2y52XucNFcBt4K7FAhGMISZAYfL_AMQiDmAkK_EA5UupXIL7zRfDKQOR7Ha-l3rtw&a=click&tt=PrivacyPolicy&ru=lV4a_R14RHQwPqGjgywQzx00qIpHfa-apLV_AEgHdLYJye9IojlFbifD9r73NYqK1tJKDfKp9rzvW8B6OnBp8Sw-Z2RzJssPdynqKx6GWK-j6RWfJ_gFH9us7AFKd8kqjntgpt91S7qOS9ejZrrY5kMqKbYFxssWows.' > cmdline.out 2>&1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
    • conhost.exe (PID: 4492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • wget.exe (PID: 4000 cmdline: wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://txdot.app.box.com/link/?lp=lQ61Q237vy2VvvgyVMEeRFamK8wxg_2-5l4FdzXrNRDCh_7uOGlZ9s0hng0u5xmNqPZ_HfXxL8bH7mSz0x0u4eblZ1b_2mj-y2Jk5gwZwLtmPN8Pleg1lKSbDxHXPqUmlsYxUFdck9Pdbqi14qap_-KU3bCbKqUNrDkOhf4idKH_9R8XbdQ-5gJJVflKmpCKRd0Bevwe2FM8u1XNC-9_oqqVjNA2zQqdFLUnpKB40w4trkD6QqRKtPTpGX9R6JmvMCrW4c9XS8VwMDTbo0gCe3mLZjNsWxXaCSG27iZiCKpStbEf7arghebxNupHSXZdWUiFhwd6EEjq8mXKBJuddJ9-KdKRTzRe-HZ2y52XucNFcBt4K7FAhGMISZAYfL_AMQiDmAkK_EA5UupXIL7zRfDKQOR7Ha-l3rtw&a=click&tt=PrivacyPolicy&ru=lV4a_R14RHQwPqGjgywQzx00qIpHfa-apLV_AEgHdLYJye9IojlFbifD9r73NYqK1tJKDfKp9rzvW8B6OnBp8Sw-Z2RzJssPdynqKx6GWK-j6RWfJ_gFH9us7AFKd8kqjntgpt91S7qOS9ejZrrY5kMqKbYFxssWows.' MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)
  • iexplore.exe (PID: 2596 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' C:\Users\user\Desktop\download\index.html.svg MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 4852 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2596 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

Source: msapplication.xml0.4.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x924d0e14,0x01d630d1</date><accdate>0x924d0e14,0x01d630d1</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.4.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x924d0e14,0x01d630d1</date><accdate>0x924d0e14,0x01d630d1</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.4.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x92520b54,0x01d630d1</date><accdate>0x92520b54,0x01d630d1</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.4.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x92520b54,0x01d630d1</date><accdate>0x92546dd2,0x01d630d1</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.4.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x9256e325,0x01d630d1</date><accdate>0x9256e325,0x01d630d1</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.4.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x9256e325,0x01d630d1</date><accdate>0x9256e325,0x01d630d1</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: index.html.2.drString found in binary or memory: <meta property="article:publisher" content="https://www.facebook.com/Box" /> equals www.facebook.com (Facebook)
Source: unknownDNS traffic detected: queries for: txdot.app.box.com
Source: index.html.2.drString found in binary or memory: http://jscs.info/
Source: index.html.2.drString found in binary or memory: http://kevin.vanzonneveld.net)
Source: index.html.2.drString found in binary or memory: http://optout.aboutads.info/
Source: index.html.2.drString found in binary or memory: http://optout.networkadvertising.org/
Source: index.html.2.drString found in binary or memory: http://phpjs.org/functions/uniqid/
Source: msapplication.xml.4.drString found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.4.drString found in binary or memory: http://www.google.com/
Source: msapplication.xml2.4.drString found in binary or memory: http://www.live.com/
Source: msapplication.xml3.4.drString found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.4.drString found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.4.drString found in binary or memory: http://www.twitter.com/
Source: index.html.2.drString found in binary or memory: http://www.webfaktory.info/)
Source: msapplication.xml6.4.drString found in binary or memory: http://www.wikipedia.com/
Source: index.html.2.drString found in binary or memory: http://www.youronlinechoices.eu
Source: msapplication.xml7.4.drString found in binary or memory: http://www.youtube.com/
Source: index.html.2.drString found in binary or memory: https://boxinc.tt.omtrdc.net
Source: index.html.2.drString found in binary or memory: https://cdn03.boxcdn.net/sites/default/files/box_default_og_sharing_image/box-social.jpg
Source: index.html.2.drString found in binary or memory: https://cloud.box.com/s/ldswd06ipuy1otcyvkuoke6fs1nzzv89
Source: index.html.2.drString found in binary or memory: https://community.box.com/t5/Box-Community/ct-p/English
Source: index.html.2.drString found in binary or memory: https://feedback-form.truste.com/watchdog/request
Source: index.html.2.drString found in binary or memory: https://fonts.googleapis.com/css?family=Lato:400
Source: index.html.2.drString found in binary or memory: https://fonts.gstatic.com
Source: index.html.2.drString found in binary or memory: https://github.com/void--/googlefonts-font-display-helper/blob/master/src/script.js
Source: cmdline.out.2.drString found in binary or memory: https://txdot.app.box.com/legal_text/privacy_policy
Source: wget.exe, 00000002.00000002.801551140.0000000000B20000.00000004.00000020.sdmp, cmdline.out.2.drString found in binary or memory: https://txdot.app.box.com/link/?lp=lQ61Q237vy2VvvgyVMEeRFamK8wxg_2-5l4FdzXrNRDCh_7uOGlZ9s0hng0u5xmNq
Source: index.html.2.drString found in binary or memory: https://www.box.com/de-de/legal/privacypolicy
Source: index.html.2.drString found in binary or memory: https://www.box.com/en-au/legal/privacypolicy
Source: index.html.2.drString found in binary or memory: https://www.box.com/en-ca/legal/privacypolicy
Source: index.html.2.drString found in binary or memory: https://www.box.com/en-gb/legal/privacypolicy
Source: index.html.2.drString found in binary or memory: https://www.box.com/en-in/legal/privacypolicy
Source: index.html.2.drString found in binary or memory: https://www.box.com/en-nl/legal/privacypolicy
Source: index.html.2.drString found in binary or memory: https://www.box.com/en-se/legal/privacypolicy
Source: index.html.2.drString found in binary or memory: https://www.box.com/es-419/legal/privacypolicy
Source: index.html.2.drString found in binary or memory: https://www.box.com/fr-fr/legal/privacypolicy
Source: index.html.2.drString found in binary or memory: https://www.box.com/it-it/legal/privacypolicy
Source: index.html.2.drString found in binary or memory: https://www.box.com/ja-jp/legal/privacypolicy
Source: index.html.2.drString found in binary or memory: https://www.box.com/ko-kr/legal/privacypolicy
Source: index.html.2.drString found in binary or memory: https://www.box.com/legal/privacypolicy
Source: cmdline.out.2.drString found in binary or memory: https://www.box.com/legal/privacypolicy/
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747

Source: classification engineClassification label: clean0.win@7/18@2/2
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\Desktop\cmdline.outJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4492:120:WilError_01
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DF01AF7180394F17BC.TMPJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\SysWOW64\wget.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\SysWOW64\wget.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\wget.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://txdot.app.box.com/link/?lp=lQ61Q237vy2VvvgyVMEeRFamK8wxg_2-5l4FdzXrNRDCh_7uOGlZ9s0hng0u5xmNqPZ_HfXxL8bH7mSz0x0u4eblZ1b_2mj-y2Jk5gwZwLtmPN8Pleg1lKSbDxHXPqUmlsYxUFdck9Pdbqi14qap_-KU3bCbKqUNrDkOhf4idKH_9R8XbdQ-5gJJVflKmpCKRd0Bevwe2FM8u1XNC-9_oqqVjNA2zQqdFLUnpKB40w4trkD6QqRKtPTpGX9R6JmvMCrW4c9XS8VwMDTbo0gCe3mLZjNsWxXaCSG27iZiCKpStbEf7arghebxNupHSXZdWUiFhwd6EEjq8mXKBJuddJ9-KdKRTzRe-HZ2y52XucNFcBt4K7FAhGMISZAYfL_AMQiDmAkK_EA5UupXIL7zRfDKQOR7Ha-l3rtw&a=click&tt=PrivacyPolicy&ru=lV4a_R14RHQwPqGjgywQzx00qIpHfa-apLV_AEgHdLYJye9IojlFbifD9r73NYqK1tJKDfKp9rzvW8B6OnBp8Sw-Z2RzJssPdynqKx6GWK-j6RWfJ_gFH9us7AFKd8kqjntgpt91S7qOS9ejZrrY5kMqKbYFxssWows.' > cmdline.out 2>&1
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://txdot.app.box.com/link/?lp=lQ61Q237vy2VvvgyVMEeRFamK8wxg_2-5l4FdzXrNRDCh_7uOGlZ9s0hng0u5xmNqPZ_HfXxL8bH7mSz0x0u4eblZ1b_2mj-y2Jk5gwZwLtmPN8Pleg1lKSbDxHXPqUmlsYxUFdck9Pdbqi14qap_-KU3bCbKqUNrDkOhf4idKH_9R8XbdQ-5gJJVflKmpCKRd0Bevwe2FM8u1XNC-9_oqqVjNA2zQqdFLUnpKB40w4trkD6QqRKtPTpGX9R6JmvMCrW4c9XS8VwMDTbo0gCe3mLZjNsWxXaCSG27iZiCKpStbEf7arghebxNupHSXZdWUiFhwd6EEjq8mXKBJuddJ9-KdKRTzRe-HZ2y52XucNFcBt4K7FAhGMISZAYfL_AMQiDmAkK_EA5UupXIL7zRfDKQOR7Ha-l3rtw&a=click&tt=PrivacyPolicy&ru=lV4a_R14RHQwPqGjgywQzx00qIpHfa-apLV_AEgHdLYJye9IojlFbifD9r73NYqK1tJKDfKp9rzvW8B6OnBp8Sw-Z2RzJssPdynqKx6GWK-j6RWfJ_gFH9us7AFKd8kqjntgpt91S7qOS9ejZrrY5kMqKbYFxssWows.'
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' C:\Users\user\Desktop\download\index.html.svg
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2596 CREDAT:17410 /prefetch:2
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://txdot.app.box.com/link/?lp=lQ61Q237vy2VvvgyVMEeRFamK8wxg_2-5l4FdzXrNRDCh_7uOGlZ9s0hng0u5xmNqPZ_HfXxL8bH7mSz0x0u4eblZ1b_2mj-y2Jk5gwZwLtmPN8Pleg1lKSbDxHXPqUmlsYxUFdck9Pdbqi14qap_-KU3bCbKqUNrDkOhf4idKH_9R8XbdQ-5gJJVflKmpCKRd0Bevwe2FM8u1XNC-9_oqqVjNA2zQqdFLUnpKB40w4trkD6QqRKtPTpGX9R6JmvMCrW4c9XS8VwMDTbo0gCe3mLZjNsWxXaCSG27iZiCKpStbEf7arghebxNupHSXZdWUiFhwd6EEjq8mXKBJuddJ9-KdKRTzRe-HZ2y52XucNFcBt4K7FAhGMISZAYfL_AMQiDmAkK_EA5UupXIL7zRfDKQOR7Ha-l3rtw&a=click&tt=PrivacyPolicy&ru=lV4a_R14RHQwPqGjgywQzx00qIpHfa-apLV_AEgHdLYJye9IojlFbifD9r73NYqK1tJKDfKp9rzvW8B6OnBp8Sw-Z2RzJssPdynqKx6GWK-j6RWfJ_gFH9us7AFKd8kqjntgpt91S7qOS9ejZrrY5kMqKbYFxssWows.' Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2596 CREDAT:17410 /prefetch:2Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_171\bin\msvcr100.dllJump to behavior

Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Source: C:\Windows\SysWOW64\wget.exeQueries volume information: C:\Users\user\Desktop\download VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\wget.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsGraphical User Interface1Winlogon Helper DLLProcess Injection1Masquerading1Credential DumpingFile and Directory Discovery1Application Deployment SoftwareData from Local SystemData CompressedStandard Cryptographic Protocol2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Replication Through Removable MediaService ExecutionPort MonitorsAccessibility FeaturesProcess Injection1Network SniffingSystem Information Discovery12Remote ServicesData from Removable MediaExfiltration Over Other Network MediumStandard Non-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
External Remote ServicesWindows Management InstrumentationAccessibility FeaturesPath InterceptionRootkitInput CaptureRemote System Discovery1Windows Remote ManagementData from Network Shared DriveAutomated ExfiltrationStandard Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 232569 URL: https://txdot.app.box.com/l... Startdate: 23/05/2020 Architecture: WINDOWS Score: 0 5 cmd.exe 2 2->5         started        7 iexplore.exe 3 89 2->7         started        process3 9 wget.exe 3 5->9         started        12 conhost.exe 5->12         started        14 iexplore.exe 21 7->14         started        dnsIp4 16 www.box.com 185.235.236.197, 443, 49748 unknown Germany 9->16 18 txdot.app.box.com 185.235.236.199, 443, 49747 unknown Germany 9->18

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.