Loading ...

Play interactive tourEdit tour

Analysis Report https://app.box.com/file/730509959219?s=cqmn5b65sczgarg174p5um6rbd3vnodg

Overview

General Information

Sample URL:https://app.box.com/file/730509959219?s=cqmn5b65sczgarg174p5um6rbd3vnodg
Analysis ID:298997

Most interesting Screenshot:

Detection

HTMLPhisher
Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Yara detected HtmlPhish_10
Phishing site detected (based on image similarity)
HTML title does not match URL

Classification

Startup

  • System is w10x64
  • iexplore.exe (PID: 6820 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 6868 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6820 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • iexplore.exe (PID: 6636 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6820 CREDAT:17418 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\kzv6h8omy5hb61viiapbz80x[1].htmJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

    Sigma Overview

    No Sigma rule has matched

    Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Antivirus detection for URL or domainShow sources
    Source: https://da16ec2ff40a4c4ba3ca237e327ff017.svc.dynamics.com/t/r/TybQ7GAbaOvORHkAY1u60nu0n0tsPF3lSpJseuQ35NcSlashNext: Label: Fake Login Page type: Phishing & Social Engineering
    Source: https://da16ec2ff40a4c4ba3ca237e327ff017.svc.dynamics.com/t/r/TybQ7GAbaOvORHkAY1u60nu0n0tsPF3lSpJseuQ35NcUrlScan: Label: phishing brand: sharepoint microsoftPerma Link

    Phishing:

    barindex
    Yara detected HtmlPhish_10Show sources
    Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\kzv6h8omy5hb61viiapbz80x[1].htm, type: DROPPED
    Phishing site detected (based on image similarity)Show sources
    Source: https://tedsgn.ml/eevps/img/logo.pngMatcher: Found strong image similarity, brand: MicrosoftJump to dropped file
    Source: https://account.box.com/login?redirect_url=https%3A%2F%2Fapp.box.com%2Fs%2Fcqmn5b65sczgarg174p5um6rbd3vnodgHTTP Parser: Title: Box | Login does not match URL
    Source: https://account.box.com/login?redirect_url=https%3A%2F%2Fapp.box.com%2Fs%2Fcqmn5b65sczgarg174p5um6rbd3vnodgHTTP Parser: Title: Box | Login does not match URL
    Source: https://account.box.com/api/oauth2/authorize?response_type=code&client_id=zk9jjoicv7uhmiso37as3ychbzqtkrog&redirect_uri=https%3A%2F%2Fa.box.com%2Fauthorize&state=wORJowtm6mBEyXlowagLof3Ao1l1e1xSR9mXrEXLFaI%3D&box_app_banner_url=boxopendirect%3A%2F%2Ffolder%3Fid%3D0HTTP Parser: Title: Customer Log In does not match URL
    Source: https://account.box.com/api/oauth2/authorize?response_type=code&client_id=zk9jjoicv7uhmiso37as3ychbzqtkrog&redirect_uri=https%3A%2F%2Fa.box.com%2Fauthorize&state=wORJowtm6mBEyXlowagLof3Ao1l1e1xSR9mXrEXLFaI%3D&box_app_banner_url=boxopendirect%3A%2F%2Ffolder%3Fid%3D0HTTP Parser: Title: Customer Log In does not match URL
    Source: https://account.box.com/loginHTTP Parser: Title: Box | Login does not match URL
    Source: https://account.box.com/loginHTTP Parser: Title: Box | Login does not match URL
    Source: https://account.box.com/login?redirect_url=https%3A%2F%2Fapp.box.com%2Fs%2Fcqmn5b65sczgarg174p5um6rbd3vnodgHTTP Parser: No <meta name="author".. found
    Source: https://account.box.com/login?redirect_url=https%3A%2F%2Fapp.box.com%2Fs%2Fcqmn5b65sczgarg174p5um6rbd3vnodgHTTP Parser: No <meta name="author".. found
    Source: https://account.box.com/api/oauth2/authorize?response_type=code&client_id=zk9jjoicv7uhmiso37as3ychbzqtkrog&redirect_uri=https%3A%2F%2Fa.box.com%2Fauthorize&state=wORJowtm6mBEyXlowagLof3Ao1l1e1xSR9mXrEXLFaI%3D&box_app_banner_url=boxopendirect%3A%2F%2Ffolder%3Fid%3D0HTTP Parser: No <meta name="author".. found
    Source: https://account.box.com/api/oauth2/authorize?response_type=code&client_id=zk9jjoicv7uhmiso37as3ychbzqtkrog&redirect_uri=https%3A%2F%2Fa.box.com%2Fauthorize&state=wORJowtm6mBEyXlowagLof3Ao1l1e1xSR9mXrEXLFaI%3D&box_app_banner_url=boxopendirect%3A%2F%2Ffolder%3Fid%3D0HTTP Parser: No <meta name="author".. found
    Source: https://account.box.com/loginHTTP Parser: No <meta name="author".. found
    Source: https://account.box.com/loginHTTP Parser: No <meta name="author".. found
    Source: https://account.box.com/login?redirect_url=https%3A%2F%2Fapp.box.com%2Fs%2Fcqmn5b65sczgarg174p5um6rbd3vnodgHTTP Parser: No <meta name="copyright".. found
    Source: https://account.box.com/login?redirect_url=https%3A%2F%2Fapp.box.com%2Fs%2Fcqmn5b65sczgarg174p5um6rbd3vnodgHTTP Parser: No <meta name="copyright".. found
    Source: https://account.box.com/api/oauth2/authorize?response_type=code&client_id=zk9jjoicv7uhmiso37as3ychbzqtkrog&redirect_uri=https%3A%2F%2Fa.box.com%2Fauthorize&state=wORJowtm6mBEyXlowagLof3Ao1l1e1xSR9mXrEXLFaI%3D&box_app_banner_url=boxopendirect%3A%2F%2Ffolder%3Fid%3D0HTTP Parser: No <meta name="copyright".. found
    Source: https://account.box.com/api/oauth2/authorize?response_type=code&client_id=zk9jjoicv7uhmiso37as3ychbzqtkrog&redirect_uri=https%3A%2F%2Fa.box.com%2Fauthorize&state=wORJowtm6mBEyXlowagLof3Ao1l1e1xSR9mXrEXLFaI%3D&box_app_banner_url=boxopendirect%3A%2F%2Ffolder%3Fid%3D0HTTP Parser: No <meta name="copyright".. found
    Source: https://account.box.com/loginHTTP Parser: No <meta name="copyright".. found
    Source: https://account.box.com/loginHTTP Parser: No <meta name="copyright".. found
    Source: pricing[1].htm.2.drString found in binary or memory: <a href="https://www.facebook.com/box" class="icon-facebook">Facebook</a> equals www.facebook.com (Facebook)
    Source: pricing[1].htm.2.drString found in binary or memory: <a href="https://www.youtube.com/user/box" class="icon-youtube">YouTube</a> equals www.youtube.com (Youtube)
    Source: www-widgetapi[1].js.2.drString found in binary or memory: ;function W(a,b,c){this.l=this.f=this.g=null;this.j=Qa(this);this.h=0;this.o=!1;this.m=[];this.i=null;this.v=c;this.G={};c=document;if(a="string"===typeof a?c.getElementById(a):a)if(c="iframe"==a.tagName.toLowerCase(),b.host||(b.host=c?tc(a.src):"https://www.youtube.com"),this.g=new qg(b),c||(b=vi(this,a),this.l=a,(c=a.parentNode)&&c.replaceChild(b,a),a=b),this.f=a,this.f.id||(this.f.id="widget"+Qa(this.f)),kg[this.f.id]=this,window.postMessage){this.i=new O;wi(this);b=R(this.g,"events");for(var d in b)b.hasOwnProperty(d)&& equals www.youtube.com (Youtube)
    Source: pricing[1].htm.2.drString found in binary or memory: <meta property="article:publisher" content="https://www.facebook.com/Box" /> equals www.facebook.com (Facebook)
    Source: js_hqT0myTz74WNt0w3yDKbthwa2XSTRmamJE9oPNbxa0E[1].js.2.drString found in binary or memory: else{var i='src="'+a.href+'"',l='other'};var n=new tingle.modal({cssClass:['tingle-modal--'+l],closeMethods:['overlay','button','escape'],onClose:function(){n.destroy()},});n.setContent('<iframe class="tingle-modal--iframe" width="560" height="315" '+i+' frameborder="0" allow="encrypted-media" allowfullscreen></iframe>');n.open()})},youtubeParser:function(e){var t=/^.*((youtu.be\/)|(v\/)|(\/u\/\w\/)|(embed\/)|(watch\?))\??v?=?([^#\&\?]*).*/,a=e.match(t),o=(a&&a[7].length==11)?a[7]:!1;return'src="https://www.youtube.com/embed/'+o+'?wmode=opaque&amp;autoplay=1&amp;controls=1&amp;showinfo=0&amp;rel=0&amp;loop=0&amp;playsinline=0&amp;keyboard=1&amp;modestbranding=1&amp;iv_load_policy=3&amp;cc_load_policy=1&amp;disablekb=1&amp;enablejsapi=0&amp;autohide=2"'}};e.init()})();; equals www.youtube.com (Youtube)
    Source: iframe_api[1].js.2.drString found in binary or memory: if (!window['YT']) {var YT = {loading: 0,loaded: 0};}if (!window['YTConfig']) {var YTConfig = {'host': 'http://www.youtube.com'};}if (!YT.loading) {YT.loading = 1;(function(){var l = [];YT.ready = function(f) {if (YT.loaded) {f();} else {l.push(f);}};window.onYTReady = function() {YT.loaded = 1;for (var i = 0; i < l.length; i++) {try {l[i]();} catch (e) {}}};YT.setConfig = function(c) {for (var k in c) {if (c.hasOwnProperty(k)) {YTConfig[k] = c[k];}}};var a = document.createElement('script');a.type = 'text/javascript';a.id = 'www-widgetapi-script';a.src = 'https://s.ytimg.com/yts/jsbin/www-widgetapi-vflA2kFvy/www-widgetapi.js';a.async = true;var c = document.currentScript;if (c) {var n = c.nonce || c.getAttribute('nonce');if (n) {a.setAttribute('nonce', n);}}var b = document.getElementsByTagName('script')[0];b.parentNode.insertBefore(a, b);})();} equals www.youtube.com (Youtube)
    Source: unknownDNS traffic detected: queries for: app.box.com
    Source: preview[1].js.2.drString found in binary or memory: http://blog.stevenlevithan.com/archives/parseuri
    Source: login-055bcf7474[1].css.2.drString found in binary or memory: http://cssreset.com
    Source: section_templ_webviews_login_login-I6JDlC[1].js.2.drString found in binary or memory: http://goo.gl/1wAmHx
    Source: section_templ_webviews_login_login-I6JDlC[1].js.2.drString found in binary or memory: http://goo.gl/916lJJ
    Source: section_templ_webviews_login_login-I6JDlC[1].js.2.drString found in binary or memory: http://goo.gl/DT1qyG
    Source: section_templ_webviews_login_login-I6JDlC[1].js.2.drString found in binary or memory: http://goo.gl/EC22Yn
    Source: section_templ_webviews_login_login-I6JDlC[1].js.2.drString found in binary or memory: http://goo.gl/KsIlge
    Source: section_templ_webviews_login_login-I6JDlC[1].js.2.drString found in binary or memory: http://goo.gl/LhFpo0
    Source: section_templ_webviews_login_login-I6JDlC[1].js.2.drString found in binary or memory: http://goo.gl/hPuiwB
    Source: section_templ_webviews_login_login-I6JDlC[1].js.2.drString found in binary or memory: http://goo.gl/hc1DLj
    Source: section_templ_webviews_login_login-I6JDlC[1].js.2.drString found in binary or memory: http://goo.gl/m3OTXk
    Source: section_templ_webviews_login_login-I6JDlC[1].js.2.drString found in binary or memory: http://goo.gl/o84o68
    Source: section_templ_webviews_login_login-I6JDlC[1].js.2.drString found in binary or memory: http://goo.gl/s8MMhc
    Source: section_templ_webviews_login_login-I6JDlC[1].js.2.drString found in binary or memory: http://goo.gl/sdkXL9
    Source: js_hqT0myTz74WNt0w3yDKbthwa2XSTRmamJE9oPNbxa0E[1].js.2.drString found in binary or memory: http://greensock.com
    Source: js_hqT0myTz74WNt0w3yDKbthwa2XSTRmamJE9oPNbxa0E[1].js.2.drString found in binary or memory: http://greensock.com/standard-license
    Source: box-469cf41adb11dc78be68c1ae7f9457a4[1].htm.2.drString found in binary or memory: http://insights-staging.hotjar.com
    Source: pricing[1].htm.2.drString found in binary or memory: http://jscs.info/
    Source: pricing[1].htm.2.drString found in binary or memory: http://kevin.vanzonneveld.net)
    Source: box-469cf41adb11dc78be68c1ae7f9457a4[1].htm.2.drString found in binary or memory: http://local.hotjar.com
    Source: pricing[1].htm.2.drString found in binary or memory: http://phpjs.org/functions/uniqid/
    Source: core.min[1].js.2.drString found in binary or memory: http://rock.mit-license.org
    Source: js_hqT0myTz74WNt0w3yDKbthwa2XSTRmamJE9oPNbxa0E[1].js.2.drString found in binary or memory: http://schema.org/
    Source: js_hqT0myTz74WNt0w3yDKbthwa2XSTRmamJE9oPNbxa0E[1].js.2.drString found in binary or memory: http://scottjehl.github.io/picturefill
    Source: js_hqT0myTz74WNt0w3yDKbthwa2XSTRmamJE9oPNbxa0E[1].js.2.drString found in binary or memory: http://scrollmagic.io
    Source: fbevents.min[1].js.2.dr, login-055bcf7474[1].css.2.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
    Source: preview[1].js.2.drString found in binary or memory: http://www.box.com)
    Source: pricing[1].htm.2.drString found in binary or memory: http://www.webfaktory.info/)
    Source: iframe_api[1].js.2.drString found in binary or memory: http://www.youtube.com
    Source: login-055bcf7474[1].css.2.drString found in binary or memory: http://yuilibrary.com/license/
    Source: ~DF2EDDB1E821FAE436.TMP.1.dr, authorize[1].htm.2.drString found in binary or memory: https://a.box.com/authorize
    Source: {97C089EC-0F95-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://account.bRoot
    Source: {97C089EC-0F95-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://account.box.co
    Source: {97C089EC-0F95-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://account.box.cocqmn5b65sczgarg174p5um6rbd3vnodg
    Source: js_hqT0myTz74WNt0w3yDKbthwa2XSTRmamJE9oPNbxa0E[1].js.2.drString found in binary or memory: https://account.box.com
    Source: authorize[1].htm.2.drString found in binary or memory: https://account.box.com/api/oauth2/authorize?response_type=code&amp;client_id=zk9jjoicv7uhmiso37as3y
    Source: ~DF2EDDB1E821FAE436.TMP.1.drString found in binary or memory: https://account.box.com/api/oauth2/authorize?response_type=code&client_id=zk9jjoicv7uhmiso37as3ychbz
    Source: imagestore.dat.2.drString found in binary or memory: https://account.box.com/favicon.ico
    Source: imagestore.dat.2.drString found in binary or memory: https://account.box.com/favicon.ico~
    Source: ~DF2EDDB1E821FAE436.TMP.1.dr, individual[1].htm.2.drString found in binary or memory: https://account.box.com/login
    Source: ~DF2EDDB1E821FAE436.TMP.1.drString found in binary or memory: https://account.box.com/login?redirect_url=https%3A%2F%2Fapp.box.com%2Fs%2Fcqmn5b65sczgarg174p5um6rb
    Source: ~DF2EDDB1E821FAE436.TMP.1.drString found in binary or memory: https://account.box.com/loginuth2/authorize?response_type=code&client_id=zk9jjoicv7uhmiso37as3ychbzq
    Source: pricing[1].htm.2.dr, individual[1].htm.2.drString found in binary or memory: https://account.box.com/signup/enterprise-plan
    Source: pricing[1].htm.2.dr, individual[1].htm.2.drString found in binary or memory: https://account.box.com/signup/enterprise-plan/buynow
    Source: pricing[1].htm.2.dr, individual[1].htm.2.drString found in binary or memory: https://account.box.com/signup/n/business
    Source: pricing[1].htm.2.dr, individual[1].htm.2.drString found in binary or memory: https://account.box.com/signup/n/business/buynow
    Source: pricing[1].htm.2.drString found in binary or memory: https://account.box.com/signup/n/business?toggle=1#eg3o5
    Source: pricing[1].htm.2.dr, individual[1].htm.2.drString found in binary or memory: https://account.box.com/signup/n/businessplus
    Source: pricing[1].htm.2.dr, individual[1].htm.2.drString found in binary or memory: https://account.box.com/signup/n/businessplus/buynow
    Source: pricing[1].htm.2.dr, individual[1].htm.2.drString found in binary or memory: https://account.box.com/signup/n/personal
    Source: pricing[1].htm.2.dr, individual[1].htm.2.drString found in binary or memory: https://account.box.com/signup/n/propersonal
    Source: pricing[1].htm.2.dr, individual[1].htm.2.drString found in binary or memory: https://account.box.com/signup/n/starter
    Source: pricing[1].htm.2.dr, individual[1].htm.2.drString found in binary or memory: https://account.box.com/signup/n/starter/buynow
    Source: authorize[1].htm.2.drString found in binary or memory: https://account.box.com/webviews/password_reset/sync
    Source: authorize[1].htm.2.drString found in binary or memory: https://account.box.com/webviews/signup/sync
    Source: {97C089EC-0F95-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://app.box.c-gb/pricingdualRoot
    Source: {97C089EC-0F95-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://app.box.c4ba3ca237e327ff017.svc.dynamics.om/en-gb/pricing.Plans
    Source: {97C089EC-0F95-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://app.box.cRoot
    Source: {97C089EC-0F95-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://app.box.cicing/individualRoot
    Source: {97C089EC-0F95-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://app.box.cm/api/oauth2/authorize?response_type=code&client_id=zk9jjoicv7uhmiso37as3ychbzqtkro
    Source: {97C089EC-0F95-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://app.box.cm/login?redirect_url=https%3A%2Fom/en-gb/pricing.Plans
    Source: {97C089EC-0F95-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://app.box.cm/loginuth2/authorize?response_type=code&client_id=zk9jjoicv7uhmiso37as3ychbzqtkrog
    Source: js_hqT0myTz74WNt0w3yDKbthwa2XSTRmamJE9oPNbxa0E[1].js.2.drString found in binary or memory: https://app.box.com
    Source: {97C089EC-0F95-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://app.box.com/en-gb/pricing.Plans
    Source: {97C089EC-0F95-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://app.box.com/pricing/individual
    Source: {97C089EC-0F95-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://app.box.com/s/cqmn5b65sczgarg174p5Root
    Source: ~DF2EDDB1E821FAE436.TMP.1.drString found in binary or memory: https://app.box.com/s/cqmn5b65sczgarg174p5um6rbd3vnodg
    Source: {97C089EC-0F95-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://app.box.com/s/cqmn5b65sczgarg174p5um6rbd3vnodgRoot
    Source: {97C089EC-0F95-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://app.box.com/s/cqmn5b65sczgarg174p5um6rbd3vnodgcqmn5b65sczgarg174p5um6rbd3vnodgRoot
    Source: ~DF2EDDB1E821FAE436.TMP.1.drString found in binary or memory: https://app.box.com/s/cqmn5b65sczgarg174p5um6rbd3vnodgtTerry-Reis-47577375366364B57374GDB465.pdf
    Source: {97C089EC-0F95-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://app.box.cum6rbd3vnodg
    Source: launch-5f423943e551.min[1].js.2.drString found in binary or memory: https://assets.adobedtm.com/6055abd7bbba/d4daa566f179/launch-5f423943e551.js
    Source: AppMeasurement.min[1].js.2.drString found in binary or memory: https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.js
    Source: AppMeasurement_Module_ActivityMap.min[1].js.2.drString found in binary or memory: https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement_Module_Acti
    Source: pricing[1].htm.2.dr, individual[1].htm.2.drString found in binary or memory: https://blog.box.com
    Source: pricing[1].htm.2.dr, individual[1].htm.2.drString found in binary or memory: https://blog.box.com/
    Source: pricing[1].htm.2.drString found in binary or memory: https://box.com/apps
    Source: individual[1].htm.2.drString found in binary or memory: https://box.csod.com/client/box/default.aspx
    Source: ~DF2EDDB1E821FAE436.TMP.1.drString found in binary or memory: https://box.demdex.net/dest5.html?d_nsid=0
    Source: ~DF2EDDB1E821FAE436.TMP.1.drString found in binary or memory: https://box.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fwww.box.com
    Source: pricing[1].htm.2.drString found in binary or memory: https://boxinc.tt.omtrdc.net
    Source: js_hqT0myTz74WNt0w3yDKbthwa2XSTRmamJE9oPNbxa0E[1].js.2.drString found in binary or memory: https://boxinc.tt.omtrdc.net/rest/v1/delivery?client=boxinc&sessionId=1234567890&version=2.2.0
    Source: individual[1].htm.2.drString found in binary or memory: https://careers.box.com/
    Source: authorize[1].htm.2.drString found in binary or memory: https://cdn01.boxcdn.net/_assets/css/section_templ_webviews_login_login-qLN069.css
    Source: authorize[1].htm.2.drString found in binary or memory: https://cdn01.boxcdn.net/_assets/css/webviews/webviews_image_ios-_ORMpz.css
    Source: login[1].htm.2.drString found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/android-chrome-192x192-96i97M.png
    Source: login[1].htm.2.drString found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-114x114-busq-D.png
    Source: login[1].htm.2.drString found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-120x120-K-u4U5.png
    Source: login[1].htm.2.drString found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-144x144-va9pYs.png
    Source: login[1].htm.2.drString found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-152x152-r5tWgh.png
    Source: login[1].htm.2.drString found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-180x180-tV001c.png
    Source: login[1].htm.2.dr, cqmn5b65sczgarg174p5um6rbd3vnodg[1].htm.2.drString found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-57x57-fLlEpj.png
    Source: login[1].htm.2.drString found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-60x60-Uv0qzu.png
    Source: login[1].htm.2.drString found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-72x72-7aVqne.png
    Source: login[1].htm.2.drString found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-76x76-ZVGnRV.png
    Source: login[1].htm.2.drString found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/browserconfig-fdBReK.xml
    Source: login[1].htm.2.dr, cqmn5b65sczgarg174p5um6rbd3vnodg[1].htm.2.drString found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/favicon-16x16-_kQSW4.png
    Source: login[1].htm.2.dr, imagestore.dat.2.dr, ~DF2EDDB1E821FAE436.TMP.1.dr, cqmn5b65sczgarg174p5um6rbd3vnodg[1].htm.2.drString found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/favicon-32x32-VwW37b.png
    Source: login[1].htm.2.dr, cqmn5b65sczgarg174p5um6rbd3vnodg[1].htm.2.drString found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/favicon-96x96-XU7UE1.png
    Source: login[1].htm.2.dr, cqmn5b65sczgarg174p5um6rbd3vnodg[1].htm.2.drString found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/favicon-yz-tj-.ico
    Source: login[1].htm.2.drString found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/manifest-rw1AEP.json
    Source: login[1].htm.2.drString found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/mstile-144x144-pllCM8.png
    Source: cqmn5b65sczgarg174p5um6rbd3vnodg[1].htm.2.drString found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-16x16-Ou5N87.png
    Source: cqmn5b65sczgarg174p5um6rbd3vnodg[1].htm.2.drString found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-32x32-brwW_W.png
    Source: cqmn5b65sczgarg174p5um6rbd3vnodg[1].htm.2.drString found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-96x96-TOQ9Kg.png
    Source: cqmn5b65sczgarg174p5um6rbd3vnodg[1].htm.2.drString found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-EHWWyP.ico
    Source: login[1].htm.2.drString found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/safari-pinned-tab-jyt2W4.svg
    Source: authorize[1].htm.2.drString found in binary or memory: https://cdn01.boxcdn.net/_assets/js/section_templ_webviews_login_login-I6JDlC.js
    Source: cqmn5b65sczgarg174p5um6rbd3vnodg[1].htm.2.drString found in binary or memory: https://cdn01.boxcdn.net/enduser/app.9ec748f0eb.css
    Source: messagecenter~preview-components~uploads-manager-enduser.41dd95b697[1].css.2.drString found in binary or memory: https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Bold.woff)
    Source: messagecenter~preview-components~uploads-manager-enduser.41dd95b697[1].css.2.drString found in binary or memory: https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Bold.woff2)
    Source: messagecenter~preview-components~uploads-manager-enduser.41dd95b697[1].css.2.drString found in binary or memory: https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Regular.woff)
    Source: messagecenter~preview-components~uploads-manager-enduser.41dd95b697[1].css.2.drString found in binary or memory: https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Regular.woff2)
    Source: cqmn5b65sczgarg174p5um6rbd3vnodg[1].htm.2.drString found in binary or memory: https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-woff.css
    Source: login[1].htm.2.dr, login[1].htm0.2.drString found in binary or memory: https://cdn01.boxcdn.net/webapp_assets/login/css/login-055bcf7474.css
    Source: login[1].htm.2.drString found in binary or memory: https://cdn01.boxcdn.net/webapp_assets/login/js/login-bae14bec79.min.js
    Source: pricing[1].htm.2.drString found in binary or memory: https://cdn03.boxcdn.net/sites/default/files/box_default_og_sharing_image/box-social.jpg
    Source: login[1].htm.2.dr, login[1].htm0.2.drString found in binary or memory: https://community.box.com
    Source: pricing[1].htm.2.dr, individual[1].htm.2.drString found in binary or memory: https://community.box.com/t5/Box-Community/ct-p/English
    Source: pricing[1].htm.2.dr, individual[1].htm.2.drString found in binary or memory: https://community.box.com/t5/Contact-Support/ct-p/BoxSupport
    Source: ~DF2EDDB1E821FAE436.TMP.1.dr, ~DF57430FFC4F5D3BDC.TMP.1.dr, {A5CEE9E8-0F95-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://da16ec2ff40a4c4ba3ca237e327ff017.svc.dynamics.com/t/r/TybQ7GAbaOvORHkAY1u60nu0n0tsPF3lSpJseu
    Source: pricing[1].htm.2.dr, individual[1].htm.2.drString found in binary or memory: https://developer.box.com/
    Source: pricing[1].htm.2.dr, individual[1].htm.2.drString found in binary or memory: https://developers.box.com
    Source: www-widgetapi[1].js.2.drString found in binary or memory: https://developers.google.com/youtube/iframe_api_reference#Events
    Source: munchkin[1].js0.2.drString found in binary or memory: https://developers.marketo.com/?p=7696
    Source: munchkin[1].js.2.drString found in binary or memory: https://developers.marketo.com/MunchkinLicense.pdf
    Source: preview[1].js.2.drString found in binary or memory: https://feross.org
    Source: pricing[1].htm.2.drString found in binary or memory: https://fonts.googleapis.com/css?family=Lato:400
    Source: kzv6h8omy5hb61viiapbz80x[1].htm.8.drString found in binary or memory: https://fonts.googleapis.com/css?family=Open
    Source: pricing[1].htm.2.drString found in binary or memory: https://fonts.gstatic.com
    Source: css[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/lato/v17/S6u8w4BMUTPHjxsAXC-s.woff)
    Source: css[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwiPHw.woff)
    Source: css[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/lato/v17/S6u_w4BMUTPHjxsI5wq_Gwfr.woff)
    Source: css[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wWA.woff)
    Source: css[1].css.8.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhv.woff)
    Source: preview[1].js.2.drString found in binary or memory: https://github.com/derek-watson/jsUri
    Source: js_hqT0myTz74WNt0w3yDKbthwa2XSTRmamJE9oPNbxa0E[1].js.2.drString found in binary or memory: https://github.com/hgoebl/mobile-detect.js
    Source: js_hqT0myTz74WNt0w3yDKbthwa2XSTRmamJE9oPNbxa0E[1].js.2.drString found in binary or memory: https://github.com/mariocasciaro/object-path
    Source: js_hqT0myTz74WNt0w3yDKbthwa2XSTRmamJE9oPNbxa0E[1].js.2.drString found in binary or memory: https://github.com/scottjehl/picturefill/blob/master/Authors.txt;
    Source: pricing[1].htm.2.drString found in binary or memory: https://github.com/void--/googlefonts-font-display-helper/blob/master/src/script.js
    Source: js_hqT0myTz74WNt0w3yDKbthwa2XSTRmamJE9oPNbxa0E[1].js.2.drString found in binary or memory: https://github.com/willmcpo/body-scroll-lock
    Source: core.min[1].js.2.drString found in binary or memory: https://github.com/zloirock/core-js
    Source: individual[1].htm.2.drString found in binary or memory: https://go.box.com/preferences.html
    Source: pricing[1].htm.2.drString found in binary or memory: https://go.box.com/subscription.html
    Source: ~DF2EDDB1E821FAE436.TMP.1.drString found in binary or memory: https://insight.adsrvr.org/track/up?adv=h1lut3x&ref=https%3A%2F%2Fwww.box.com%2Fen-gb%2Fpricing&upid
    Source: box-469cf41adb11dc78be68c1ae7f9457a4[1].htm.2.drString found in binary or memory: https://insights-staging.hotjar.com
    Source: ~DF2EDDB1E821FAE436.TMP.1.drString found in binary or memory: https://js.driftt.com/core/chat
    Source: ~DF2EDDB1E821FAE436.TMP.1.drString found in binary or memory: https://js.driftt.com/core?embedId=946w7pnwpuzi&forceShow=false&skipCampaigns=false&sessionId=f622af
    Source: 1.f80bd615.chunk[1].css.2.drString found in binary or memory: https://js.driftt.com/deploy/assets/static/fonts/BrandonText-Black.woff)
    Source: 1.f80bd615.chunk[1].css.2.drString found in binary or memory: https://js.driftt.com/deploy/assets/static/fonts/BrandonText-BlackItalic.woff)
    Source: 1.f80bd615.chunk[1].css.2.drString found in binary or memory: https://js.driftt.com/deploy/assets/static/fonts/BrandonText-Bold.woff)
    Source: 1.f80bd615.chunk[1].css.2.drString found in binary or memory: https://js.driftt.com/deploy/assets/static/fonts/BrandonText-BoldItalic.woff)
    Source: 1.f80bd615.chunk[1].css.2.drString found in binary or memory: https://js.driftt.com/deploy/assets/static/fonts/BrandonText-Light.woff)
    Source: 1.f80bd615.chunk[1].css.2.drString found in binary or memory: https://js.driftt.com/deploy/assets/static/fonts/BrandonText-LightItalic.woff)
    Source: 1.f80bd615.chunk[1].css.2.drString found in binary or memory: https://js.driftt.com/deploy/assets/static/fonts/BrandonText-Medium.woff)
    Source: 1.f80bd615.chunk[1].css.2.drString found in binary or memory: https://js.driftt.com/deploy/assets/static/fonts/BrandonText-MediumItalic.woff)
    Source: 1.f80bd615.chunk[1].css.2.drString found in binary or memory: https://js.driftt.com/deploy/assets/static/fonts/BrandonText-Regular.woff)
    Source: 1.f80bd615.chunk[1].css.2.drString found in binary or memory: https://js.driftt.com/deploy/assets/static/fonts/BrandonText-RegularItalic.woff)
    Source: 1.f80bd615.chunk[1].css.2.drString found in binary or memory: https://js.driftt.com/deploy/assets/static/fonts/BrandonText-Thin.woff)
    Source: 1.f80bd615.chunk[1].css.2.drString found in binary or memory: https://js.driftt.com/deploy/assets/static/fonts/Text-ThinItalic.woff)
    Source: js_hqT0myTz74WNt0w3yDKbthwa2XSTRmamJE9oPNbxa0E[1].js.2.drString found in binary or memory: https://js.driftt.com/include/
    Source: box-469cf41adb11dc78be68c1ae7f9457a4[1].htm.2.drString found in binary or memory: https://local.hotjar.com
    Source: iframe_api[1].js.2.drString found in binary or memory: https://s.ytimg.com/yts/jsbin/www-widgetapi-vflA2kFvy/www-widgetapi.js
    Source: hotjar-852435[1].js.2.drString found in binary or memory: https://script.hotjar.com/
    Source: js_hqT0myTz74WNt0w3yDKbthwa2XSTRmamJE9oPNbxa0E[1].js.2.drString found in binary or memory: https://scripts.demandbase.com/development/lJdrm4D0.js
    Source: js_hqT0myTz74WNt0w3yDKbthwa2XSTRmamJE9oPNbxa0E[1].js.2.drString found in binary or memory: https://scripts.demandbase.com/lJdrm4D0.min.js
    Source: preview[1].js.2.drString found in binary or memory: https://support.box.com
    Source: pricing[1].htm.2.dr, individual[1].htm.2.drString found in binary or memory: https://support.box.com/hc/en-us
    Source: individual[1].htm.2.drString found in binary or memory: https://support.box.com/hc/en-us/community/topics
    Source: {A5CEE9E8-0F95-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://tedsgn.ml/eevp4ba3ca237e327ff017.svc.dynamics.com/t/r/TybQ7GAbaOvORHkAY1u60nu0n0tsPF3lSpJseu
    Source: eevps[1].htm.8.drString found in binary or memory: https://tedsgn.ml/eevps/
    Source: ~DF57430FFC4F5D3BDC.TMP.1.drString found in binary or memory: https://tedsgn.ml/eevps/kzv6h8omy5hb61viiapbz80x.php?rand=13InboxLightaspxn.1774256418&fid&125289964
    Source: pricing[1].htm.2.drString found in binary or memory: https://twitter.com/box
    Source: ~DF2EDDB1E821FAE436.TMP.1.drString found in binary or memory: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
    Source: {97C089EC-0F95-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://www.box.c
    Source: login[1].htm.2.dr, login[1].htm0.2.drString found in binary or memory: https://www.box.com/blog
    Source: pricing[1].htm.2.drString found in binary or memory: https://www.box.com/de-de/pricing
    Source: {97C089EC-0F95-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://www.box.com/en
    Source: pricing[1].htm.2.drString found in binary or memory: https://www.box.com/en-au/pricing
    Source: pricing[1].htm.2.drString found in binary or memory: https://www.box.com/en-ca/pricing
    Source: ~DF2EDDB1E821FAE436.TMP.1.drString found in binary or memory: https://www.box.com/en-gb/pricing
    Source: ~DF2EDDB1E821FAE436.TMP.1.drString found in binary or memory: https://www.box.com/en-gb/pricing.Plans
    Source: ~DF2EDDB1E821FAE436.TMP.1.drString found in binary or memory: https://www.box.com/en-gb/pricingdual
    Source: pricing[1].htm.2.drString found in binary or memory: https://www.box.com/en-in/pricing
    Source: pricing[1].htm.2.drString found in binary or memory: https://www.box.com/en-nl/pricing
    Source: pricing[1].htm.2.drString found in binary or memory: https://www.box.com/en-se/pricing
    Source: pricing[1].htm.2.drString found in binary or memory: https://www.box.com/es-419/pricing
    Source: pricing[1].htm.2.drString found in binary or memory: https://www.box.com/fr-fr/pricing
    Source: login[1].htm.2.dr, login[1].htm0.2.drString found in binary or memory: https://www.box.com/home
    Source: pricing[1].htm.2.drString found in binary or memory: https://www.box.com/it-it/pricing
    Source: pricing[1].htm.2.drString found in binary or memory: https://www.box.com/ja-jp/pricing
    Source: pricing[1].htm.2.drString found in binary or memory: https://www.box.com/ko-kr/pricing
    Source: {97C089EC-0F95-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://www.box.com/pr
    Source: login[1].htm.2.dr, pricing[1].htm.2.dr, individual[1].htm.2.drString found in binary or memory: https://www.box.com/pricing
    Source: personal[1].htm.2.dr, individual[1].htm.2.drString found in binary or memory: https://www.box.com/pricing/individual
    Source: ~DF2EDDB1E821FAE436.TMP.1.drString found in binary or memory: https://www.box.com/pricing/individualrize?response_type=code&client_id=zk9jjoicv7uhmiso37as3ychbzqt
    Source: imagestore.dat.2.drString found in binary or memory: https://www.box.com/themes/custom/box/favicons/favicon-32x32.png?qi9mtb
    Source: js_hqT0myTz74WNt0w3yDKbthwa2XSTRmamJE9oPNbxa0E[1].js.2.drString found in binary or memory: https://www.box.com/themes/custom/box/logo.svg
    Source: pricing[1].htm.2.dr, individual[1].htm.2.drString found in binary or memory: https://www.box.org/
    Source: pricing[1].htm.2.dr, individual[1].htm.2.drString found in binary or memory: https://www.boxinvestorrelations.com/home/default.aspx
    Source: box-469cf41adb11dc78be68c1ae7f9457a4[1].htm.2.drString found in binary or memory: https://www.hotjar.com
    Source: modules.0734134ae79697970353[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com
    Source: modules.0734134ae79697970353[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/de.html
    Source: modules.0734134ae79697970353[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/el.html
    Source: modules.0734134ae79697970353[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/es.html
    Source: modules.0734134ae79697970353[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/fi.html
    Source: modules.0734134ae79697970353[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/fr.html
    Source: modules.0734134ae79697970353[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/it.html
    Source: modules.0734134ae79697970353[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/nl.html
    Source: modules.0734134ae79697970353[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/pl.html
    Source: modules.0734134ae79697970353[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/pt.html
    Source: modules.0734134ae79697970353[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/pt_br.html
    Source: modules.0734134ae79697970353[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/ru.html
    Source: modules.0734134ae79697970353[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/sq.html
    Source: modules.0734134ae79697970353[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/sv.html
    Source: modules.0734134ae79697970353[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/zh.html
    Source: www-widgetapi[1].js.2.drString found in binary or memory: https://www.youtube.com
    Source: js_hqT0myTz74WNt0w3yDKbthwa2XSTRmamJE9oPNbxa0E[1].js.2.drString found in binary or memory: https://www.youtube.com/embed/
    Source: pricing[1].htm.2.drString found in binary or memory: https://www.youtube.com/user/box
    Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
    Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
    Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
    Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
    Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
    Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
    Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
    Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
    Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
    Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
    Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
    Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
    Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
    Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
    Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
    Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
    Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
    Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
    Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
    Source: classification engineClassification label: mal60.phis.win@5/191@57/32
    Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\HighJump to behavior
    Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DF05711007C68FA742.TMPJump to behavior
    Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
    Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
    Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6820 CREDAT:17410 /prefetch:2
    Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6820 CREDAT:17418 /prefetch:2
    Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6820 CREDAT:17410 /prefetch:2Jump to behavior
    Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6820 CREDAT:17418 /prefetch:2Jump to behavior
    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Windows\SysWOW64\Macromed\Flash\ss.cfgJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection1Masquerading1OS Credential DumpingFile and Directory Discovery1Remote Services<